556952 – <dev-lang/php-{5.4.44,5.5.28,5.6.12} : Multiple vulnerabilities and bugfixes (CVE-2015-{6831,6832,6833})

Bug 556952 - <dev-lang/php-{5.4.44,5.5.28,5.6.12} : Multiple vulnerabilities and bugfixes (CVE-2015-{6831,6832,6833})

Summary: <dev-lang/php-{5.4.44,5.5.28,5.6.12} : Multiple vulnerabilities and bugfixes ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	http://www.php.net/ChangeLog-5.php#5....
Whiteboard:	A2 [glsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2015-08-07 13:28 UTC by devnull
Modified:	2016-06-19 00:27 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description devnull 2015-08-07 13:28:01 UTC

See http://www.php.net/ChangeLog-5.php#5.6.12 for bug & security fixes.

Would be nice to have these versions stable asap, the previous ones are still not marked stable in the tree.

Reproducible: Always

Comment 1 devnull 2015-08-07 13:30:36 UTC

https://bugs.php.net/bug.php?id=66387

Comment 2 Brian Evans (RETIRED) gentoo-dev

2015-08-07 14:28:38 UTC

Correct me if I'm wrong on this..

Should 5.6.12 be included with a vulnerability bug when the ChangeLog does not appear to list exploitable paths?

Comment 3 Brian Evans (RETIRED) gentoo-dev

2015-08-07 18:22:23 UTC

(In reply to Brian Evans from comment #2)
> Correct me if I'm wrong on this..
> 
> Should 5.6.12 be included with a vulnerability bug when the ChangeLog does
> not appear to list exploitable paths?

Nevermind, the ChangeLog was updated to list the SPL vulnerabilities on 5.6.12

Comment 4 Ole Markus With (RETIRED) gentoo-dev

2015-08-08 15:31:01 UTC

Ebuilds committed. Feel free to stabilise

Comment 5 Mikle Kolyada (RETIRED) archtester

2015-08-09 21:39:44 UTC

Arches, please test and mark stable:

=dev-lang/php-5.4.44
=dev-lang/php-5.5.28
=dev-lang/php-5.6.12

target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

Comment 6 Mikle Kolyada (RETIRED) archtester

2015-08-09 21:43:35 UTC

amd64 stable

Comment 7 Tobias Klausmann (RETIRED) gentoo-dev

2015-08-10 17:33:01 UTC

All three stable on alpha.

Comment 8 Mikle Kolyada (RETIRED) archtester

2015-08-10 23:45:59 UTC

x86 stable

Comment 9 Jeroen Roovers (RETIRED) gentoo-dev

2015-08-15 20:00:09 UTC

Stable for PPC64.

Comment 10 Jeroen Roovers (RETIRED) gentoo-dev

2015-08-16 12:10:13 UTC

Stable for HPPA.

Comment 11 Mikle Kolyada (RETIRED) archtester

2015-08-16 17:39:16 UTC

ia64 stable

Comment 12 Markus Meier gentoo-dev

2015-08-19 17:12:40 UTC

arm stable

Comment 13 Agostino Sarubbo gentoo-dev

2015-08-26 07:29:14 UTC

ppc stable

Comment 14 Agostino Sarubbo gentoo-dev

2015-09-06 08:33:21 UTC

sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.

Comment 15 Yury German Gentoo Infrastructure

2015-09-13 13:05:59 UTC

Added to an existing GLSA Request.
Maintainer(s), Thank you for you for cleanup.

Comment 16 GLSAMaker/CVETool Bot gentoo-dev

2016-06-19 00:27:27 UTC

This issue was resolved and addressed in
 GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10
by GLSA coordinator Kristian Fiskerstrand (K_F).