[Git][security-tracker-team/security-tracker][master] Add references to commits for PHP issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jun 8 10:13:07 BST 2024 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
88befc63 by Salvatore Bonaccorso at 2024-06-08T11:12:31+02:00
Add references to commits for PHP issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -20047,18 +20047,21 @@ CVE-2024-5585 [Bypass of CVE-2024-1874]
 	- php7.3 <removed>
 	NOTE: Fixed in 8.3.8, 8.2.20, 8.1.29
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-9fcc-425m-g385
+	NOTE: https://github.com/php/php-src/commit/4b15f5d4ec750b31ec8911f5eb0915a45f96feca
 CVE-2024-5458 [Filter bypass in filter_var FILTER_VALIDATE_URL]
 	- php8.2 <unfixed>
 	- php7.4 <removed>
 	- php7.3 <removed>
 	NOTE: Fixed in 8.3.8, 8.2.20, 8.1.29
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-w8qr-v226-r27w
+	NOTE: https://github.com/php/php-src/commit/7e0e3cc820c493301409a0ce2b6ef95e0ab06b0c
 CVE-2024-4577 [Bypass of CVE-2012-1823, Argument Injection in PHP-CGI]
 	- php8.2 <unfixed>
 	- php7.4 <removed>
 	- php7.3 <removed>
 	NOTE: Fixed in 8.3.8, 8.2.20, 8.1.29
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-3qgc-jrrr-25jv
+	NOTE: https://github.com/php/php-src/commit/938267314835de3c2ed1a3da4f2959f1d2709468
 CVE-2024-1874 (In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before ...)
 	- php8.2 <not-affected> (Windows-specific)
 	- php7.4 <not-affected> (Windows-specific)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88befc63e8c3c1d3d2f65194ca8265584796deaa

-- 
This project does not include diff previews in email notifications.
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/88befc63e8c3c1d3d2f65194ca8265584796deaa
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240608/78dece3a/attachment.htm>

More information about the debian-security-tracker-commits mailing list