Summary: | <dev-lang/php-{5.4.39,5.5.23,5.6.7}: SoapClient's __call() type confusion through unserialize() | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1204868 | ||
Whiteboard: | A2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2015-03-24 13:22:26 UTC
This was fixed upstream in 5.4.39, 5.5.23, and 5.6.7. All versions prior to those have already been removed from the tree, and newer versions are stable. Added to existing GLSA. This issue was resolved and addressed in GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10 by GLSA coordinator Kristian Fiskerstrand (K_F). |