[Git][security-tracker-team/security-tracker][master] Add php7.3 source package as well for CVE-2017-7272

Sat Jul 13 23:21:21 BST 2019


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2427d44c by Salvatore Bonaccorso at 2019-07-13T22:19:40Z
Add php7.3 source package as well for CVE-2017-7272

It is very unlikely that something will happend for CVE-2017-7272 and
the related CVE-2017-7189 as the priginal proposed fix which went into
upstream releases was shortly after again reverted as too many real
world applications got broken.

Another approach so far did not arise.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -121135,6 +121135,8 @@ CVE-2017-7273 (The cp_report_fixup function in drivers/hid/hid-cypress.c in the
 	NOTE: Fixed by: https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110
 CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that accept  ...)
 	{DLA-875-1}
+	- php7.3 <unfixed>
+	[buster] - php7.3 <ignored> (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified)
 	- php7.1 <removed>
 	- php7.0 <removed>
 	[stretch] - php7.0 <ignored> (Upstream patch breaks existing applications, revisit if a new approach has been identified)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2427d44cf05f40af7697879d12394c106543d63f

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/2427d44cf05f40af7697879d12394c106543d63f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190713/a691d3ab/attachment.html>
