567020 – dev-lang/php-7.0.0_rc8: please bump (various vulnerabilities)

Bug 567020 - dev-lang/php-7.0.0_rc8: please bump (various vulnerabilities)

Summary: dev-lang/php-7.0.0_rc8: please bump (various vulnerabilities)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Development (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	PHP Bugs

URL:	https://github.com/php/php-src/blob/p...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2015-11-28 09:11 UTC by Hanno Böck
Modified:	2015-11-28 12:24 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Böck gentoo-dev

2015-11-28 09:11:46 UTC

php 7.0.0 rc8 fixes a bunch of serious sounding bugs, some security:
  . Fixed bug #70947 (INI parser segfault with INI_SCANNER_TYPED). (Laruence)
  . Fixed bug #70914 (zend_throw_or_error() format string vulnerability).
    (Taoguang Chen)
  . Fixed bug #70912 (Null ptr dereference instantiating class with invalid 
    array property). (Laruence)
  . Fixed bug #70895, #70898 (null ptr deref and segfault with crafted calable).
    (Anatol, Laruence)

I know it's a masked package, thus I'm not opening a security bug. But I think given the upcoming php 7 release a lot of people will be interested in testing this, therefore I think a quick bump to rc8 would be good.

Comment 1 Ole Markus With (RETIRED) gentoo-dev

2015-11-28 12:24:25 UTC

Done