php5 removed from unstable

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@47974 e39458fd-73e7-0310-bf30-c45bca0a0e42

11 files changed, 52 insertions, 52 deletions

diff --git a/data/CVE/2006.list b/data/CVE/2006.list
index b27f699614..746ce437ac 100644
--- a/data/CVE/2006.list
+++ b/data/CVE/2006.list
@@ -151,7 +151,7 @@ CVE-2006-XXXX [Owl Intranet Engine multiple cross-site scripting, SQL-injection]
 	- owl-dms 0.94-1 (medium; bug #416296)
 CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...)
 	- php4 <removed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: local DoS when Apache memory limit is set high
 CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement safemode ...)
 	- php4 <removed> (unimportant)
@@ -1981,7 +1981,7 @@ CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tr
 CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...)
 	NOT-FOR-US: abitwhizzy.php
 CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	- php4 <removed> (unimportant)
 	NOTE: safe-mode and basedir violations not treated as security issues
 CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...)
@@ -7191,7 +7191,7 @@ CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and .
 CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through ...)
 	- festalon <not-affected> (vuln. code introduced in 0.5.0)
 CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...)
-	- php5 <unfixed> (unimportant; bug #382257)
+	- php5 <removed> (unimportant; bug #382257)
 	- php4 <removed> (unimportant; bug #382270)
 	NOTE: Not every lack of protection of programmer's flaws is a vulnerability
 	NOTE: See notes by Sean for details
@@ -14314,7 +14314,7 @@ CVE-2006-0933 (Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows rem
 CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...)
 	NOT-FOR-US: zip.lib.php
 CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...)
-	- php5 <unfixed> (bug #368545; unimportant)
+	- php5 <removed> (bug #368545; unimportant)
 	- php4 <removed> (bug #368545; unimportant)
 	NOTE: is this really a vulnerability in pear?  it seems it should be a bug
 	NOTE: in any application not checking for such archives.
diff --git a/data/CVE/2007.list b/data/CVE/2007.list
index 888180cac3..8a5f4d4938 100644
--- a/data/CVE/2007.list
+++ b/data/CVE/2007.list
@@ -3156,7 +3156,7 @@ CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire Acti
 	NOT-FOR-US: ActiveKB NX
 CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to ...)
 	- php4 <removed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: if the function is blacklisted but not its alias it is a configuration
 	NOTE: issue of the site not a vulnerability in php
 CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ...)
@@ -4465,7 +4465,7 @@ CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier
 CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX ...)
 	NOT-FOR-US: Microsoft Visual Studio
 CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: basedir and safemode not supported
 CVE-2007-4888 (The &quot;You are not allowed...&quot; error handler in XWiki 1.0 B1 and 1.0 B2 ...)
 	NOT-FOR-US: Xwiki
@@ -5177,7 +5177,7 @@ CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of &quot;12345&quot; f
 CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...)
 	NOT-FOR-US: SunShop Shopping Cart
 CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Safe mode violations not treated as vulnerabilities
 CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...)
 	NOT-FOR-US: Mayaa
@@ -5975,7 +5975,7 @@ CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow
 CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...)
 	NOT-FOR-US: YNP Portal System
 CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	- php4 <removed> (unimportant)
 	NOTE: Only exploitable by malicious script
 CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL ...)
@@ -8241,7 +8241,7 @@ CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web ...)
 CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...)
 	NOT-FOR-US: YaBB
 CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy extension ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Only exploitable by malicious script
 CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...)
 	NOT-FOR-US: LiveCMS
@@ -8453,7 +8453,7 @@ CVE-2007-3206
 	RESERVED
 CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...)
 	- php4 <removed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: That's by design
 CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...)
 	NOTE: This is an jffnms ID, which has been wrongly reported by an external party,
@@ -11550,7 +11550,7 @@ CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW func
 	NOT-FOR-US: Akamai
 CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
 	- php4 <removed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: local code execution only, possibly only on FreeBSD
 CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
 	{DSA-1283-1 DTSA-39-1}
@@ -11573,7 +11573,7 @@ CVE-2007-1884 (Multiple integer signedness errors in the printf function family
 	NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
 CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
 	- php4 <removed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Only triggerable by malicious script
 CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...)
 	NOT-FOR-US: HP Mercury Quality Center
@@ -11693,7 +11693,7 @@ CVE-2007-1836 (The command line administration interface in Data Domain OS befor
 	NOT-FOR-US: Data Domain OS
 CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...)
