diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2017-01-13 13:29:07 +0000 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2017-01-13 13:29:07 +0000 |
commit | 451b3fe2b5f71947ab11c3b363354b946121525d (patch) | |
tree | 55420dc820ec73488040bfaf06c4b6d0fd7f3b92 | |
parent | 4a4b06017bb51222fdfccb5c2356ee9539e4f1a0 (diff) |
php5 removed from unstable
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@47974 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | data/CVE/2006.list | 8 | ||||
-rw-r--r-- | data/CVE/2007.list | 28 | ||||
-rw-r--r-- | data/CVE/2008.list | 6 | ||||
-rw-r--r-- | data/CVE/2009.list | 4 | ||||
-rw-r--r-- | data/CVE/2010.list | 24 | ||||
-rw-r--r-- | data/CVE/2012.list | 4 | ||||
-rw-r--r-- | data/CVE/2013.list | 4 | ||||
-rw-r--r-- | data/CVE/2014.list | 4 | ||||
-rw-r--r-- | data/CVE/2015.list | 2 | ||||
-rw-r--r-- | data/CVE/2016.list | 18 | ||||
-rw-r--r-- | data/CVE/2017.list | 2 |
11 files changed, 52 insertions, 52 deletions
diff --git a/data/CVE/2006.list b/data/CVE/2006.list index b27f699614..746ce437ac 100644 --- a/data/CVE/2006.list +++ b/data/CVE/2006.list @@ -151,7 +151,7 @@ CVE-2006-XXXX [Owl Intranet Engine multiple cross-site scripting, SQL-injection] - owl-dms 0.94-1 (medium; bug #416296) CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: local DoS when Apache memory limit is set high CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement safemode ...) - php4 <removed> (unimportant) @@ -1981,7 +1981,7 @@ CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tr CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...) NOT-FOR-US: abitwhizzy.php CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) - php4 <removed> (unimportant) NOTE: safe-mode and basedir violations not treated as security issues CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...) @@ -7191,7 +7191,7 @@ CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and . CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through ...) - festalon <not-affected> (vuln. code introduced in 0.5.0) CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...) - - php5 <unfixed> (unimportant; bug #382257) + - php5 <removed> (unimportant; bug #382257) - php4 <removed> (unimportant; bug #382270) NOTE: Not every lack of protection of programmer's flaws is a vulnerability NOTE: See notes by Sean for details @@ -14314,7 +14314,7 @@ CVE-2006-0933 (Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows rem CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...) NOT-FOR-US: zip.lib.php CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...) - - php5 <unfixed> (bug #368545; unimportant) + - php5 <removed> (bug #368545; unimportant) - php4 <removed> (bug #368545; unimportant) NOTE: is this really a vulnerability in pear? it seems it should be a bug NOTE: in any application not checking for such archives. diff --git a/data/CVE/2007.list b/data/CVE/2007.list index 888180cac3..8a5f4d4938 100644 --- a/data/CVE/2007.list +++ b/data/CVE/2007.list @@ -3156,7 +3156,7 @@ CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire Acti NOT-FOR-US: ActiveKB NX CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: if the function is blacklisted but not its alias it is a configuration NOTE: issue of the site not a vulnerability in php CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ...) @@ -4465,7 +4465,7 @@ CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX ...) NOT-FOR-US: Microsoft Visual Studio CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: basedir and safemode not supported CVE-2007-4888 (The "You are not allowed..." error handler in XWiki 1.0 B1 and 1.0 B2 ...) NOT-FOR-US: Xwiki @@ -5177,7 +5177,7 @@ CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of "12345" f CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...) NOT-FOR-US: SunShop Shopping Cart CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Safe mode violations not treated as vulnerabilities CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...) NOT-FOR-US: Mayaa @@ -5975,7 +5975,7 @@ CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...) NOT-FOR-US: YNP Portal System CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) - php4 <removed> (unimportant) NOTE: Only exploitable by malicious script CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL ...) @@ -8241,7 +8241,7 @@ CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web ...) CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...) NOT-FOR-US: YaBB CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy extension ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only exploitable by malicious script CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...) NOT-FOR-US: LiveCMS @@ -8453,7 +8453,7 @@ CVE-2007-3206 RESERVED CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: