[Git][security-tracker-team/security-tracker][master] Mark CVE-2017-7189/php5 ignore in Jessie

Brian May bam at debian.org
Tue Jul 30 08:35:10 BST 2019 


Brian May pushed to branch master at Debian Security Tracker / security-tracker


Commits:
52d782f4 by Brian May at 2019-07-30T07:26:49Z
Mark CVE-2017-7189/php5 ignore in Jessie

This security issue occurs because php ignores invalid trailing data in
the URL.  However it is not possible to fix this because some
applications rely on the (broken) behaviour and will break if the API is
fixed.

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -124644,6 +124644,7 @@ CVE-2017-7189 (main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses f
 	- php7.0 <removed>
 	[stretch] - php7.0 <ignored> (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified)
 	- php5 <removed>
+	[jessie] - php5 <ignored> (Upstream patch breaks existing applications, was reverted again, revisit if a new approach has been identified)
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74192
 	NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
 	NOTE: The commit was later on reverted again because of breaking some features.


=====================================
data/dla-needed.txt
=====================================
@@ -79,8 +79,6 @@ openjdk-7 (Markus Koschany)
 --
 otrs2 (Abhijith PA)
 --
-php5
---
 proftpd-dfsg (Markus Koschany)
 --
 python2.7 (Thorsten Alteholz)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d782f499f0eaaa6c085809b3ecd502a53871c2

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/52d782f499f0eaaa6c085809b3ecd502a53871c2
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190730/fbb99daf/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list