2 ignored security issues in jessie

package:
php5
severity:
low
created:
2015-07-12
last updated:
2019-01-06

There are 2 open security issues in jessie.
2 issues skipped by the security teams:
  • CVE-2017-7272: PHP through 7.1.11 enables potential SSRF in applications that accept an fsockopen or pfsockopen hostname argument with an expectation that the port number is constrained. Because a :port syntax is recognized, fsockopen will use the port number that is specified in the hostname argument, instead of the port number in the second argument of the function.
  • TEMP-0800564-79703B:
Please fix them.