[Git][security-tracker-team/security-tracker][master] Add new PHP issues (fixed in 7.3.3, 7.2.16 and 7.1.27) with needed CVE
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 8 13:35:09 GMT 2019
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
d8e26a87 by Salvatore Bonaccorso at 2019-03-08T13:34:27Z
Add new PHP issues (fixed in 7.3.3, 7.2.16 and 7.1.27) with needed CVE
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,51 @@
+CVE-2019-XXXX [rename() across the device may allow unwanted access during processing]
+ - php7.3 7.3.3-1
+ - php7.0 <removed>
+ - php5 <removed>
+ NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77630
+CVE-2019-XXXX [Uninitialized read in exif_process_IFD_in_TIFF]
+ - php7.3 7.3.3-1
+ - php7.0 <removed>
+ - php5 <removed>
+ NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77509
+CVE-2019-XXXX [Invalid Read on exif_process_SOFn]
+ - php7.3 7.3.3-1
+ - php7.0 <removed>
+ - php5 <removed>
+ NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77540
+CVE-2019-XXXX [Uninitialized read in exif_process_IFD_in_MAKERNOTE / 77563]
+ - php7.3 7.3.3-1
+ - php7.0 <removed>
+ - php5 <removed>
+ NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77563
+CVE-2019-XXXX [Uninitialized read in exif_process_IFD_in_MAKERNOTE / 77659]
+ - php7.3 7.3.3-1
+ - php7.0 <removed>
+ - php5 <removed>
+ NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77659
+CVE-2019-XXXX [Null Pointer Dereference in phar_create_or_parse_filename]
+ - php7.3 7.3.3-1
+ - php7.0 <removed>
+ - php5 <removed>
+ NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77396
+CVE-2019-XXXX [phar_tar_writeheaders_int() buffer overflow]
+ - php7.3 7.3.3-1
+ - php7.0 <removed>
+ - php5 <removed>
+ NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77586
+CVE-2019-XXXX [openFile() silently truncates after a null byte]
+ - php7.3 7.3.3-1
+ - php7.0 <removed>
+ - php5 <removed>
+ NOTE: Fixed in 7.1.27, 7.2.16, 7.3.3
+ NOTE: PHP Bug: https://bugs.php.net/bug.php?id=77431
CVE-2019-9633 (gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent ...)
TODO: check
CVE-2019-9632 (ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8e26a879e728f668a2a02a68622fc34f36207b7
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/d8e26a879e728f668a2a02a68622fc34f36207b7
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190308/505383cf/attachment.html>
More information about the debian-security-tracker-commits
mailing list