Re: Issue affecting php5?

To: Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org
Subject: Re: Issue affecting php5?
From: Raphael Hertzog <hertzog@debian.org>
Date: Sat, 18 Nov 2017 17:37:50 +0100
Message-id: <[🔎] 20171118163750.wyfhtm7dzgkgeewb@home.ouaza.com>
Mail-followup-to: Raphael Hertzog <hertzog@debian.org>, Roberto C. Sánchez <roberto@debian.org>, debian-lts@lists.debian.org
In-reply-to: <[🔎] 20171115112608.h7itgeq3jqs5pjrm@connexer.com>
References: <[🔎] 20171115112608.h7itgeq3jqs5pjrm@connexer.com>

Hi,

On Wed, 15 Nov 2017, Roberto C. Sánchez wrote:
> The commit was made for PHP version 5.6 and mentions CVE-2017-14107 [0].
> However, CVE-2017-14107 is only listed for libzip in the security
> tracker.  I looked at the build log and php5 in wheezy definitely builds
> the file that was modified in that commit.  My conclusion is that php5
> in wheezy embeds and builds a vulnerable version of libzip. Is it then
> correct to add php5 as being affected by that CVE in data/CVE/list?

Yes.

Cheers,
-- 
Raphaël Hertzog ◈ Debian Developer

Support Debian LTS: https://www.freexian.com/services/debian-lts.html
Learn to master Debian: https://debian-handbook.info/get/

Reply to:

Follow-Ups:
- Re: Issue affecting php5?
  - From: Roberto C. Sánchez <roberto@debian.org>

References:
- Issue affecting php5?
  - From: Roberto C. Sánchez <roberto@debian.org>

Prev by Date: Re: python2.6 in wheezy
Next by Date: Request for testing: python2.6/python2.7
Previous by thread: Issue affecting php5?
Next by thread: Re: Issue affecting php5?
Index(es):
- Date
- Thread