From 41d7c650ad0ab35118aa07356d72df26fa66f0e0 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Sun, 23 Aug 2020 19:39:08 +0200 Subject: Replace git.php.net HTTP URLs with HTTPS URLs --- data/CVE/2015.list | 52 ++++++++++++++++++++++++++-------------------------- 1 file changed, 26 insertions(+), 26 deletions(-) (limited to 'data/CVE/2015.list') diff --git a/data/CVE/2015.list b/data/CVE/2015.list index d8754d335f..b724f87810 100644 --- a/data/CVE/2015.list +++ b/data/CVE/2015.list @@ -1761,7 +1761,7 @@ CVE-2015-8866 (ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, NOTE: https://bugs.php.net/bug.php?id=64938 NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817 NOTE: http://framework.zend.com/security/advisory/ZF2015-06 -> Relation to CVE-2015-5161 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9 NOTE: Fixed in 5.6.6, 5.5.22 NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8 CVE-2015-8867 (The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in P ...) @@ -1771,7 +1771,7 @@ CVE-2015-8867 (The openssl_random_pseudo_bytes function in ext/openssl/openssl.c [wheezy] - php5 5.4.44-0+deb7u1 NOTE: https://bugs.php.net/bug.php?id=70014 NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827 NOTE: Fixed in 7.0.0, 5.6.12, 5.5.28, 5.5.44 NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8 CVE-2015-8853 (The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in ...) @@ -1849,7 +1849,7 @@ CVE-2015-8865 (The file_check_mem function in funcs.c in file before 5.23, as us NOTE: http://bugs.gw.com/view.php?id=522 NOTE: https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36 NOTE: https://bugs.php.net/bug.php?id=71527 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e NOTE: PHP fixed in 7.0.5, 5.6.20, 5.5.34 NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7 NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/4e614ba041e24af8351afbb49c92444c0850f23b @@ -2106,7 +2106,7 @@ CVE-2015-XXXX [Type Confusion Vulnerability in PHP_to_XMLRPC_worker()] [jessie] - php5 5.6.17+dfsg-0+deb8u1 [wheezy] - php5 5.4.45-0+deb7u4 NOTE: Workaround entry for DLA-533-1 until CVE is assigned - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f3c1863aa2721343245b63ac7bd68cfdc3dd41f3 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=f3c1863aa2721343245b63ac7bd68cfdc3dd41f3 NOTE: https://bugs.php.net/bug.php?id=70728 NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3 CVE-2015-XXXX [Session WDDX Packet Deserialization Type Confusion Vulnerability] @@ -8992,7 +8992,7 @@ CVE-2015-6673 (Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15 NOTE: https://sourceforge.net/p/libpgf/code/148/ CVE-2015-6527 (The php_str_replace_in_subject function in ext/standard/string.c in PH ...) - php5 (Specific to PHP 7) - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5 NOTE: https://bugs.php.net/bug.php?id=70140 CVE-2015-6521 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS vers ...) NOT-FOR-US: ATutor @@ -11478,13 +11478,13 @@ CVE-2015-5590 (Stack-based buffer overflow in the phar_fix_filepath function in {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69923 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f NOTE: Fixed in 5.6.11, 5.4.43 CVE-2015-5589 (The phar_convert_to_other function in ext/phar/phar_object.c in PHP be ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69958 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf NOTE: Fixed in 5.6.11, 5.4.43 CVE-2015-5536 (Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before 1.04.1 ...) NOT-FOR-US: Belkin router @@ -14117,21 +14117,21 @@ CVE-2015-4645 (Integer overflow in the read_fragment_table_4 function in unsquas CVE-2015-4642 (The escapeshellarg function in ext/standard/exec.c in PHP before 5.4.4 ...) - php5 (Windows specific) NOTE: https://bugs.php.net/bug.php?id=69646 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 CVE-2015-4643 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP b ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42 NOTE: https://bugs.php.net/bug.php?id=69545#1431550655 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 CVE-2015-4644 (The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka pgs ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42 NOTE: https://bugs.php.net/bug.php?id=69667 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64 NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3 CVE-2015-4639 (Cross-site scripting (XSS) vulnerability in opac-addbybiblionumber.pl ...) NOT-FOR-US: Koha @@ -14617,21 +14617,21 @@ CVE-2015-4602 (The __PHP_Incomplete_Class function in ext/standard/incomplete_cl - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1 NOTE: https://bugs.php.net/bug.php?id=69152 CVE-2015-4601 (PHP before 5.6.7 might allow remote attackers to cause a denial of ser ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 NOTE: https://bugs.php.net/bug.php?id=69152 CVE-2015-4600 (The SoapClient implementation in PHP before 5.4.40, 5.5.x before 5.5.2 ...) {DLA-307-1} - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8 NOTE: https://bugs.php.net/bug.php?id=69152 CVE-2015-4599 (The SoapFault::__toString method in ext/soap/soap.c in PHP before 5.4. ...) {DLA-307-1} @@ -14639,7 +14639,7 @@ CVE-2015-4599 (The SoapFault::__toString method in ext/soap/soap.c in PHP before [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 NOTE: https://bugs.php.net/bug.php?id=69152 - NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4 + NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4 CVE-2015-4598 (PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does n ...) {DSA-3344-1 DLA-307-1} - php5 5.6.11+dfsg-1 @@ -15869,7 +15869,7 @@ CVE-2015-4021 (The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5 {DSA-3280-1 DLA-307-1} - php5 5.6.9+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69453 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74 NOTE: http://www.openwall.com/lists/oss-security/2015/05/17/2 and http://www.openwall.com/lists/oss-security/2015/05/18/2 NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9 CVE-2015-3987 (Multiple unquoted Windows search path vulnerabilities in the (1) Clien ...) @@ -17334,8 +17334,8 @@ CVE-2015-3412 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 do - php5 5.6.9+dfsg-1 [jessie] - php5 5.6.9+dfsg-0+deb8u1 [wheezy] - php5 5.4.41-0+deb7u1 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257 NOTE: https://bugs.php.net/bug.php?id=69353 CVE-2015-3411 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does no ...) {DLA-307-1} @@ -17655,7 +17655,7 @@ CVE-2015-3330 (The php_handler function in sapi/apache2handler/sapi_apache2.c in - php5 5.6.7+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69218 NOTE: https://bugs.php.net/bug.php?id=68486 - NOTE: Fixed by: http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7 + NOTE: Fixed by: https://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7 NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/3 NOTE: For details on scope of the CVE assignment: http://www.openwall.com/lists/oss-security/2015/04/17/7 CVE-2015-3319 (Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly ...) @@ -17678,11 +17678,11 @@ CVE-2015-3307 (The phar_parse_metadata function in ext/phar/phar.c in PHP before {DSA-3280-1 DLA-307-1} - php5 5.6.9+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69443 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae CVE-2015-3329 (Multiple stack-based buffer overflows in the phar_set_inode function i ...) {DSA-3280-1 DLA-212-1} - php5 5.6.9+dfsg-1 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c NOTE: https://bugs.php.net/bug.php?id=69441 NOTE: http://www.openwall.com/lists/oss-security/2015/04/16/22 NOTE: Fixed in 5.6.8 and 5.4.40 @@ -19321,7 +19321,7 @@ CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5. {DSA-3280-1 DLA-212-1} - php5 5.6.9+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=69324 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae NOTE: Fixed in 5.6.8 and 5.4.40 CVE-2015-2781 (Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi i ...) NOT-FOR-US: Hotspot Express hotEx Billing Manager @@ -20956,7 +20956,7 @@ CVE-2015-2301 (Use-after-free vulnerability in the phar_rename_archive function {DSA-3198-1 DLA-212-1} - php5 5.6.6+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=68901 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6 CVE-2015-2265 (The remove_bad_chars function in utils/cups-browsed.c in cups-filters ...) - cups-filters 1.0.61-5 (bug #780267) @@ -25669,13 +25669,13 @@ CVE-2015-1352 (The build_tablename function in pgsql.c in the PostgreSQL (aka pg - php5 5.6.6+dfsg-2 (bug #777036) [squeeze] - php5 (vulnerable code (build_tablename()) introduced later) NOTE: https://bugs.php.net/bug.php?id=68741 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e CVE-2015-1351 (Use-after-free vulnerability in the _zend_shared_memdup function in ze ...) - php5 5.6.6+dfsg-2 (bug #777033) [squeeze] - php5 (opcache introduced in 5.5) [wheezy] - php5 (opcache introduced in 5.5) NOTE: https://bugs.php.net/bug.php?id=68677 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115 CVE-2015-XXXX [insecure keyring handling] - weboob 1.0-3 (low; bug #774838) [wheezy] - weboob (Minor issue) @@ -26527,8 +26527,8 @@ CVE-2015-0273 (Multiple use-after-free vulnerabilities in ext/date/php_date.c in {DSA-3195-1} - php5 5.6.6+dfsg-1 NOTE: https://bugs.php.net/bug.php?id=68942 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2 - NOTE: http://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2 + NOTE: https://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24 CVE-2015-0272 (GNOME NetworkManager allows remote attackers to cause a denial of serv ...) - network-manager 1.0.4-1 [jessie] - network-manager (Will be fixed on the kernel side) -- cgit v1.2.3