diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-23 19:39:08 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-23 19:39:08 +0200 |
commit | 41d7c650ad0ab35118aa07356d72df26fa66f0e0 (patch) | |
tree | 3624f86c05e5950f1b0a1def3056ab2874e410c9 | |
parent | 8b03458cc1e9bf5f12d4980c7f9e50e13d3ec43d (diff) |
Replace git.php.net HTTP URLs with HTTPS URLs
-rw-r--r-- | data/CVE/2012.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 12 | ||||
-rw-r--r-- | data/CVE/2014.list | 24 | ||||
-rw-r--r-- | data/CVE/2015.list | 52 | ||||
-rw-r--r-- | data/CVE/2016.list | 48 | ||||
-rw-r--r-- | data/CVE/2017.list | 12 | ||||
-rw-r--r-- | data/CVE/2018.list | 2 | ||||
-rw-r--r-- | data/CVE/2019.list | 6 | ||||
-rw-r--r-- | data/CVE/2020.list | 8 |
9 files changed, 84 insertions, 84 deletions
diff --git a/data/CVE/2012.list b/data/CVE/2012.list index 1f1e81a788..2a753a17db 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -1489,8 +1489,8 @@ CVE-2012-6114 (The git-changelog utility in git-extras 1.7.0 allows local users CVE-2012-6113 (The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 thr ...) - php5 5.4.0~beta2-1 [squeeze] - php5 <not-affected> (Introduced in 5.3.9) - NOTE: Introduced in http://git.php.net/?p=php-src.git;a=commitdiff;h=095cbc48a8f0090f3b0abc6155f2b61943c9eafb - NOTE: Fixed in 5.3.14 http://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e + NOTE: Introduced in https://git.php.net/?p=php-src.git;a=commitdiff;h=095cbc48a8f0090f3b0abc6155f2b61943c9eafb + NOTE: Fixed in 5.3.14 https://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1099793 NOTE: https://bugs.php.net/bug.php?id=61413 CVE-2012-6112 (classes/GoogleSpell.php in the PHP Spellchecker (aka Google Spellcheck ...) diff --git a/data/CVE/2013.list b/data/CVE/2013.list index da95954d82..9333c7dc0d 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -2151,7 +2151,7 @@ CVE-2013-6713 (The Data Protection for VMware component in IBM Tivoli Storage Ma CVE-2013-6712 (The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...) {DSA-2816-1} - php5 5.5.6+dfsg-2 (bug #731112) - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071 CVE-2013-6711 (Cross-site scripting (XSS) vulnerability in the product-creation admin ...) NOT-FOR-US: Cisco CVE-2013-6710 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx Trainin ...) @@ -3032,7 +3032,7 @@ CVE-2013-6421 (The unpack_zip function in archive_unpacker.rb in the sprout gem CVE-2013-6420 (The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP befor ...) {DSA-2816-1} - php5 5.5.6+dfsg-2 (bug #731895) - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415 CVE-2013-6419 (Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 ...) - neutron 2013.2.1-1 - nova 2013.2.1-1 @@ -14007,7 +14007,7 @@ CVE-2013-2110 (Heap-based buffer overflow in the php_quot_print_encode function [wheezy] - php5 <not-affected> (Vulnerable code not present) [squeeze] - php5 <not-affected> (Vulnerable code not present) NOTE: https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0 - NOTE: vulnerability introduced with commit http://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629 + NOTE: vulnerability introduced with commit https://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629 CVE-2013-2109 (WordPress plugin wp-cleanfix has Remote Code Execution ...) NOT-FOR-US: WordPress plugin wp-cleanfix CVE-2013-2108 (WordPress WP Cleanfix Plugin 2.4.4 has CSRF ...) @@ -14976,7 +14976,7 @@ CVE-2013-1824 (The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allo {DSA-2639-1} - php5 5.4.4-14 NOTE: See CVE-2013-1643 - NOTE: http://git.php.net/?p=web/php.git;a=commitdiff;h=e8432b34ee7a196a14a6e0191a00fe73b5a095e7 + NOTE: https://git.php.net/?p=web/php.git;a=commitdiff;h=e8432b34ee7a196a14a6e0191a00fe73b5a095e7 CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications form in ...) NOT-FOR-US: Katello CVE-2013-1822 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x ...) @@ -15732,7 +15732,7 @@ CVE-2013-1644 CVE-2013-1643 (The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows re ...) {DSA-2639-1} - php5 5.4.4-14 (bug #702221) - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36 CVE-2013-1642 (Multiple cross-site scripting (XSS) vulnerabilities in QuiXplorer befo ...) NOT-FOR-US: QuiXplorer CVE-2013-1641 (Directory traversal vulnerability in the zip download functionality in ...) @@ -15753,7 +15753,7 @@ CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does {DSA-2639-1} - php5 5.4.4-14 (unimportant; bug #702221) NOTE: open_basedir not supported - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74 CVE-2013-1634 (A denial of service