636694 – (CVE-2017-16642) <dev-lang/php-{5.6.32, 7.0.25}: Multiple vulnerabilities (CVE-2016-1283)

Bug 636694 (CVE-2017-16642) - <dev-lang/php-{5.6.32, 7.0.25}: Multiple vulnerabilities (CVE-2016-1283)

Summary: <dev-lang/php-{5.6.32, 7.0.25}: Multiple vulnerabilities (CVE-2016-1283)

Status:	RESOLVED FIXED

Alias:	CVE-2017-16642

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2017-11-06 12:56 UTC by Michael Orlitzky
Modified:	2017-11-19 18:45 UTC (History)
CC List:	1 user (show)

See Also:	CVE-2016-1283
Package list:	=dev-lang/php-7.0.25 =dev-lang/php-5.6.32
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Orlitzky gentoo-dev

2017-11-06 12:56:25 UTC

The last two releases in the 5.6 and 7.0 series, respectively dev-lang/php-5.6.32 and dev-lang/php-7.0.25 were security releases. Their ChangeLogs show that multiple vulnerabilities (including CVE-2016-1283) were fixed:

  * http://www.php.net/ChangeLog-5.php#5.6.32
  * http://www.php.net/ChangeLog-7.php#7.0.25

The fixed versions are already in the tree, so please call for stabilization.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-11-08 00:51:27 UTC

@Maintainers please call for stabilization when ready.

Thank you

Comment 2 Michael Orlitzky gentoo-dev

2017-11-08 00:53:54 UTC

I am one of the maintainers, please go ahead =)

Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-11-08 00:56:28 UTC

@Arches please test and mark stable.

Thank you

Comment 4 Agostino Sarubbo gentoo-dev

2017-11-08 13:39:32 UTC

amd64 stable

Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev

2017-11-08 20:10:12 UTC

ia64 stable

Comment 6 Tobias Klausmann (RETIRED) gentoo-dev

2017-11-08 20:51:30 UTC

Stable on alpha.

Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev

2017-11-08 22:29:30 UTC

sparc stable (thanks to Rolf Eike Beer)

Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev

2017-11-09 08:04:31 UTC

ppc/ppc64 stable

Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev

2017-11-09 12:53:29 UTC

x86 stable

Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev

2017-11-09 20:07:48 UTC

hppa stablee

Comment 11 Markus Meier gentoo-dev

2017-11-19 15:13:29 UTC

arm stable, all arches done.

Comment 12 Aaron Bauman (RETIRED) gentoo-dev

2017-11-19 17:49:04 UTC

@maintainer(s), please clean the vulnerable versions.

Comment 13 Brian Evans (RETIRED) gentoo-dev

2017-11-19 18:42:03 UTC

Cleanup complete.