[pkg-php-pear] Bug#851771: php-gettext: CVE-2016-6175
Ivo De Decker
ivodd at debian.org
Thu Sep 13 21:46:17 BST 2018
Hi,
On Wed, Jan 18, 2017 at 05:23:43PM +0100, Salvatore Bonaccorso wrote:
> the following vulnerability was published for php-gettext.
>
> CVE-2016-6175[0]:
> Use of eval too unrestrictive
The packages using php-gettext in buster are:
cacti: cacti
kopano-webapp: kopano-webapp-common
phpmyadmin: phpmyadmin
tt-rss: tt-rss
Only phpmyadmin is a key package.
For phpmyadmin, php-gettext was replaced by motranslator
(https://github.com/phpmyadmin/motranslator/) in 4.7. Buster currently has
4.6, but a newer version might be uploaded at some point (see
https://bugs.debian.org/879741).
Cheers,
Ivo
More information about the pkg-php-pear
mailing list