[Git][security-tracker-team/security-tracker][master] 3 commits: CVE-2025-14180/php7.4: not-affected
Sylvain Beucler (@beuc)
gitlab at salsa.debian.org
Fri Jan 2 13:55:00 GMT 2026
Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker
Commits:
affa02ae by Sylvain Beucler at 2026-01-02T14:54:43+01:00
CVE-2025-14180/php7.4: not-affected
- - - - -
ce5ff782 by Sylvain Beucler at 2026-01-02T14:54:45+01:00
CVE-2025-14178: reference introductory commit
- - - - -
ddd33a6c by Sylvain Beucler at 2026-01-02T14:54:47+01:00
CVE-2025-14177/php7.4: not-affected
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -6868,9 +6868,10 @@ CVE-2025-14180 (In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.*
{DSA-6088-1}
- php8.4 8.4.16-1 (bug #1123574)
- php8.2 <removed>
- - php7.4 <removed>
+ - php7.4 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/php/php-src/security/advisories/GHSA-8xr5-qppj-gvwj
NOTE: Fixed by: https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86 (php-8.4.16)
+ NOTE: Introduced by: https://github.com/php/php-src/commit/d521259e44288146aa3dc692bdf234cf45a4bd86 (php-8.1.0RC1)
CVE-2025-14178 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...)
{DSA-6088-1}
- php8.4 8.4.16-1 (bug #1123574)
@@ -6878,13 +6879,15 @@ CVE-2025-14178 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.*
- php7.4 <removed>
NOTE: https://github.com/php/php-src/security/advisories/GHSA-h96m-rvf9-jgm2
NOTE: Fixed by: https://github.com/php/php-src/commit/e6d7d34c1ae46281993036189e3bcb6528911ce8 (php-8.4.16)
+ NOTE: Introduced by: https://github.com/php/php-src/commit/a08723d3d313445191470c19e12235a56165600a (php-7.2.0RC1)
CVE-2025-14177 (In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before ...)
{DSA-6088-1}
- php8.4 8.4.16-1 (bug #1123574)
- php8.2 <removed>
- - php7.4 <removed>
+ - php7.4 <not-affected> (Vulnerable code introduced later)
NOTE: https://github.com/php/php-src/security/advisories/GHSA-3237-qqm7-mfv7
NOTE: https://github.com/php/php-src/commit/c5f28c7cf0a052f48e47877c7aa5c5bcc54f1cfc
+ NOTE: Introduced by: https://github.com/php/php-src/commit/52aa0d9ecc7ab8b0b74f142e7c1020caa281fbba (php-8.1.26RC1)
CVE-2025-68462 (Freedombox before 25.17.1 does not set proper permissions for the back ...)
- freedombox 25.17.1
[trixie] - freedombox <no-dsa> (Minor issue)
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/04cb7d32194659f6e08bf5a879446782fae85a9f...ddd33a6cf5bcfe8b62f72abb3c32053894b22abd
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/04cb7d32194659f6e08bf5a879446782fae85a9f...ddd33a6cf5bcfe8b62f72abb3c32053894b22abd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260102/410eafaa/attachment.htm>
More information about the debian-security-tracker-commits
mailing list