 	- php4 <removed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: open_basedir bypasses not supported
 CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...)
 	NOT-FOR-US: Cisco
@@ -11984,7 +11984,7 @@ CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.
 	NOTE: register_globals not supported
 CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
 	- php4 <removed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Safe mode violations not supported, insufficient measure
 CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...)
 	NOT-FOR-US: PECL phpDOC
@@ -12292,11 +12292,11 @@ CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 th
 	- php5 5.2.0-11 (medium)
 	- php4 <removed> (medium)
 CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	- php4 <removed> (unimportant)
 	NOTE: Only triggerable by malicious script
 CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Only triggerable by malicious script
 CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...)
 	NOT-FOR-US: FTPDMIN
@@ -12698,7 +12698,7 @@ CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine
 	NOT-FOR-US: Coppermine Photo Gallery
 CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...)
 	- php4 <removed> (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Only triggerable by malicious script
 CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...)
 	- php4 <not-affected> (cpdf extension not enabled in binary build)
@@ -14994,7 +14994,7 @@ CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomca
 CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve ...)
 	NOT-FOR-US: CA BrightStor
 CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: open_basedir bypasses not supported
 CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple ...)
 	NOT-FOR-US: Symantec
diff --git a/data/CVE/2008.list b/data/CVE/2008.list
index 9ceaa19438..167ebc2010 100644
--- a/data/CVE/2008.list
+++ b/data/CVE/2008.list
@@ -4845,7 +4845,7 @@ CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and possibl
 	{DSA-1672-1}
 	- imlib2 1.4.0-1.2 (bug #505714)
 CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: http://securityreason.com/achievement_securityalert/57
 CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might allow ...)
 	- mailscanner 4.74.16-1 (bug #506353)
@@ -7366,7 +7366,7 @@ CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM
 CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...)
 	NOT-FOR-US: Microsoft
 CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...)
-	- php5 <unfixed> (unimportant; bug #500087)
+	- php5 <removed> (unimportant; bug #500087)
 	NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong
 	NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
 CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...)
@@ -10967,7 +10967,7 @@ CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow rem
 CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...)
 	NOT-FOR-US: yBlog
 CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: safe mode not supported
 CVE-2008-2665 (Directory traversal vulnerability in the posix_access function in PHP ...)
 	- php5 5.2.6.dfsg.1-3 (unimportant)
diff --git a/data/CVE/2009.list b/data/CVE/2009.list
index 23f433f402..3b277eb000 100644
--- a/data/CVE/2009.list
+++ b/data/CVE/2009.list
@@ -1647,7 +1647,7 @@ CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP Applicatio
 CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...)
 	NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets
 CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Only exploitable by malicious script, not treated as a security issue
 	NOTE: per Debian PHP security policy
 CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend ...)
@@ -4164,7 +4164,7 @@ CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0
 	- vnc4 <not-affected> (Not affected, see bug #560949)
 	- xotcl <not-affected> (Vulnerable code not present in embedded Expat copy)
 CVE-2009-3559 (** DISPUTED ** ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: safe_mode regression
 CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ...)
 	- php5 5.2.12.dfsg.1-1 (unimportant)
diff --git a/data/CVE/2010.list b/data/CVE/2010.list
index 65844b99d2..5c567bd433 100644
--- a/data/CVE/2010.list
+++ b/data/CVE/2010.list
@@ -5825,13 +5825,13 @@ CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the
 CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel before ...)
 	- linux-2.6 2.6.23-1
 CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: mysqlnd not used in squeeze/sid
 CVE-2010-3063 (The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: mysqlnd not used in squeeze/sid
 CVE-2010-3062 (mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: mysqlnd not used in squeeze/sid
 CVE-2010-3061 (Unspecified vulnerability in the message-protocol implementation in ...)
 	NOT-FOR-US: Tivoli
@@ -7982,7 +7982,7 @@ CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack funct
 	- php5 5.3.3-1 (unimportant)
 	NOTE: Only triggerable through malicious script
 CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Only triggerable through malicious script
 CVE-2010-2189 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
 	NOT-FOR-US: Adobe Flash
@@ -8175,17 +8175,17 @@ CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in ...)
 CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers to ...)
 	NOT-FOR-US: Webby Webserver
 CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Only triggerable through malicious script
 CVE-2010-2100 (The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Only triggerable through malicious script
 CVE-2010-2099 (bbcode/php.bb in e107 0.7.20 and earlier does not perform access ...)
