[Git][security-tracker-team/security-tracker][master] 2 commits: Triage CVE-2026-7259/php7.4 for bullseye

Guilhem Moulin (@guilhem) guilhem at debian.org
Fri May 15 23:42:00 BST 2026 


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2c20f309 by Guilhem Moulin at 2026-05-16T00:41:51+02:00
Triage CVE-2026-7259/php7.4 for bullseye

- - - - -
aaaebf8a by Guilhem Moulin at 2026-05-16T00:41:52+02:00
Triage CVE-2025-14179/php7.4 for bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -5937,9 +5937,10 @@ CVE-2025-14179 (In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.*
 	{DSA-6256-1 DSA-6255-1}
 	- php8.4 8.4.21-1 (bug #1136054)
 	- php8.2 <removed>
-	- php7.4 <removed>
+	- php7.4 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-w476-322c-wpvm
 	NOTE: https://github.com/php/php-src/commit/3f40b65323dd1b85e9bab6878237d3867e449d5c
+	NOTE: Introduced with: https://github.com/php/php-src/commit/17a789e27c31ca13ba4bab6fcfc265d2dd0589a2 (php-8.0.0RC2)
 CVE-2026-6104 (In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, when an en ...)
 	{DSA-6256-1}
 	- php8.4 8.4.21-1 (bug #1136054)
@@ -5951,9 +5952,10 @@ CVE-2026-7259 (In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* b
 	{DSA-6256-1 DSA-6255-1}
 	- php8.4 8.4.21-1 (bug #1136054)
 	- php8.2 <removed>
-	- php7.4 <removed>
+	- php7.4 <not-affected> (Vulnerable code introduced later)
 	NOTE: https://github.com/php/php-src/security/advisories/GHSA-wm6j-2649-pv75
 	NOTE: https://github.com/php/php-src/commit/79a054eae016c56409432e69aebc8ca908a88838
+	NOTE: Introduced with: https://github.com/php/php-src/commit/73455778d4ae35110a987f1019e548aff721c3af (php-8.0.0RC2)
 CVE-2026-6735 (In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before ...)
 	{DSA-6256-1 DSA-6255-1}
 	- php8.4 8.4.21-1 (bug #1136054)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/97269bd8bd21ee7a7ce40fdd266c09c2141c1eb8...aaaebf8aa326dfad4bee08963c0c90938f3e02f7

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/97269bd8bd21ee7a7ce40fdd266c09c2141c1eb8...aaaebf8aa326dfad4bee08963c0c90938f3e02f7
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260515/5633fc5d/attachment.htm>

More information about the debian-security-tracker-commits mailing list