[Git][security-tracker-team/security-tracker][master] Reference bugs.php.net URLs with HTTPS transport

Salvatore Bonaccorso carnil at debian.org
Sun Aug 23 18:41:10 BST 2020



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d2d4e77d by Salvatore Bonaccorso at 2020-08-23T19:40:36+02:00
Reference bugs.php.net URLs with HTTPS transport

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -41251,7 +41251,7 @@ CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28
-	NOTE: PHP Bug: http://bugs.php.net/79082
+	NOTE: PHP Bug: https://bugs.php.net/79082
 CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...)
 	{DSA-4719-1 DSA-4717-1 DLA-2160-1}
 	- php7.4 7.4.3-1
@@ -41259,14 +41259,14 @@ CVE-2020-7062 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.3, 7.3.15, 7.2.28
-	NOTE: PHP Bug: http://bugs.php.net/79221
+	NOTE: PHP Bug: https://bugs.php.net/79221
 CVE-2020-7061 (In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extrac ...)
 	- php7.4 <not-affected> (Windows specific issue)
 	- php7.3 <not-affected> (Windows specific issue)
 	- php7.0 <not-affected> (Windows specific issue)
 	- php5 <not-affected> (Windows specific issue)
 	NOTE: Fixed in PHP 7.4.3, 7.3.15
-	NOTE: PHP Bug: http://bugs.php.net/79171
+	NOTE: PHP Bug: https://bugs.php.net/79171
 CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodings,  ...)
 	{DSA-4628-1 DSA-4626-1 DLA-2124-1}
 	- php7.4 7.4.2-7
@@ -41274,7 +41274,7 @@ CVE-2020-7060 (When using certain mbstring functions to convert multibyte encodi
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.2, 7.3.14, 7.2.27
-	NOTE: PHP Bug: http://bugs.php.net/79037
+	NOTE: PHP Bug: https://bugs.php.net/79037
 CVE-2020-7059 (When using fgetss() function to read data with stripping tags, in PHP  ...)
 	{DSA-4628-1 DSA-4626-1 DLA-2124-1}
 	- php7.4 7.4.2-7
@@ -84876,13 +84876,13 @@ CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an imag
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
-	NOTE: PHP Bug: http://bugs.php.net/78793
+	NOTE: PHP Bug: https://bugs.php.net/78793
 CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ...)
 	- php7.3 <not-affected> (Windows specific issue)
 	- php7.0 <not-affected> (Windows specific issue)
 	- php5 <not-affected> (Windows specific issue)
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
-	NOTE: PHP Bug: http://bugs.php.net/78943
+	NOTE: PHP Bug: https://bugs.php.net/78943
 CVE-2019-11048 (In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below ...)
 	{DSA-4719-1 DSA-4717-1 DLA-2261-1}
 	- php7.4 7.4.9-1
@@ -84904,14 +84904,14 @@ CVE-2019-11047 (When PHP EXIF extension is parsing EXIF information from an imag
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
-	NOTE: PHP Bug: http://bugs.php.net/78910
+	NOTE: PHP Bug: https://bugs.php.net/78910
 CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP  ...)
 	{DSA-4628-1 DSA-4626-1 DLA-2050-1}
 	- php7.3 7.3.15-1
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
-	NOTE: PHP Bug: http://bugs.php.net/78878
+	NOTE: PHP Bug: https://bugs.php.net/78878
 	NOTE: https://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
 CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP  ...)
 	{DSA-4628-1 DSA-4626-1 DLA-2050-1}
@@ -84919,14 +84919,14 @@ CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0
 	- php7.0 <removed>
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
-	NOTE: PHP Bug: http://bugs.php.net/78863
+	NOTE: PHP Bug: https://bugs.php.net/78863
 	NOTE: https://git.php.net/?p=php-src.git;a=patch;h=d74907b8575e6edb83b728c2a94df434c23e1f79
 CVE-2019-11044 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Wi ...)
 	- php7.3 <not-affected> (Windows specific issue)
 	- php7.0 <not-affected> (Windows specific issue)
 	- php5 <not-affected> (Windows specific issue)
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
-	NOTE: PHP Bug: http://bugs.php.net/78862
+	NOTE: PHP Bug: https://bugs.php.net/78862
 CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below ...)
 	{DSA-4553-1 DSA-4552-1 DLA-1970-1}
 	- php7.3 7.3.11-1~deb10u1 (bug #943468; bug #943764)
@@ -206969,35 +206969,35 @@ CVE-2017-5527 (TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6
 CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x befo ...)
