Already in tree.
@php team: could we stabilize?
(In reply to Agostino Sarubbo from comment #1) > @php team: could we stabilize? Yep. Terribly sorry for not notifying about this when I made the bump.
Arches, please test and mark stable: =dev-lang/php-5.4.39 =dev-lang/php-5.5.23 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 stable
Stable for HPPA.
x86 stable
sparc stable
alpha stable
ppc64 stable
arm stable
CVE-2015-2331 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2331): Integer overflow in the _zip_cdir_new function in zip_dirent.c in libzip 0.11.2 and earlier, as used in the ZIP extension in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a ZIP archive that contains many entries, leading to a heap-based buffer overflow. CVE-2015-2305 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2305): Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.
CVE-2015-0231 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0231): Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate numerical keys within the serialized properties of an object. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8142.
Ping on stabilization for ia64 and ppc.
ia64 stable
ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
cleanup done
Arches and Maintainer(s), Thank you for your work. Added to an existing GLSA Request.
CVE-2015-4148 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4148): The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. CVE-2015-4147 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-4147): The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue. CVE-2015-2787 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2787): Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages use of the unset function within an __wakeup function, a related issue to CVE-2015-0231. CVE-2015-2348 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-2348): The move_uploaded_file implementation in ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon encountering a \x00 character, which allows remote attackers to bypass intended extension restrictions and create files with unexpected names via a crafted second argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243.
This issue was resolved and addressed in GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10 by GLSA coordinator Kristian Fiskerstrand (K_F).