vulnerability exists in some motherboard implement ...) NOT-FOR-US: Intel CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packages f ...) diff --git a/data/CVE/2014.list b/data/CVE/2014.list index be349e9ee2..d796d043ba 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -2025,8 +2025,8 @@ CVE-2014-9709 (The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as NOTE: https://bugs.php.net/bug.php?id=68601 NOTE: Fix in libgd2: https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 NOTE: Also related: https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2cefe4f5c - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2cefe4f5c + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd, the embedded copy was fixed upstream in 5.6.5 NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/469990b43c294692493f15f8400560fe5d966a02 CVE-2014-9701 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and ...) @@ -3108,7 +3108,7 @@ CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5 - php5 5.6.5+dfsg-1 [squeeze] - php5 <not-affected> (Introduced in 5.4.1) NOTE: https://bugs.php.net/bug.php?id=68618 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35 CVE-2014-XXXX [CRAM-MD5 authentication bypass] - dbmail <not-affected> (Only affects versions supporting cram-md5, so 3.0.0 and later) NOTE: http://blog.gmane.org/gmane.mail.imap.dbmail/day=20141219 @@ -5278,7 +5278,7 @@ CVE-2014-8627 (PolarSSL 1.3.8 does not properly negotiate the signature algorith CVE-2014-8626 (Stack-based buffer overflow in the date_from_ISO8601 function in ext/x ...) - php5 5.2.9.dfsg.1-1 NOTE: https://bugs.php.net/bug.php?id=45226 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c818d0d01341907fee82bdb81cab07b7d93bb9db + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c818d0d01341907fee82bdb81cab07b7d93bb9db CVE-2014-8625 (Multiple format string vulnerabilities in the parse_error_msg function ...) - dpkg 1.17.22 (unimportant; bug #768485) [wheezy] - dpkg 1.16.16 @@ -6119,12 +6119,12 @@ CVE-2014-8764 (DokuWiki 2014-05-05a and earlier, when using Active Directory for {DSA-3059-1 DLA-79-1} - dokuwiki 0.0.20140929.a-1 (bug #766545) [jessie] - dokuwiki <not-affected> (PHP 5.6 in jessie fixes this on the PHP level, see #766545) - NOTE: Fix at PHP level: http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c + NOTE: Fix at PHP level: https://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c CVE-2014-8763 (DokuWiki before 2014-05-05b, when using Active Directory for LDAP auth ...) {DSA-3059-1 DLA-79-1} - dokuwiki 0.0.20140929.a-1 (bug #766545) [jessie] - dokuwiki <not-affected> (PHP 5.6 in jessie fixes this on the PHP level, see #766545) - NOTE: Fix at PHP level: http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c + NOTE: Fix at PHP level: https://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c CVE-2014-8762 (The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remo ...) {DSA-3059-1} - dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545) @@ -6573,8 +6573,8 @@ CVE-2014-8143 (Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data function in ex ...) {DSA-3117-1} - php5 5.6.5+dfsg-1 (unimportant) - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc NOTE: Only affects an inherently insecure use case CVE-2014-8141 (Heap-based buffer overflow in the getZip64Data function in Info-ZIP Un ...) {DSA-3113-1 DLA-124-1} @@ -14749,7 +14749,7 @@ CVE-2014-4699 (The Linux kernel before 3.15.4 on Intel processors does not prope NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a CVE-2014-4698 (Use-after-free vulnerability in ext/spl/spl_array.c in the SPL compone ...) - php5 5.6.0~rc3+dfsg-1 (unimportant) - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=22882a9d89712ff2b6ebc20a689a89452bba4dcd + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=22882a9d89712ff2b6ebc20a689a89452bba4dcd NOTE: https://bugs.php.net/bug.php?id=67539 NOTE: exploitable by malicious scripts only CVE-2014-4697 @@ -14808,7 +14808,7 @@ CVE-2014-4670 (Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL c {DSA-3008-1} - php5 5.6.0~rc3+dfsg-1 (unimportant) NOTE: exploitable by malicious scripts only - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=df78c48354f376cf419d7a97f88ca07d572f00fb + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=df78c48354f376cf419d7a97f88ca07d572f00fb NOTE: https://bugs.php.net/bug.php?id=67538 CVE-2014-4669 (HP Enterprise Maps 1.00 allows remote authenticated users to read arbi ...) NOT-FOR-US: HP Enterprise Maps @@ -17075,7 +17075,7 @@ CVE-2014-3710 (The donote function in readelf.c in file through 5.20, as used in