[Git][security-tracker-team/security-tracker][master] record one more fix for php in sid
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Fri Sep 27 15:46:23 BST 2024
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
c7709f79 by Moritz Muehlenhoff at 2024-09-27T16:46:11+02:00
record one more fix for php in sid
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -26379,13 +26379,15 @@ CVE-2024-8926 [Bypass of CVE-2024-4577, Parameter Injection Vulnerability]
NOTE: https://github.com/php/php-src/security/advisories/GHSA-p99j-rfp4-xqvq
NOTE: https://github.com/php/php-src/commit/abcfd980bfa03298792fd3aba051c78d52f10642 (PHP-8.2.24)
CVE-2024-2408 (The openssl_private_decrypt function in PHP, when using PKCS1 padding ...)
- - php8.2 <unfixed>
- [bookworm] - php8.2 <postponed> (Minor issue, revisit when fixed upstream)
+ - php8.2 8.2.18-1
+ [bookworm] - php8.2 <ignored> (OpenSSL in Bookworm lacks the necessary support in OpenSSL)
- php7.4 <removed>
[bullseye] - php7.4 <postponed> (Minor issue, revisit when fixed upstream)
- php7.3 <removed>
[buster] - php7.3 <postponed> (Minor issue, revisit when fixed upstream)
NOTE: https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864
+ NOTE: The fix requires support in openssl. Marking the first upload of php8.2 to unstable
+ NOTE: after openssl 3.2.1-3 was uploaded to unstable in 04 Apr 2024 as the fixed version (8.2.18-1)
CVE-2024-25929 (Missing Authorization vulnerability in MultiVendorX Product Catalog En ...)
NOT-FOR-US: WordPress plugin
CVE-2024-25092 (Missing Authorization vulnerability in XLPlugins NextMove Lite.This is ...)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7709f7967805bcda646b9d4caef72b3c88129d5
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/c7709f7967805bcda646b9d4caef72b3c88129d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20240927/0d2193b8/attachment.htm>
More information about the debian-security-tracker-commits
mailing list