That's by design CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...) NOTE: This is an jffnms ID, which has been wrongly reported by an external party, @@ -11550,7 +11550,7 @@ CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW func NOT-FOR-US: Akamai CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: local code execution only, possibly only on FreeBSD CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...) {DSA-1283-1 DTSA-39-1} @@ -11573,7 +11573,7 @@ CVE-2007-1884 (Multiple integer signedness errors in the printf function family NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9 CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...) NOT-FOR-US: HP Mercury Quality Center @@ -11693,7 +11693,7 @@ CVE-2007-1836 (The command line administration interface in Data Domain OS befor NOT-FOR-US: Data Domain OS CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: open_basedir bypasses not supported CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...) NOT-FOR-US: Cisco @@ -11984,7 +11984,7 @@ CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4. NOTE: register_globals not supported CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Safe mode violations not supported, insufficient measure CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...) NOT-FOR-US: PECL phpDOC @@ -12292,11 +12292,11 @@ CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 th - php5 5.2.0-11 (medium) - php4 <removed> (medium) CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) - php4 <removed> (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...) NOT-FOR-US: FTPDMIN @@ -12698,7 +12698,7 @@ CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine NOT-FOR-US: Coppermine Photo Gallery CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...) - php4 <removed> (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only triggerable by malicious script CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...) - php4 <not-affected> (cpdf extension not enabled in binary build) @@ -14994,7 +14994,7 @@ CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomca CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve ...) NOT-FOR-US: CA BrightStor CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: open_basedir bypasses not supported CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple ...) NOT-FOR-US: Symantec diff --git a/data/CVE/2008.list b/data/CVE/2008.list index 9ceaa19438..167ebc2010 100644 --- a/data/CVE/2008.list +++ b/data/CVE/2008.list @@ -4845,7 +4845,7 @@ CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and possibl {DSA-1672-1} - imlib2 1.4.0-1.2 (bug #505714) CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: http://securityreason.com/achievement_securityalert/57 CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might allow ...) - mailscanner 4.74.16-1 (bug #506353) @@ -7366,7 +7366,7 @@ CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...) NOT-FOR-US: Microsoft CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...) - - php5 <unfixed> (unimportant; bug #500087) + - php5 <removed> (unimportant; bug #500087) NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...) @@ -10967,7 +10967,7 @@ CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow rem CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...) NOT-FOR-US: yBlog CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: safe mode not supported CVE-2008-2665 (Directory traversal vulnerability in the posix_access function in PHP ...) - php5 5.2.6.dfsg.1-3 (unimportant) diff --git a/data/CVE/2009.list b/data/CVE/2009.list index 23f433f402..3b277eb000 100644 --- a/data/CVE/2009.list +++ b/data/CVE/2009.list @@ -1647,7 +1647,7 @@ CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP Applicatio CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...) NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only exploitable by malicious script, not treated as a security issue NOTE: per Debian PHP security policy CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend ...) @@ -4164,7 +4164,7 @@ CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0 - vnc4 <not-affected> (Not affected, see bug #560949) - xotcl <not-affected> (Vulnerable code not present in embedded Expat copy) CVE-2009-3559 (** DISPUTED ** ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: safe_mode regression CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ...) - php5 5.2.12.dfsg.1-1 (unimportant) diff --git a/data/CVE/2010.list b/data/CVE/2010.list index 65844b99d2..5c567bd433 100644 --- a/data/CVE/2010.list +++ b/data/CVE/2010.list @@ -5825,13 +5825,13 @@ CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel before ...) - linux-2.6 2.6.23-1 CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: mysqlnd not used in squeeze/sid CVE-2010-3063 (The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: mysqlnd not used in squeeze/sid CVE-2010-3062 (mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: mysqlnd not used in squeeze/sid CVE-2010-3061 (Unspecified vulnerability in the message-protocol implementation in ...) NOT-FOR-US: Tivoli @@ -7982,7 +7982,7 @@ CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack funct - php5 5.3.3-1 (unimportant) NOTE: Only triggerable through malicious script CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only triggerable through malicious script CVE-2010-2189 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...) NOT-FOR-US: Adobe Flash @@ -8175,17 +8175,17 @@ CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in ...) CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers to ...) NOT-FOR-US: Webby Webserver CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only triggerable through malicious script CVE-2010-2100 (The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only triggerable through malicious script CVE-2010-2099 (bbcode/php.bb in e107 0.7.20 and earlier does not perform access ...) NOT-FOR-US: e107 CVE-2010-2098 (Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 ...) NOT-FOR-US: e107 CVE-2010-2097 (The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Only triggerable through malicious script CVE-2010-2096 (Directory traversal vulnerability in index.php in CMSQlite 1.2 and ...) NOT-FOR-US: CMSQlite @@ -8715,9 +8715,9 @@ CVE-2010-1916 (The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Be - openacs <not-affected> (Doesn't use the PHP interface, see bug #585163) - dotlrn <not-affected> (Doesn't use the PHP interface, see bug #585164) CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application ...) - jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226) CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...) @@ -8728,7 +8728,7 @@ CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript - ghostscript 8.71~dfsg-4 NOTE: http://www.openwall.com/lists/oss-security/2010/05/11/3 CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) CVE-2010-1867 (SQL injection vulnerability in the ...) NOT-FOR-US: Campsite CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...) @@ -8741,9 +8741,9 @@ CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 throug CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...) NOT-FOR-US: ClanTiger CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...) - php5 5.3.3-1 (unimportant) CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and ...) diff --git a/data/CVE/2012.list b/data/CVE/2012.list index b5fcac0908..9a64bd30f1 100644 --- a/data/CVE/2012.list +++ b/data/CVE/2012.list @@ -8398,7 +8398,7 @@ CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote atta {DSA-2503-1} - bcfg2 1.2.2-2 (bug #679272) CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote attackers ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: open_basedir not supported CVE-2012-3364 (Multiple stack-based buffer overflows in the Near Field Communication ...) - linux 3.2.23-1 @@ -13631,7 +13631,7 @@ CVE-2012-1172 (The file-upload implementation in rfc1867.c in PHP before 5.4.0 d {DSA-2465-1} - php5 5.4.0-1 (bug #663760) CVE-2012-1171 (The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: according to php's security statement, safemode bypass issues are not treated as security-relevant CVE-2012-1170 RESERVED diff --git a/data/CVE/2013.list b/data/CVE/2013.list index eb01ba2953..4c1915c628 100644 --- a/data/CVE/2013.list +++ b/data/CVE/2013.list @@ -2675,7 +2675,7 @@ CVE-2013-6503 CVE-2013-6502 RESERVED CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Rendererd unexpoitable by kernel level hardening for tmp races CVE-2013-6500 REJECTED @@ -9988,7 +9988,7 @@ CVE-2013-3737 (The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in CVE-2013-3736 (Cross-site scripting (XSS) vulnerability in the MobileUI (aka ...) NOT-FOR-US: Request Tracker extension MobileUI CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: exploitable by malicious scripts only CVE-2013-3734 [Datasource password visible to administrator] RESERVED diff --git a/data/CVE/2014.list b/data/CVE/2014.list index d289bbf924..30d395f4c8 100644 --- a/data/CVE/2014.list +++ b/data/CVE/2014.list @@ -1908,7 +1908,7 @@ CVE-2014-9497 [Buffer overflow] [squeeze] - mpg123 <not-affected> (Introduced in 1.14.1) NOTE: http://sourceforge.net/p/mpg123/bugs/201/ CVE-2014-9425 (Double free vulnerability in the zend_ts_hash_graceful_destroy ...) - - php5 <unfixed> (unimportant; bug #774154) + - php5 <removed> (unimportant; bug #774154) NOTE: php5 binary packages not built with --with-maintainer-zts CVE-2014-9424 (Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext ...) - libressl <itp> (bug #754513) @@ -11824,7 +11824,7 @@ CVE-2014-5464 (Cross-site scripting (XSS) vulnerability in the nDPI traffic ...) - ntopng 1.2.1+dfsg1-1 (bug #760990) NOTE: http://seclists.org/fulldisclosure/2014/Aug/65 CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...) - - php5 <unfixed> (low; bug #682157; bug #759282) + - php5 <removed> (low; bug #682157; bug #759282) [jessie] - php5 <no-dsa> (Minor issue) [wheezy] - php5 <no-dsa> (Minor issue) [squeeze] - php5 <no-dsa> (Minor issue) diff --git a/data/CVE/2015.list b/data/CVE/2015.list index d905c8926a..33ddf6384f 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -4855,7 +4855,7 @@ CVE-2015-7674 (Integer overflow in the pixops_scale_nearest function in ...) - gtk+2.0 2.21.5-1 NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf CVE-2015-XXXX [trivial hash complexity DoS attack] - - php5 <unfixed> (bug #800564) + - php5 <removed> (bug #800564) [jessie] - php5 <no-dsa> (Too intrusive to backport) [wheezy] - php5 <no-dsa> (Too intrusive to backport) [squeeze] - php5 <no-dsa> (Too intrusive to backport) diff --git a/data/CVE/2016.list b/data/CVE/2016.list index d7301c83c6..397c6cf1b9 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -607,7 +607,7 @@ CVE-2016-9936 (The unserialize implementation in ext/standard/var.c in PHP 7.x b CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before ...) {DSA-3737-1} - php7.0 7.0.14-1 - - php5 <unfixed> + - php5 <removed> NOTE: Fixed in PHP 5.6.29 and 7.0.14 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73631 NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0 @@ -615,7 +615,7 @@ CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP befo CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows ...) {DSA-3732-1} - php7.0 7.0.13-1 - - php5 <unfixed> + - php5 <removed> NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73331 NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d @@ -629,7 +629,7 @@ CVE-2016-9933 (Stack consumption vulnerability in the gdImageFillToBorder functi NOTE: Scope of CVE is only the missing "color < 0" test in older versions. NOTE: GD release info: https://libgd.github.io/release-2.2.2.html - php7.0 7.0.13-1 (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72696 NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1 @@ -4644,13 +4644,13 @@ CVE-2016-8860 (Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal CVE-2016-9138 (PHP through 5.6.27 and 7.x through 7.0.12 mishandles property ...) {DSA-3732-1} - php7.0 7.0.12-1 - - php5 <unfixed> + - php5 <removed> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147 NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/7 CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ...) {DSA-3698-1} - php7.0 7.0.12-1 - - php5 <unfixed> + - php5 <removed> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147 NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f NOTE: NOTE: Fixed in 7.0.12, 5.6.27 @@ -7770,7 +7770,7 @@ CVE-2016-7568 (Integer overflow in the gdImageWebpCtx function in gd_webp.c in t NOTE: libgd bug: https://github.com/libgd/libgd/issues/308 NOTE: Fixed by: https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f - php7.0 7.0.12-1 (unimportant) - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) [jessie] - php5 5.6.27+dfsg-0+deb8u1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73003 NOTE: https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6 @@ -7946,11 +7946,11 @@ CVE-2016-7480 (The SplObjectStorage unserialize implementation in ...) NOTE: Fixed in 7.0.12 CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, resizing ...) - php7.0 <unfixed> - - php5 <unfixed> + - php5 <removed> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092 CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x ...) - php7.0 <unfixed> - - php5 <unfixed> + - php5 <removed> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093 CVE-2016-7477 RESERVED @@ -15868,7 +15868,7 @@ CVE-2016-5116 (gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as NOTE: Fixed by: https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 (gd-2.2.0) NOTE: Introduced by: https://github.com/libgd/libgd/commit/decf4407d41230fc54dea8058bf887a2696fd4c2 (gd-2.1.0-alpha1) NOTE: https://github.com/libgd/libgd/issues/211 - - php5 <unfixed> (unimportant) + - php5 <removed> (unimportant) NOTE: PHP bug: https://bugs.php.net/bug.php?id=72115 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3 diff --git a/data/CVE/2017.list b/data/CVE/2017.list index e65f316efd..2fc6e96098 100644 --- a/data/CVE/2017.list +++ b/data/CVE/2017.list @@ -792,7 +792,7 @@ CVE-2017-5208 [wrestool: exploitable crash] NOTE: http://www.openwall.com/lists/oss-security/2017/01/08/1 CVE-2017-5340 (Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles ...) - php7.0 <unfixed> (bug #850158) - - php5 <unfixed> + - php5 <removed> NOTE: https://bugs.php.net/bug.php?id=73832 CVE-2017-5004 RESERVED |