PHP upstream has released version 5.5.10 fixing multiple vulnerabilities. "The PHP development team announces the immediate availability of PHP 5.5.10. Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release. We recommand all PHP 5.5 users to upgrade to this version."
Removing some of the CVE's as they are part of different Security Bugs: CVE-2014-1943 - Bug 501574 CVE-2014-2270 - Bug 503630 - undergoing Stabilization. Stabilization to dev-lang/php.5.5.10 is happening now as part of Bug 503630 (setting dependency) CVE Content: CVE-2014-1943: The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via invalid imagecrop arguments that lead to use of a NULL pointer as a return value, a different vulnerability than CVE-2013-7226. CVE-2014-1943 Fine Free file before 5.17 allows context-dependent attackers to cause a denial of service (infinite recursion, CPU consumption, and crash) via a crafted indirect offset value in the magic of a file.
Bug 503630 is stabilized Added to existing GLSA Request. Waiting on cleanup as part of 503630.
Maintainer(s), Thank you for cleanup!
This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
