From ${URL} : I found a double-free in PHP: https://bugs.php.net/bug.php?id=68676 And it has been patched in the following commits: http://git.php.net/?p=php-src.git;a=commit;h=2bcf69d073190e4f032d883f3416dea1b027a39e http://git.php.net/?p=php-src.git;a=commit;h=24125f0f26f3787c006e4a51611ba33ee3b841cb http://git.php.net/?p=php-src.git;a=commit;h=fbf3a6bc1abcc8a5b5226b0ad9464c37f11ddbd6 It has existed since 2002. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-9425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9425): Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Versions 5.5.21 and 5.6.5 are out fixing this issue. Plus more CVEs and fixes for 5.4 branch.
(In reply to Tomas Mozes from comment #2) > Versions 5.5.21 and 5.6.5 are out fixing this issue. Plus more CVEs and > fixes for 5.4 branch. Ebuilds are out too. Go ahead with stabilisation if you want.
Arches, please test and mark stable: =dev-lang/php-5.4.37 =dev-lang/php-5.5.21 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 spark x86" Thank you!
Stable for HPPA.
amd64 stable
x86 stable
ppc stable
CVE-2015-0232 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0232): The exif_process_unicode function in ext/exif/exif.c in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized pointer free and application crash) via crafted EXIF data in a JPEG image. CVE-2015-0231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231): Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
arm stable
Note: Dependency on Bug #538756 is for cleanup only, it does not affect stabilization.
sparc stable
ppc64 stable
ia64 stable
Stable on alpha.
Arches and Maintainer(s), Thank you for your work. Added to existing GLSA request. Maintainer(s), please drop the vulnerable version(s), when the Dependency is satisfied.
This issue was resolved and addressed in GLSA 201503-03 at http://security.gentoo.org/glsa/glsa-201503-03.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
Re-Opening for Cleanup. Vulnerable Versions in Tree.
Maintainer(s), Thank you for you for cleanup. Closing