NOTE: Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0 - php5 5.6.3+dfsg-1 (bug #768807) NOTE: https://bugs.php.net/bug.php?id=68283 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d (PHP 5.4 branch) + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d (PHP 5.4 branch) CVE-2014-3709 (The org.keycloak.services.resources.SocialResource.callback method in ...) NOT-FOR-US: JBoss KeyCloak CVE-2014-3708 (OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 ...) @@ -21571,7 +21571,7 @@ CVE-2014-2270 (softmagic.c in file before 5.17 and libmagic allows context-depen NOTE: http://bugs.gw.com/view.php?id=313 NOTE: https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801 - php5 5.5.10+dfsg-1 (bug #740960) - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a33759fd275b32ed0bbe89796fe2953b3cb0b41f + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=a33759fd275b32ed0bbe89796fe2953b3cb0b41f CVE-2014-5795 REJECTED CVE-2014-2245 (SQL injection vulnerability in the News module in CMS Made Simple (CMS ...) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index d8754d335f..b724f87810 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1761,7 +1761,7 @@ CVE-2015-8866 (ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, NOTE: https://bugs.php.net/bug.php?id=64938 NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817 NOTE: http://framework.zend.com/security/advisory/ZF2015-06 -> Relation to CVE-2015-5161 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9 NOTE: Fixed in 5.6.6, 5.5.22 NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8 CVE-2015-8867 (The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ...) @@ -1771,7 +1771,7 @@ CVE-2015-8867 (The openssl_random_pseudo_bytes function in ext/openssl/openssl.c [wheezy] - php5 5.4.44-0+deb7u1 NOTE: https://bugs.php.net/bug.php?id=70014 NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827 NOTE: Fixed in 7.0.0, 5.6.12, 5.5.28, 5.5.44 NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8 CVE-2015-8853 (The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in ...) @@ -1849,7 +1849,7 @@ CVE-2015-8865 (The file_check_mem function in funcs.c in file before 5.23, as us NOTE: http://bugs.gw.com/view.php?id=522 NOTE: https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36 NOTE: https://bugs.php.net/bug.php?id=71527 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e NOTE: PHP fixed in 7.0.5, 5.6.20, 5.5.34 NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/4e614ba041e24af8351afbb49c92444c0850f23b @@ -2106,7 +2106,7 @@ CVE-2015-XXXX [Type Confusion Vulnerability in PHP_to_XMLRPC_worker()] [jessie] - php5 5.6.17+dfsg-0+deb8u1 [wheezy] - php5 5.4.45-0+deb7u4 NOTE: Workaround entry for DLA-533-1 until CVE is assigned - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f3c1863aa2721343245b63ac7bd68cfdc3dd41f3 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=f3c1863aa2721343245b63ac7bd68cfdc3dd41f3 NOTE: https://bugs.php.net/bug.php?id=70728 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3 CVE-2015-XXXX [Session WDDX Packet Deserialization Type Confusion Vulnerability] @@ -8992,7 +8992,7 @@ CVE-2015-6673 (Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15 NOTE: https://sourceforge.net/p/libpgf/code/148/ CVE-2015-6527 (The php_str_replace_in_subject function in ext/standard/string.c in PH ...) - php5 <not-affected> (Specific to PHP 7) - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5 NOTE: https://bugs.php.net/bug.php?id=70140 CVE-2015-6521 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS vers ...) NOT-FOR-US: ATutor @@ -11478,13 +11478,13 @@ CVE-2015-5590 (Stack-based buffer overflow in the phar_fix_filepath function in {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69923 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f NOTE: Fixed in 5.6.11, 5.4.43 CVE-2015-5589 (The phar_convert_to_other function in ext/phar/phar_object.c in PHP be ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69958 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf NOTE: Fixed in 5.6.11, 5.4.43 CVE-2015-5536 (Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.1 ...) NOT-FOR-US: Belkin router @@ -14117,21 +14117,21 @@ CVE-2015-4645 (Integer overflow in the read_fragment_table_4 function in unsquas CVE-2015-4642 (The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.4 ...) - php5 <not-affected> (Windows specific) NOTE: https://bugs.php.net/bug.php?id=69646 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 CVE-2015-4643 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42 NOTE: https://bugs.php.net/bug.php?id=69545#1431550655 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 