 	NOT-FOR-US: e107
 CVE-2010-2098 (Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 ...)
 	NOT-FOR-US: e107
 CVE-2010-2097 (The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Only triggerable through malicious script
 CVE-2010-2096 (Directory traversal vulnerability in index.php in CMSQlite 1.2 and ...)
 	NOT-FOR-US: CMSQlite
@@ -8715,9 +8715,9 @@ CVE-2010-1916 (The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Be
 	- openacs <not-affected> (Doesn't use the PHP interface, see bug #585163)
 	- dotlrn <not-affected> (Doesn't use the PHP interface, see bug #585164)
 CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application ...)
 	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
 CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...)
@@ -8728,7 +8728,7 @@ CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript
 	- ghostscript 8.71~dfsg-4
 	NOTE: http://www.openwall.com/lists/oss-security/2010/05/11/3
 CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 CVE-2010-1867 (SQL injection vulnerability in the ...)
 	NOT-FOR-US: Campsite
 CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...)
@@ -8741,9 +8741,9 @@ CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 throug
 CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...)
 	NOT-FOR-US: ClanTiger
 CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...)
 	- php5 5.3.3-1 (unimportant)
 CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and ...)
diff --git a/data/CVE/2012.list b/data/CVE/2012.list
index b5fcac0908..9a64bd30f1 100644
--- a/data/CVE/2012.list
+++ b/data/CVE/2012.list
@@ -8398,7 +8398,7 @@ CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote atta
 	{DSA-2503-1}
 	- bcfg2 1.2.2-2 (bug #679272)
 CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote attackers ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: open_basedir not supported
 CVE-2012-3364 (Multiple stack-based buffer overflows in the Near Field Communication ...)
 	- linux 3.2.23-1
@@ -13631,7 +13631,7 @@ CVE-2012-1172 (The file-upload implementation in rfc1867.c in PHP before 5.4.0 d
 	{DSA-2465-1}
 	- php5 5.4.0-1 (bug #663760)
 CVE-2012-1171 (The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: according to php's security statement, safemode bypass issues are not treated as security-relevant
 CVE-2012-1170
 	RESERVED
diff --git a/data/CVE/2013.list b/data/CVE/2013.list
index eb01ba2953..4c1915c628 100644
--- a/data/CVE/2013.list
+++ b/data/CVE/2013.list
@@ -2675,7 +2675,7 @@ CVE-2013-6503
 CVE-2013-6502
 	RESERVED
 CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Rendererd unexpoitable by kernel level hardening for tmp races
 CVE-2013-6500
 	REJECTED
@@ -9988,7 +9988,7 @@ CVE-2013-3737 (The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in
 CVE-2013-3736 (Cross-site scripting (XSS) vulnerability in the MobileUI (aka ...)
 	NOT-FOR-US: Request Tracker extension MobileUI
 CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: exploitable by malicious scripts only
 CVE-2013-3734 [Datasource password visible to administrator]
 	RESERVED
diff --git a/data/CVE/2014.list b/data/CVE/2014.list
index d289bbf924..30d395f4c8 100644
--- a/data/CVE/2014.list
+++ b/data/CVE/2014.list
@@ -1908,7 +1908,7 @@ CVE-2014-9497 [Buffer overflow]
 	[squeeze] - mpg123 <not-affected> (Introduced in 1.14.1)
 	NOTE: http://sourceforge.net/p/mpg123/bugs/201/
 CVE-2014-9425 (Double free vulnerability in the zend_ts_hash_graceful_destroy ...)
-	- php5 <unfixed> (unimportant; bug #774154)
+	- php5 <removed> (unimportant; bug #774154)
 	NOTE: php5 binary packages not built with --with-maintainer-zts
 CVE-2014-9424 (Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext ...)
 	- libressl <itp> (bug #754513)
@@ -11824,7 +11824,7 @@ CVE-2014-5464 (Cross-site scripting (XSS) vulnerability in the nDPI traffic ...)
 	- ntopng 1.2.1+dfsg1-1 (bug #760990)
 	NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
 CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...)
-	- php5 <unfixed> (low; bug #682157; bug #759282)
+	- php5 <removed> (low; bug #682157; bug #759282)
 	[jessie] - php5 <no-dsa> (Minor issue)
 	[wheezy] - php5 <no-dsa> (Minor issue)
 	[squeeze] - php5 <no-dsa> (Minor issue)
diff --git a/data/CVE/2015.list b/data/CVE/2015.list
index d905c8926a..33ddf6384f 100644
--- a/data/CVE/2015.list
+++ b/data/CVE/2015.list
@@ -4855,7 +4855,7 @@ CVE-2015-7674 (Integer overflow in the pixops_scale_nearest function in ...)
