diff options
author | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-23 19:39:08 +0200 |
---|---|---|
committer | Salvatore Bonaccorso <carnil@debian.org> | 2020-08-23 19:39:08 +0200 |
commit | 41d7c650ad0ab35118aa07356d72df26fa66f0e0 (patch) | |
tree | 3624f86c05e5950f1b0a1def3056ab2874e410c9 /data/CVE/2016.list | |
parent | 8b03458cc1e9bf5f12d4980c7f9e50e13d3ec43d (diff) |
Replace git.php.net HTTP URLs with HTTPS URLs
Diffstat (limited to 'data/CVE/2016.list')
-rw-r--r-- | data/CVE/2016.list | 48 |
1 files changed, 24 insertions, 24 deletions
diff --git a/data/CVE/2016.list b/data/CVE/2016.list index e95d3db79c..2e0e2178e1 100644 --- a/data/CVE/2016.list +++ b/data/CVE/2016.list @@ -1591,7 +1591,7 @@ CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling o [jessie] - php5 5.6.28+dfsg-0+deb8u1 NOTE: PHP bug: https://bugs.php.net/bug.php?id=73192 NOTE: Fixed in 7.1.0, 7.0.13, 5.6.28 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4 NOTE: http://openwall.com/lists/oss-security/2017/07/10/6 CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...) {DLA-1044-1} @@ -7165,7 +7165,7 @@ CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ex - php5 <removed> [wheezy] - php5 <not-affected> (Vulnerable code not present in version 5.4.45) NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f NOTE: Fixed in 7.0.12, 5.6.27 NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/1 CVE-2016-8673 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (incl ...) @@ -10446,8 +10446,8 @@ CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, res NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72610 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092 NOTE: Fixed in 7.0.15 - NOTE: PHP 5.x/7.x: http://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0 - NOTE: PHP 7.x: http://git.php.net/?p=php-src.git;a=commit;h=b47c49d7a00bc34d7e0f3d72732f66e904da6fa7 + NOTE: PHP 5.x/7.x: https://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0 + NOTE: PHP 7.x: https://git.php.net/?p=php-src.git;a=commit;h=b47c49d7a00bc34d7e0f3d72732f66e904da6fa7 NOTE: The change is in 5.6+, even though the property table issue only affects NOTE: PHP 7, because this also prevents a wide range of other __wakeup() based NOTE: attacks. @@ -10457,7 +10457,7 @@ CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x - php7.0 7.0.13-1 - php5 <removed> NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093 - NOTE: Patch for 5.6.x: http://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (5.6.28) + NOTE: Patch for 5.6.x: https://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (5.6.28) NOTE: backported patch for 5.4: https://lists.debian.org/87efysy07p.fsf@curie.anarc.at CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 al ...) - libav <removed> (unimportant) @@ -14214,14 +14214,14 @@ CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ext/zip - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72520 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6296 (Integer signedness error in the simplestring_addn function in simplest ...) {DSA-3631-1 DLA-2011-1 DLA-628-1 DLA-569-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72606 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 - xmlrpc-epi 0.54.2-1.2 (bug #832959) NOTE: In stretch/sid php7.0 is using the system library not the embedded one. @@ -14230,14 +14230,14 @@ CVE-2016-6295 (ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7. - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72479 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6294 (The locale_accept_from_http function in ext/intl/locale/locale_methods ...) {DSA-3631-1 DLA-628-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72533 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6293 (The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in Interna ...) {DSA-3725-1 DLA-615-1} @@ -14251,28 +14251,28 @@ CVE-2016-6292 (The exif_process_user_comment function in ext/exif/exif.c in PHP - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72618 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6291 (The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP b ...) {DSA-3631-1 DLA-628-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72603 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6290 (ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7 ...) {DSA-3631-1 DLA-628-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72562 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6289 (Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_ ...) {DSA-3631-1 DLA-628-1} - php7.0 7.0.9-1 - php5 5.6.24+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/72513 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87 NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38 CVE-2016-6271 (The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows man-in-the- ...) - bzrtp 1.0.2-1.2 (bug #859277) @@ -15950,42 +15950,42 @@ CVE-2016-5773 (php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before - php7.0 7.0.8-1 - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6 NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5772 (Double free vulnerability in the php_wddx_process_data function in wdd ...) {DSA-3618-1 DLA-628-1} - php7.0 7.0.8-1 - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5771 (spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...) {DSA-3618-1 DLA-628-1} - php7.0 <not-affected> (Does not affect PHP 7.x) - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c NOTE: Fixed in 5.5.37, 5.6.23 CVE-2016-5770 (Integer overflow in the SplFileObject::fread function in spl_directory ...) {DSA-3618-1 DLA-628-1} - php7.0 7.0.8-1 - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5769 (Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...) {DSA-3618-1 DLA-628-1} - php7.0 7.0.8-1 - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0 NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5768 (Double free vulnerability in the _php_mb_regex_ereg_replace_exec funct ...) {DSA-3618-1 DLA-628-1} - php7.0 7.0.8-1 - php5 5.6.23+dfsg-1 NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62 NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 CVE-2016-5767 (Integer overflow in the gdImageCreate function in gd.c in the GD Graph ...) - php7.0 7.0.8-1 (unimportant) @@ -15993,7 +15993,7 @@ CVE-2016-5767 (Integer overflow in the gdImageCreate function in gd.c in the GD [jessie] - php5 5.6.23+dfsg-0+deb8u1 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72446 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6 NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 - libgd2 2.0.34~rc1-1 NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (GD_2_0_34RC1) @@ -16004,7 +16004,7 @@ CVE-2016-5766 (Integer overflow in the _gd2GetHeader function in gd_gd2.c in the [jessie] - php5 5.6.23+dfsg-0+deb8u1 NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72339 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8 - libgd2 2.2.2-29-g3c2b605-1 (bug #829014) NOTE: https://github.com/libgd/libgd/issues/243 @@ -20092,7 +20092,7 @@ CVE-2016-4473 (/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote atta NOTE: The issue was introduced as part CVE-2015-6833, which was applied upstream NOTE: in versions 5.4.44, 5.5.28, and 5.6.12. NOTE: https://bugs.php.net/bug.php?id=72321 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d144590d38fa321b46b8e199c754006318985c84 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=d144590d38fa321b46b8e199c754006318985c84 NOTE: Fixed in 5.6.23 CVE-2016-4472 (The overflow protection in Expat is removed by compilers with certain ...) {DSA-3582-1 DLA-483-1} @@ -23481,7 +23481,7 @@ CVE-2016-3133 CVE-2016-3132 (Double free vulnerability in the SplDoublyLinkedList::offsetSet functi ...) - php7.0 7.0.6-1 NOTE: https://bugs.php.net/bug.php?id=71735 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5 CVE-2016-3131 (Cloudera CDH before 5.6.1 allows authorization bypass via direct inter ...) NOT-FOR-US: Cloudera CVE-2016-3130 (An information disclosure vulnerability in the Core and Management Con ...) @@ -26072,7 +26072,7 @@ CVE-2016-XXXX [Integer overflow in iptcembed()] NOTE: temporary workaround until CVE assigned to explitly tag for squeeze NOTE: https://bugs.php.net/bug.php?id=71459 NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305518 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886 NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3 - hhvm 3.12.1+dfsg-1 NOTE: https://github.com/facebook/hhvm/commit/381702ffbfdae170ba3fff97d6cc1b9c69666854 |