| Summary: | <dev-lang/php-5.6.30: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Michael Orlitzky <mjo> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | Flags: | stable-bot:
sanity-check+
|
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.php.net/ChangeLog-5.php#5.6.30 | ||
| Whiteboard: | A3 [glsa cve] | ||
| Package list: |
=dev-lang/php-5.6.30
|
Runtime testing required: | Yes |
| Bug Depends on: | |||
| Bug Blocks: | 604776 | ||
@arches, please stabilize. Stable on alpha. amd64 stable Stable for HPPA PPC64. x86 stable ppc stable arm stable Already added to existing GLSA. sparc stable ia64 stable. Maintainer(s), please cleanup. (In reply to Agostino Sarubbo from comment #10) > > Maintainer(s), please cleanup. Done. This issue was resolved and addressed in GLSA 201702-29 at https://security.gentoo.org/glsa/201702-29 by GLSA coordinator Thomas Deutschmann (whissi). |
I don't see any CVEs for this yet, but the following stand out in the changelog. Phar: Fixed bug #73764 (Crash while loading hostile phar archive). Fixed bug #73768 (Memory corruption when loading hostile phar). Fixed bug #73773 (Seg fault when loading hostile phar). The fixed v5.6.30 is already in the tree and can be stabilized. The unstable 7.0 and 7.1 series also got new security releases. The 7.1 version isn't marked as such, but looking at e.g. PHP bug 73831, it should have been. In any case, since they were both unstable, I dropped the old versions immediately.