Summary: | <dev-lang/php-{7.0.23, 7.1.9} :heap-use-after-free when unserializing invalid array size | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Brian Evans (RETIRED) <grknight> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | php-bugs |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.php.net/bug.php?id=74103 | ||
See Also: | https://bugs.php.net/bug.php?id=74103 | ||
Whiteboard: | A3 [glsa cve] | ||
Package list: |
=dev-lang/php-7.0.23
|
Runtime testing required: | Yes |
Description
Brian Evans (RETIRED)
2017-08-31 14:16:20 UTC
I added php-7.0.23 to the tree, but I don't see a fixed release of the 7.1 series yet. (In reply to Michael Orlitzky from comment #1) > I don't see a fixed release of the 7.1 series yet. This patch was posted: https://github.com/php/php-src/commit/1a23ebc1fff59bf480ca92963b36eba5c1b904c4 also see ${URL}: particularly, bug #74622. Daj'Uan (jmbailey/mbailey_j) Gentoo Security Padawan Brian added the official php-7.1.9 and I just dropped php-7.1.8, so we're ready to stabilize php-7.0.23. ia64 stable hppa stable sparc stable (thanks to Dakon) ppc/ppc64 stable Stable on alpha. amd64 tested, ok arm stable amd64 stable x86 stable @ Maintainers: Please cleanup and drop <dev-lang/php-7.0.23! The vulnerable versions are gone (thanks Brian). GLSA Request filed. Gentoo Security Padawan ChrisADR This issue was resolved and addressed in GLSA 201709-21 at https://security.gentoo.org/glsa/201709-21 by GLSA coordinator Aaron Bauman (b-man). |