 	- php7.1 7.1.1-1
 	- php7.0 7.0.15-1
-	NOTE: PHP Bug: http://bugs.php.net/73831
+	NOTE: PHP Bug: https://bugs.php.net/73831
 	NOTE: Fixed in 7.0.15, 7.1.1
 CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c in PHP  ...)
 	{DSA-3783-1 DLA-818-1}
 	- php7.1 7.1.1-1
 	- php7.0 7.0.15-1
 	- php5 <removed>
-	NOTE: PHP Bug: http://bugs.php.net/73825
+	NOTE: PHP Bug: https://bugs.php.net/73825
 	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
 CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in ext/phar/phar. ...)
 	{DSA-3783-1 DLA-818-1}
 	- php7.1 7.1.1-1
 	- php7.0 7.0.15-1
 	- php5 <removed>
-	NOTE: PHP Bug: http://bugs.php.net/73768
+	NOTE: PHP Bug: https://bugs.php.net/73768
 	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
 CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in ext/phar/phar. ...)
 	{DSA-3783-1 DLA-818-1}
 	- php7.1 7.1.1-1
 	- php7.0 7.0.15-1
 	- php5 <removed>
-	NOTE: PHP Bug: http://bugs.php.net/73764
+	NOTE: PHP Bug: https://bugs.php.net/73764
 	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
 CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP before  ...)
 	{DSA-3783-1 DLA-818-1}
 	- php7.1 7.1.1-1
 	- php7.0 7.0.15-1
 	- php5 <removed>
-	NOTE: PHP Bug: http://bugs.php.net/73737
+	NOTE: PHP Bug: https://bugs.php.net/73737
 	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
 CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to  ...)
 	NOT-FOR-US: Akamai NetSession
@@ -293811,7 +293811,7 @@ CVE-2014-3480 (The cdf_count_chain function in cdf.c in file before 5.19, as use
 	NOTE: https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
 	- php5 5.6.0~rc1+dfsg-1
 	[squeeze] - php5 5.3.3-7+squeeze21
-	NOTE: http://bugs.php.net/bug.php?id=67412
+	NOTE: https://bugs.php.net/bug.php?id=67412
 CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before 5.19, as  ...)
 	{DSA-3021-1 DSA-2974-1 DLA-27-1}
 	- file 1:5.19-1
@@ -293827,7 +293827,7 @@ CVE-2014-3478 (Buffer overflow in the mconvert function in softmagic.c in file b
 	NOTE: https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
 	- php5 5.6.0~rc1+dfsg-1
 	[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
-	NOTE: http://bugs.php.net/bug.php?id=67410
+	NOTE: https://bugs.php.net/bug.php?id=67410
 CVE-2014-3477 (The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and ...)
 	{DSA-2971-1 DLA-87-1}
 	- dbus 1.8.4-1 (low)
@@ -399564,7 +399564,7 @@ CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function i
 CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms co ...)
 	NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the patch
 	NOTE: from CVS and later re-introduction
-	NOTE: http://bugs.php.net/bug.php?id=41561
+	NOTE: https://bugs.php.net/bug.php?id=41561
 CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...)
 	{DSA-1444-1}
 	- php5 5.2.5-1 (bug #453295)
@@ -439852,7 +439852,7 @@ CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissi
 CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting CI ...)
 	NOT-FOR-US: Iomega hardware issue
 CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ...)
-	NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a
+	NOTE: According to https://bugs.php.net/bug.php?id=19881 this only affects a
 	NOTE: php function that displays the PHP logo and version information. In the bug
 	NOTE: log the developers seem unwilling to fix this, as it only affects a debug
 	NOTE: function.
@@ -445164,7 +445164,7 @@ CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Applicatio
 CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...)
 	NOT-FOR-US: Cisco
 CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon cra ...)
-	NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037
+	NOTE: Fixed in CVS after 4.3.4 release; see https://bugs.php.net/bug.php?id=27037
 	- php4 4:4.3.8-1
 CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to  ...)
 	NOT-FOR-US: BadBlue



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2d4e77d4a471c6342d9ea341ae3c173096487f4

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d2d4e77d4a471c6342d9ea341ae3c173096487f4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200823/0fa90884/attachment.html>


More information about the debian-security-tracker-commits mailing list