Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
2427d44c by Salvatore Bonaccorso at 2019-07-13T22:19:40Z
Add php7.3 source package as well for CVE-2017-7272
It is very unlikely that something will happend for CVE-2017-7272 and
the related CVE-2017-7189 as the priginal proposed fix which went into
upstream releases was shortly after again reverted as too many real
world applications got broken.
Another approach so far did not arise.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -121135,6 +121135,8 @@ CVE-2017-7273 (The cp_report_fixup function in
drivers/hid/hid-cypress.c in the
NOTE: Fixed by:
https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110
CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that
accept ...)
{DLA-875-1}
+ - php7.3 <unfixed>
+ [buster] - php7.3 <ignored> (Upstream patch breaks existing
applications, was reverted again, revisit if a new approach has been identified)
- php7.1 <removed>
- php7.0 <removed>
[stretch] - php7.0 <ignored> (Upstream patch breaks existing
applications, revisit if a new approach has been identified)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2427d44cf05f40af7697879d12394c106543d63f
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/2427d44cf05f40af7697879d12394c106543d63f
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