 	- gtk+2.0 2.21.5-1
 	NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf
 CVE-2015-XXXX [trivial hash complexity DoS attack]
-	- php5 <unfixed> (bug #800564)
+	- php5 <removed> (bug #800564)
 	[jessie] - php5 <no-dsa> (Too intrusive to backport)
 	[wheezy] - php5 <no-dsa> (Too intrusive to backport)
 	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
diff --git a/data/CVE/2016.list b/data/CVE/2016.list
index d7301c83c6..397c6cf1b9 100644
--- a/data/CVE/2016.list
+++ b/data/CVE/2016.list
@@ -607,7 +607,7 @@ CVE-2016-9936 (The unserialize implementation in ext/standard/var.c in PHP 7.x b
 CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before ...)
 	{DSA-3737-1}
 	- php7.0 7.0.14-1
-	- php5 <unfixed>
+	- php5 <removed>
 	NOTE: Fixed in PHP 5.6.29 and 7.0.14
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73631
 	NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
@@ -615,7 +615,7 @@ CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP befo
 CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows ...)
 	{DSA-3732-1}
 	- php7.0 7.0.13-1
-	- php5 <unfixed>
+	- php5 <removed>
 	NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73331
 	NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
@@ -629,7 +629,7 @@ CVE-2016-9933 (Stack consumption vulnerability in the gdImageFillToBorder functi
 	NOTE: Scope of CVE is only the missing "color < 0" test in older versions.
 	NOTE: GD release info: https://libgd.github.io/release-2.2.2.html
 	- php7.0 7.0.13-1 (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72696
 	NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
@@ -4644,13 +4644,13 @@ CVE-2016-8860 (Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal
 CVE-2016-9138 (PHP through 5.6.27 and 7.x through 7.0.12 mishandles property ...)
 	{DSA-3732-1}
 	- php7.0 7.0.12-1
-	- php5 <unfixed>
+	- php5 <removed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
 	NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/7
 CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ...)
 	{DSA-3698-1}
 	- php7.0 7.0.12-1
-	- php5 <unfixed>
+	- php5 <removed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
 	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
 	NOTE: NOTE: Fixed in 7.0.12, 5.6.27
@@ -7770,7 +7770,7 @@ CVE-2016-7568 (Integer overflow in the gdImageWebpCtx function in gd_webp.c in t
 	NOTE: libgd bug: https://github.com/libgd/libgd/issues/308
 	NOTE: Fixed by: https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f
 	- php7.0 7.0.12-1 (unimportant)
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	[jessie] - php5 5.6.27+dfsg-0+deb8u1
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73003
 	NOTE: https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
@@ -7946,11 +7946,11 @@ CVE-2016-7480 (The SplObjectStorage unserialize implementation in ...)
 	NOTE: Fixed in 7.0.12
 CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, resizing ...)
 	- php7.0 <unfixed>
-	- php5 <unfixed>
+	- php5 <removed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092
 CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x ...)
 	- php7.0 <unfixed>
-	- php5 <unfixed>
+	- php5 <removed>
 	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093
 CVE-2016-7477
 	RESERVED
@@ -15868,7 +15868,7 @@ CVE-2016-5116 (gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as
 	NOTE: Fixed by: https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 (gd-2.2.0)
 	NOTE: Introduced by: https://github.com/libgd/libgd/commit/decf4407d41230fc54dea8058bf887a2696fd4c2 (gd-2.1.0-alpha1)
 	NOTE: https://github.com/libgd/libgd/issues/211
-	- php5 <unfixed> (unimportant)
+	- php5 <removed> (unimportant)
 	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72115
 	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
 	NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3
diff --git a/data/CVE/2017.list b/data/CVE/2017.list
index e65f316efd..2fc6e96098 100644
--- a/data/CVE/2017.list
+++ b/data/CVE/2017.list
@@ -792,7 +792,7 @@ CVE-2017-5208 [wrestool: exploitable crash]
 	NOTE: http://www.openwall.com/lists/oss-security/2017/01/08/1
 CVE-2017-5340 (Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles ...)
 	- php7.0 <unfixed> (bug #850158)
-	- php5 <unfixed>
+	- php5 <removed>
 	NOTE: https://bugs.php.net/bug.php?id=73832
 CVE-2017-5004
 	RESERVED