Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
d3ed9376 by Salvatore Bonaccorso at 2018-10-08T19:06:28Z
Mark php7.1 removed from unstable
- - - - -
0aa2ccbf by Salvatore Bonaccorso at 2018-10-08T19:06:29Z
Mark php7.0 removed from unstable in the archive
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2180,7 +2180,7 @@ CVE-2018-17082 (The Apache2 component in PHP before
5.6.38, 7.0.x before 7.0.32,
{DLA-1509-1}
- php7.3 7.3.0~rc2-1
- php7.2 <unfixed>
- - php7.1 <unfixed>
+ - php7.1 <removed>
- php7.0 7.0.32-1
- php5 <removed>
NOTE: Fixed in 5.6.38, 7.0.32, 7.1.22, 7.2.10, 7.3.0RC1
@@ -27927,7 +27927,7 @@ CVE-2015-9253 (An issue was discovered in PHP 7.3.x
before 7.3.0alpha3, 7.2.x be
- php7.3 <not-affected> (Fixed with initial upload to unstable)
- php7.2 7.2.8-1 (unimportant)
- php7.1 7.1.20-1 (unimportant)
- - php7.0 <unfixed> (unimportant)
+ - php7.0 <removed> (unimportant)
- php5 <removed> (unimportant)
NOTE: https://bugs.php.net/bug.php?id=73342
NOTE: https://bugs.php.net/bug.php?id=70185
@@ -73526,20 +73526,20 @@ CVE-2017-9121
RESERVED
CVE-2017-9120 (PHP 7.x through 7.1.5 allows remote attackers to cause a denial
of ...)
- php7.2 <unfixed>
- - php7.1 <unfixed>
- - php7.0 <unfixed>
+ - php7.1 <removed>
+ - php7.0 <removed>
- php5 <not-affected> (Not reproducible, vulnerable code not present.)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74544
CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP
7.1.5 ...)
- - php7.1 <unfixed> (unimportant)
- - php7.0 <unfixed> (unimportant)
+ - php7.1 <removed> (unimportant)
+ - php7.0 <removed> (unimportant)
- php5 <unfixed> (unimportant)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74593
NOTE: Only triggerable by malicious script
CVE-2017-9118 (PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl
via a ...)
- php7.2 <unfixed>
- - php7.1 <unfixed>
- - php7.0 <unfixed>
+ - php7.1 <removed>
+ - php7.0 <removed>
- php5 <removed>
[jessie] - php5 <postponed> (not reproducible, most likely not affected)
NOTE: Check for Jessie again as soon as more information are available.
@@ -74132,8 +74132,8 @@ CVE-2017-8924 (The edge_bulk_in_callback function in
drivers/usb/serial/io_ti.c
- linux 4.9.16-1 (low)
NOTE: Fixed by:
https://git.kernel.org/linus/654b404f2a222f918af9b0cd18ad469d0c941a8e
CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP
through ...)
- - php7.1 <unfixed> (bug #881539)
- - php7.0 <unfixed> (bug #881538)
+ - php7.1 <removed> (bug #881539)
+ - php7.0 <removed> (bug #881538)
[stretch] - php7.0 <ignored> (Minor issue)
NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74577
NOTE: (Duplicate of) PHP Bug: https://bugs.php.net/bug.php?id=73122
@@ -79556,8 +79556,8 @@ CVE-2017-7273 (The cp_report_fixup function in
drivers/hid/hid-cypress.c in the
NOTE: Fixed by:
https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110
CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that
accept ...)
{DLA-875-1}
- - php7.1 <unfixed>
- - php7.0 <unfixed>
+ - php7.1 <removed>
+ - php7.0 <removed>
[stretch] - php7.0 <ignored> (Upstream patch breaks existing
applications, revisit if a new approach has been identified)
- php5 <removed>
[jessie] - php5 <ignored> (Never applied to PHP 5 by upstream, breaks
existing applications)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/bba0d76e47d1036da9db63741c0ac13aee6d2d53...0aa2ccbf9f58b94a8d84b4b575c4c744b9db06b3
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/compare/bba0d76e47d1036da9db63741c0ac13aee6d2d53...0aa2ccbf9f58b94a8d84b4b575c4c744b9db06b3
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