CVE-2015-4644 (The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgs ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42 NOTE: https://bugs.php.net/bug.php?id=69667 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 CVE-2015-4639 (Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl ...) NOT-FOR-US: Koha @@ -14617,21 +14617,21 @@ CVE-2015-4602 (The __PHP_Incomplete_Class function in ext/standard/incomplete_cl - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1 NOTE: https://bugs.php.net/bug.php?id=69152 CVE-2015-4601 (PHP before 5.6.7 might allow remote attackers to cause a denial of ser ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 NOTE: https://bugs.php.net/bug.php?id=69152 CVE-2015-4600 (The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.2 ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 NOTE: https://bugs.php.net/bug.php?id=69152 CVE-2015-4599 (The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4. ...) {DLA-307-1} @@ -14639,7 +14639,7 @@ CVE-2015-4599 (The SoapFault::__toString method in ext/soap/soap.c in PHP before [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: https://bugs.php.net/bug.php?id=69152 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4 CVE-2015-4598 (PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does n ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 @@ -15869,7 +15869,7 @@ CVE-2015-4021 (The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5 {DSA-3280-1 DLA-307-1} - php5 5.6.9+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69453 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74 NOTE: http://www.openwall.com/lists/oss-security/2015/05/17/2 and http://www.openwall.com/lists/oss-security/2015/05/18/2 NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9 CVE-2015-3987 (Multiple unquoted Windows search path vulnerabilities in the (1) Clien ...) @@ -17334,8 +17334,8 @@ CVE-2015-3412 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 do - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257 NOTE: https://bugs.php.net/bug.php?id=69353 CVE-2015-3411 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does no ...) {DLA-307-1} @@ -17655,7 +17655,7 @@ CVE-2015-3330 (The php_handler function in sapi/apache2handler/sapi_apache2.c in - php5 5.6.7+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69218 NOTE: https://bugs.php.net/bug.php?id=68486 - NOTE: Fixed by: http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7 + NOTE: Fixed by: https://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7 NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/3 NOTE: For details on scope of the CVE assignment: http://www.openwall.com/lists/oss-security/2015/04/17/7 CVE-2015-3319 (Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly ...) @@ -17678,11 +17678,11 @@ CVE-2015-3307 (The phar_parse_metadata function in ext/phar/phar.c in PHP before {DSA-3280-1 DLA-307-1} - php5 5.6.9+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69443 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae CVE-2015-3329 (Multiple stack-based buffer overflows in the phar_set_inode function i ...) {DSA-3280-1 DLA-212-1} - php5 5.6.9+dfsg-1 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c NOTE: https://bugs.php.net/bug.php?id=69441 NOTE: http://www.openwall.com/lists/oss-security/2015/04/16/22 NOTE: Fixed in 5.6.8 and 5.4.40 @@ -19321,7 +19321,7 @@ CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5. {DSA-3280-1 DLA-212-1} - php5 5.6.9+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69324 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae NOTE: Fixed in 5.6.8 and 5.4.40 CVE-2015-2781 (Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi i ...) NOT-FOR-US: Hotspot Express hotEx Billing Manager @@ -20956,7 +20956,7 @@ CVE-2015-2301 (Use-after-free vulnerability in the phar_rename_archive function {DSA-3198-1 DLA-212-1} - php5 5.6.6+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=68901 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6 CVE-2015-2265 (The remove_bad_chars function in utils/cups-browsed.c in cups-filters ...) - cups-filters 1.0.61-5 (bug #780267) @@ -25669,13 +25669,13 @@ CVE-2015-1352 (The build_tablename function in pgsql.c in the PostgreSQL (aka pg - php5 5.6.6+dfsg-2 (bug #777036) [squeeze] - php5 <not-affected> (vulnerable code (build_tablename()) introduced later) NOTE: https://bugs.php.net/bug.php?id=68741 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e CVE-2015-1351 (Use-after-free vulnerability in the _zend_shared_memdup function in ze ...) - php5 5.6.6+dfsg-2 (bug #777033) [squeeze] - php5 <not-affected> (opcache