Summary: | <dev-lang/php-{5.6.31, 7.0.21, 7.1.7}: wddx_deserialize() heap out-of-bound read via php_parse_date() | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Christopher Díaz Riveros (RETIRED) <chrisadr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.php.net/bug.php?id=74819 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Christopher Díaz Riveros (RETIRED)
2017-07-06 20:09:26 UTC
upstream patch: https://gist.github.com/bd77ac90d3bdf31ce2a5251ad92e9e75 Please confirm if this is part of version 7.0.23, 7.1.9 being stabilized in bug #629452 (In reply to Yury German from comment #2) > Please confirm if this is part of version 7.0.23, 7.1.9 being stabilized in > bug #629452 This bug was fixed with PHP 7.0.21 and 7.1.7. Also fixed with PHP 5.6.31 as well GLSA Vote: No |