[Git][security-tracker-team/security-tracker][master] Triage CVE-2020-7069/php7.0 as <not-affected> for stretch
Roberto C. Sánchez
roberto at debian.org
Tue Oct 6 17:58:19 BST 2020
Roberto C. Sánchez pushed to branch master at Debian Security Tracker / security-tracker
Commits:
bf893186 by Roberto C. Sánchez at 2020-10-06T12:48:09-04:00
Triage CVE-2020-7069/php7.0 as <not-affected> for stretch
This was confirmed by adding the OpenSSL CCM/GCM unit tests as they
appeared after upstream commit 0216630ea2815a5789a24279a1211ac398d4de79.
The files which were added were:
ext/openssl/tests/cipher_tests.inc
ext/openssl/tests/openssl_decrypt_ccm.phpt
ext/openssl/tests/openssl_decrypt_gcm.phpt
ext/openssl/tests/openssl_encrypt_ccm.phpt
ext/openssl/tests/openssl_encrypt_gcm.phpt
Building with the additional tests resulted in all of the additional
tests passing, which confirmed that the affected code is not present.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46046,6 +46046,7 @@ CVE-2020-7069 (In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x
- php7.4 <unfixed>
- php7.3 <removed>
- php7.0 <removed>
+ [stretch] - php7.0 <not-affected> (Affected code not present)
NOTE: Fixed in PHP 7.4.11, 7.3.23, 7.2.34
NOTE: PHP Bug: https://bugs.php.net/79601
NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0216630ea2815a5789a24279a1211ac398d4de79
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf8931869a08eace6e30fd9bb9fd81e9950871ca
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/bf8931869a08eace6e30fd9bb9fd81e9950871ca
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20201006/f8e2ae68/attachment.html>
More information about the debian-security-tracker-commits
mailing list