introduced in 5.5) [wheezy] - php5 <not-affected> (opcache introduced in 5.5) NOTE: https://bugs.php.net/bug.php?id=68677 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115 CVE-2015-XXXX [insecure keyring handling] - weboob 1.0-3 (low; bug #774838) [wheezy] - weboob <no-dsa> (Minor issue) @@ -26527,8 +26527,8 @@ CVE-2015-0273 (Multiple use-after-free vulnerabilities in ext/date/php_date.c in {DSA-3195-1} - php5 5.6.6+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=68942 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24 CVE-2015-0272 (GNOME NetworkManager allows remote attackers to cause a denial of serv ...) - network-manager 1.0.4-1 [jessie] - network-manager <no-dsa> (Will be fixed on the kernel side) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index e95d3db79c..2e0e2178e1 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1591,7 +1591,7 @@ CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling o [jessie] - php5 5.6.28+dfsg-0+deb8u1 NOTE: PHP bug: https://bugs.php.net/bug.php?id=73192 NOTE: Fixed in 7.1.0, 7.0.13, 5.6.28 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...) {DLA-1044-1} @@ -7165,7 +7165,7 @@ CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ex - php5 <removed> [wheezy] - php5 <not-affected> (Vulnerable code not present in version 5.4.45) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f NOTE: Fixed in 7.0.12, 5.6.27 NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/1 CVE-2016-8673 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...) @@ -10446,8 +10446,8 @@ CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, res NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72610 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092 NOTE: Fixed in 7.0.15 - NOTE: PHP 5.x/7.x: http://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0 - NOTE: PHP 7.x: http://git.php.net/?p=php-src.git;a=commit;h=b47c49d7a00bc34d7e0f3d72732f66e904da6fa7 + NOTE: PHP 5.x/7.x: https://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0 + NOTE: PHP 7.x: https://git.php.net/?p=php-src.git;a=commit;h=b47c49d7a00bc34d7e0f3d72732f66e904da6fa7 NOTE: The change is in 5.6+, even though the property table issue only affects NOTE: PHP 7, because this also prevents a wide range of other __wakeup() based NOTE: attacks. @@ -10457,7 +10457,7 @@ CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x - php7.0 7.0.13-1 - php5 <removed> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093 - NOTE: Patch for 5.6.x: http://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (5.6.28) + NOTE: Patch for 5.6.x: https://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (5.6.28) NOTE: backported patch for 5.4: https://lists.debian.org/87efysy07p.fsf@curie.anarc.at CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 al ...) - libav <removed> (unimportant) @@ -14214,14 +14214,14 @@ CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ext/zip - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72520 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6296 (Integer signedness error in the simplestring_addn function in simplest ...) {DSA-3631-1 DLA-2011-1 DLA-628-1 DLA-569-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72606 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 - xmlrpc-epi 0.54.2-1.2 (bug #832959) NOTE: In stretch/sid php7.0 is using the system library not the embedded one. @@ -14230,14 +14230,14 @@ CVE-2016-6295 (ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7. - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72479 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6294 (The locale_accept_from_http function in ext/intl/locale/locale_methods ...) {DSA-3631-1 DLA-628-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72533 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6293 (The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in Interna ...) {DSA-3725-1 DLA-615-1} @@ -14251,28 +14251,28 @@ CVE-2016-6292 (The exif_process_user_comment function in ext/exif/exif.c in PHP - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72618 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6291 (The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP b ...) {DSA-3631-1 DLA-628-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72603 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6290 (ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7 ...) {DSA-3631-1 DLA-628-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72562 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6289 (Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_ ...) {DSA-3631-1 