From $URL: Description: ------------ While deserializing an invalid dateTime value, wddx_deserialize() would result in a heap out-of-bounds read in timelib_meridian(). As wddx_deserialize() is exposed to network data, and sometimes echo the results back to client, this issue could potentially allow remote peeking of the process memory. It should also affect other PHP APIs that make use of timelib_meridian().
upstream patch: https://gist.github.com/bd77ac90d3bdf31ce2a5251ad92e9e75
Please confirm if this is part of version 7.0.23, 7.1.9 being stabilized in bug #629452
(In reply to Yury German from comment #2) > Please confirm if this is part of version 7.0.23, 7.1.9 being stabilized in > bug #629452 This bug was fixed with PHP 7.0.21 and 7.1.7.
Also fixed with PHP 5.6.31 as well
GLSA Vote: No