[Git][security-tracker-team/security-tracker][master] Triage CVE-2020-7069/php7.0 as <not-affected> for stretch

Roberto C. Sánchez roberto at debian.org
Tue Oct 6 17:58:19 BST 2020



Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bf893186 by Roberto C. Sánchez at 2020-10-06T12:48:09-04:00
Triage CVE-2020-7069/php7.0 as <not-affected> for stretch

This was confirmed by adding the OpenSSL CCM/GCM unit tests as they
appeared after upstream commit 0216630ea2815a5789a24279a1211ac398d4de79.
The files which were added were:

ext/openssl/tests/cipher_tests.inc
ext/openssl/tests/openssl_decrypt_ccm.phpt
ext/openssl/tests/openssl_decrypt_gcm.phpt
ext/openssl/tests/openssl_encrypt_ccm.phpt
ext/openssl/tests/openssl_encrypt_gcm.phpt

Building with the additional tests resulted in all of the additional
tests passing, which confirmed that the affected code is not present.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -46046,6 +46046,7 @@ CVE-2020-7069 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x
 	- php7.4 <unfixed>
 	- php7.3 <removed>
 	- php7.0 <removed>
+	[stretch] - php7.0 <not-affected> (Affected code not present)
 	NOTE: Fixed in PHP 7.4.11, 7.3.23, 7.2.34
 	NOTE: PHP Bug: https://bugs.php.net/79601
 	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0216630ea2815a5789a24279a1211ac398d4de79



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf8931869a08eace6e30fd9bb9fd81e9950871ca

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf8931869a08eace6e30fd9bb9fd81e9950871ca
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201006/f8e2ae68/attachment.html>


More information about the debian-security-tracker-commits mailing list