[Git][security-tracker-team/security-tracker][master] Remove Windows-specific CVE-2019-11049 from DSA/list and additional refs

Tue Feb 18 21:52:11 GMT 2020


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
5cbf19f9 by Moritz Muehlenhoff at 2020-02-18T22:50:48+01:00
Remove Windows-specific CVE-2019-11049 from DSA/list and additional refs

This was included in the update to 7.3.14 by means of the new upstream
release, but listing it in the issues fixed in the DSA is misleading,
so remove it and rewrite the entire entry as <not-affected>

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -47032,11 +47032,9 @@ CVE-2019-11050 (When PHP EXIF extension is parsing EXIF information from an imag
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
 	NOTE: PHP Bug: http://bugs.php.net/78793
 CVE-2019-11049 (In PHP versions 7.3.x below 7.3.13 and 7.4.0 on Windows, when supplyin ...)
-	{DSA-4626-1}
-	- php7.3 <unfixed>
-	- php7.0 <removed>
-	- php5 <removed>
-	[jessie] - php5 <not-affected> (Vulnerable code introduced later)
+	- php7.3 <not-affected> (Windows specific issue)
+	- php7.0 <not-affected> (Windows specific issue)
+	- php5 <not-affected> (Windows specific issue)
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
 	NOTE: PHP Bug: http://bugs.php.net/78943
 CVE-2019-11048
@@ -47055,6 +47053,7 @@ CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
 	NOTE: PHP Bug: http://bugs.php.net/78878
+	NOTE: http://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196
 CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP  ...)
 	{DSA-4626-1 DLA-2050-1}
 	- php7.3 <unfixed>
@@ -47062,6 +47061,7 @@ CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0
 	- php5 <removed>
 	NOTE: Fixed in PHP 7.4.1, 7.3.13
 	NOTE: PHP Bug: http://bugs.php.net/78863
+	NOTE: http://git.php.net/?p=php-src.git;a=patch;h=d74907b8575e6edb83b728c2a94df434c23e1f79
 CVE-2019-11044 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Wi ...)
 	- php7.3 <not-affected> (Windows specific issue)
 	- php7.0 <not-affected> (Windows specific issue)


=====================================
data/DSA/list
=====================================
@@ -2,7 +2,7 @@
 	{CVE-2020-3862 CVE-2020-3864 CVE-2020-3865 CVE-2020-3867 CVE-2020-3868}
 	[buster] - webkit2gtk 2.26.4-1~deb10u1
 [17 Feb 2020] DSA-4626-1 php7.3 - security update
-	{CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11049 CVE-2019-11050 CVE-2020-7059 CVE-2020-7060}
+	{CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2020-7059 CVE-2020-7060}
 	[buster] - php7.3 7.3.14-1~deb10u1
 [15 Feb 2020] DSA-4625-1 thunderbird - security update
 	{CVE-2020-6792 CVE-2020-6793 CVE-2020-6794 CVE-2020-6795 CVE-2020-6798 CVE-2020-6800}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cbf19f9e5d5fa670ef03b18260abbff19fbafac

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/5cbf19f9e5d5fa670ef03b18260abbff19fbafac
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200218/a72d1fe8/attachment-0001.html>
