[pkg-php-pear] Bug#851771: php-gettext: CVE-2016-6175

Ivo De Decker ivodd at debian.org
Thu Sep 13 21:46:17 BST 2018


On Wed, Jan 18, 2017 at 05:23:43PM +0100, Salvatore Bonaccorso wrote:
> the following vulnerability was published for php-gettext.
> CVE-2016-6175[0]:
> Use of eval too unrestrictive 

The packages using php-gettext in buster are:

cacti: cacti
kopano-webapp: kopano-webapp-common
phpmyadmin: phpmyadmin
tt-rss: tt-rss

Only phpmyadmin is a key package.

For phpmyadmin, php-gettext was replaced by motranslator
(https://github.com/phpmyadmin/motranslator/) in 4.7. Buster currently has
4.6, but a newer version might be uploaded at some point (see



More information about the pkg-php-pear mailing list