DLA-628-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72513 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6271 (The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the- ...) - bzrtp 1.0.2-1.2 (bug #859277) @@ -15950,42 +15950,42 @@ CVE-2016-5773 (php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before - php7.0 7.0.8-1 - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6 NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5772 (Double free vulnerability in the php_wddx_process_data function in wdd ...) {DSA-3618-1 DLA-628-1} - php7.0 7.0.8-1 - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5771 (spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...) {DSA-3618-1 DLA-628-1} - php7.0 <not-affected> (Does not affect PHP 7.x) - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c NOTE: Fixed in 5.5.37, 5.6.23 CVE-2016-5770 (Integer overflow in the SplFileObject::fread function in spl_directory ...) {DSA-3618-1 DLA-628-1} - php7.0 7.0.8-1 - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5769 (Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...) {DSA-3618-1 DLA-628-1} - php7.0 7.0.8-1 - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0 NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5768 (Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ...) {DSA-3618-1 DLA-628-1} - php7.0 7.0.8-1 - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62 NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5767 (Integer overflow in the gdImageCreate function in gd.c in the GD Graph ...) - php7.0 7.0.8-1 (unimportant) @@ -15993,7 +15993,7 @@ CVE-2016-5767 (Integer overflow in the gdImageCreate function in gd.c in the GD [jessie] - php5 5.6.23+dfsg-0+deb8u1 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72446 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6 NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 - libgd2 2.0.34~rc1-1 NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (GD_2_0_34RC1) @@ -16004,7 +16004,7 @@ CVE-2016-5766 (Integer overflow in the _gd2GetHeader function in gd_gd2.c in the [jessie] - php5 5.6.23+dfsg-0+deb8u1 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72339 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 - libgd2 2.2.2-29-g3c2b605-1 (bug #829014) NOTE: https://github.com/libgd/libgd/issues/243 @@ -20092,7 +20092,7 @@ CVE-2016-4473 (/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote atta NOTE: The issue was introduced as part CVE-2015-6833, which was applied upstream NOTE: in versions 5.4.44, 5.5.28, and 5.6.12. NOTE: https://bugs.php.net/bug.php?id=72321 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d144590d38fa321b46b8e199c754006318985c84 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=d144590d38fa321b46b8e199c754006318985c84 NOTE: Fixed in 5.6.23 CVE-2016-4472 (The overflow protection in Expat is removed by compilers with certain ...) {DSA-3582-1 DLA-483-1} @@ -23481,7 +23481,7 @@ CVE-2016-3133 CVE-2016-3132 (Double free vulnerability in the SplDoublyLinkedList::offsetSet functi ...) - php7.0 7.0.6-1 NOTE: https://bugs.php.net/bug.php?id=71735 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5 CVE-2016-3131 (Cloudera CDH before 5.6.1 allows authorization bypass via direct inter ...) NOT-FOR-US: Cloudera CVE-2016-3130 (An information disclosure vulnerability in the Core and Management Con ...) @@ -26072,7 +26072,7 @@ CVE-2016-XXXX [Integer overflow in iptcembed()] NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=71459 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305518 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886 NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3 - hhvm 3.12.1+dfsg-1 NOTE: https://github.com/facebook/hhvm/commit/381702ffbfdae170ba3fff97d6cc1b9c69666854 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index aae7b7abd0..c1a0d25301 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -23014,7 +23014,7 @@ CVE-2017-11147 (In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive han [jessie] - php5 5.6.30+dfsg-0+deb8u1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73773 NOTE: Fixed in 7.1.1, 7.0.15, 5.6.30 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the o ...) {DSA-4081-1 DSA-4080-1 DLA-1034-1} @@ -23023,9 +23023,9 @@ CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, - php5 <removed> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74651 NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserialization of b ...) {DSA-4081-1 DLA-1034-1} @@ -23033,8 +23033,8 @@ CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserializatio - php7.0 <not-affected> (Only affected 5.6) - php5 <removed> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74145 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2017-11142 (In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remot ...) {DSA-4081-1} diff --git a/data/CVE/2018.list b/data/CVE/2018.list index ef243ccada..e6ba594409 100644 --- a/data/CVE/2018.list +++ b/data/CVE/2018.list @@ -22044,7 +22044,7 @@ CVE-2018-12882 (exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2. - php7.0 <not-affected> (Specific to 7.2.x) - php5 <not-affected> (Specific to 7.2.x) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76409 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3fdde65617e9f954e2c964768aac8831005497e5 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=3fdde65617e9f954e2c964768aac8831005497e5 CVE-2018-12881 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...) NOT-FOR-US: Adobe CVE-2018-12880 (Adobe Acrobat and Reader versions 2018.011.20063 and earlier, 2017.011 ...) diff --git a/data/CVE/2019.list b/data/CVE/2019.list index 366a90c96c..adf1ca9719 100644 --- a/data/CVE/2019.list +++ b/data/CVE/2019.list @@ -25825,7 +25825,7 @@ CVE-2019-11046 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 - php5 <removed> NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: http://bugs.php.net/78878 - NOTE: http://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196 + NOTE: https://git.php.net/?p=php-src.git;a=patch;h=2d07f00b73d8f94099850e0f5983e1cc5817c196 CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP ...) {DSA-4628-1 DSA-4626-1 DLA-2050-1} - php7.3 7.3.15-1 @@ -25833,7 +25833,7 @@ CVE-2019-11045 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 - php5 <removed> NOTE: Fixed in PHP 7.4.1, 7.3.13 NOTE: PHP Bug: http://bugs.php.net/78863 - NOTE: http://git.php.net/?p=php-src.git;a=patch;h=d74907b8575e6edb83b728c2a94df434c23e1f79 + NOTE: https://git.php.net/?p=php-src.git;a=patch;h=d74907b8575e6edb83b728c2a94df434c23e1f79 CVE-2019-11044 (In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0 on Wi ...) - php7.3 <not-affected> (Windows specific issue) - php7.0 <not-affected> (Windows specific issue) @@ -25848,7 +25848,7 @@ CVE-2019-11043 (In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x NOTE: Fixed in PHP 7.3.11, 7.2.24 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=78599 NOTE: https://www.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=ab061f95ca966731b1c84cf5b7b20155c0a1c06a + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=ab061f95ca966731b1c84cf5b7b20155c0a1c06a CVE-2019-11042 (When PHP EXIF extension is parsing EXIF information from an image, e.g ...) {DSA-4529-1 DSA-4527-1 DLA-1878-1} - php7.3 7.3.8-1 diff --git a/data/CVE/2020.list b/data/CVE/2020.list index d754aab54b..da1ea63483 100644 --- a/data/CVE/2020.list +++ b/data/CVE/2020.list @@ -38634,7 +38634,7 @@ CVE-2020-7067 (In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x - php5 <removed> (unimportant) NOTE: Fixed in PHP 7.4.5, 7.3.17 NOTE: PHP Bug: https://bugs.php.net/79465 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=9d6bf8221b05f86ce5875832f0f646c4c1f218be NOTE: This only affects builds which enable EDBDIC CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2188-1} @@ -38644,7 +38644,7 @@ CVE-2020-7066 (In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x - php5 <removed> NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29 NOTE: PHP Bug: https://bugs.php.net/79329 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0d139c5b94a5f485a66901919e51faddb0371c43 CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using ...) {DSA-4719-1} - php7.4 7.4.5-1 @@ -38653,7 +38653,7 @@ CVE-2020-7065 (In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while u - php5 <not-affected> (Vulnerable code introduced later) NOTE: Fixed in PHP 7.4.4, 7.3.16 NOTE: PHP Bug: https://bugs.php.net/79371 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=1fdffd1c55d771ca22ae217784ab75fce592ad38 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1fdffd1c55d771ca22ae217784ab75fce592ad38 CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2188-1} - php7.4 7.4.5-1 @@ -38662,7 +38662,7 @@ CVE-2020-7064 (In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x b - php5 <removed> NOTE: Fixed in PHP 7.4.4, 7.3.16, 7.2.29 NOTE: PHP Bug: https://bugs.php.net/79282 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=25238bdf6005b85ab844aa2b743b589dfce9f0d2 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=25238bdf6005b85ab844aa2b743b589dfce9f0d2 CVE-2020-7063 (In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below ...) {DSA-4719-1 DSA-4717-1 DLA-2160-1} - php7.4 7.4.3-1 |