[Git][security-tracker-team/security-tracker][master] Mark CVE-2024-2408/php7.{3,4} for bullseye and historical buster as ignored;...

Chris Lamb (@lamby) lamby at debian.org
Wed Apr 29 18:36:52 BST 2026 


Chris Lamb pushed to branch master at Debian Security Tracker / security-tracker


Commits:
9f4189c9 by Chris Lamb at 2026-04-29T10:36:46-07:00
Mark CVE-2024-2408/php7.{3,4} for bullseye and historical buster as ignored; these were fixed in src:openssl.

I did not specify a fixed version here (as for src:php8.2 8.2.18-1) as I did not want to adjust the <removed>.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -234504,9 +234504,9 @@ CVE-2024-2408 (The openssl_private_decrypt function in PHP, when using PKCS1 pad
 	- php8.2 8.2.18-1
 	[bookworm] - php8.2 <ignored> (OpenSSL in Bookworm lacks the necessary support in OpenSSL)
 	- php7.4 <removed>
-	[bullseye] - php7.4 <postponed> (Minor issue, revisit when fixed upstream)
+	[bullseye] - php7.4 <ignored> (OpenSSL fixed in 1.1.1n-0+deb11u4 uploaded 2023-02-05; the next php7.4 upload was 7.4.33-1+deb11u3, uploaded 2023-02-22)
 	- php7.3 <removed>
-	[buster] - php7.3 <postponed> (Minor issue, revisit when fixed upstream)
+	[buster] - php7.3 <ignored> (OpenSSL fixed in 1.1.1n-0+deb10u4 uploaded 2023-02-20; the next php7.3 upload was 7.3.31-1~deb10u3, uploaded 2023-02-26)
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-hh26-4ppw-5864
 	NOTE: https://people.redhat.com/~hkario/marvin/
 	NOTE: The fix requires support in openssl. Marking the first upload of php8.2 to unstable



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4189c9f2d781038a7104e0fedc43afca2f09f6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9f4189c9f2d781038a7104e0fedc43afca2f09f6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260429/fde48ada/attachment-0001.htm>

More information about the debian-security-tracker-commits mailing list