| Summary: | <dev-lang/php-5.6.26: Multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | php-bugs |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.php.net/ChangeLog-5.php#5.6.26 | ||
| Whiteboard: | A2 [glsa cve cleanup] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 591710 | ||
Arches please stabilize: =dev-lang/php-5.6.26 Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable on alpha. amd64 stable Stable for HPPA. Stable for PPC64. x86 stable sparc stable ppc stable arm stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Maintainer(s), please drop the vulnerable version(s). This issue was resolved and addressed in GLSA 201611-22 at https://security.gentoo.org/glsa/201611-22 by GLSA coordinator Aaron Bauman (b-man). |
From ${URL} : Fixed bug #73007 (add locale length check). (CVE-2016-7416) Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (CVE-2016-7412) Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile). (CVE-2016-7414) Fixed bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile). Fixed bug #73029 (Missing type check when unserializing SplArray). (CVE-2016-7417) Fixed bug #73052 (Memory Corruption in During Deserialized-object Destruction). (CVE-2016-7411) Fixed bug #72860 (wddx_deserialize use-after-free). (CVE-2016-7413) Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (CVE-2016-7418) @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.