Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 636694 (CVE-2017-16642)

Summary: <dev-lang/php-{5.6.32, 7.0.25}: Multiple vulnerabilities (CVE-2016-1283)
Product: Gentoo Security Reporter: Michael Orlitzky <mjo>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal CC: php-bugs
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
See Also:
Whiteboard: B3 [noglsa cve]
Package list:
=dev-lang/php-7.0.25 =dev-lang/php-5.6.32
Runtime testing required: ---

Description Michael Orlitzky gentoo-dev 2017-11-06 12:56:25 UTC
The last two releases in the 5.6 and 7.0 series, respectively dev-lang/php-5.6.32 and dev-lang/php-7.0.25 were security releases. Their ChangeLogs show that multiple vulnerabilities (including CVE-2016-1283) were fixed:


The fixed versions are already in the tree, so please call for stabilization.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-08 00:51:27 UTC
@Maintainers please call for stabilization when ready.

Thank you
Comment 2 Michael Orlitzky gentoo-dev 2017-11-08 00:53:54 UTC
I am one of the maintainers, please go ahead =)
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-11-08 00:56:28 UTC
@Arches please test and mark stable.

Thank you
Comment 4 Agostino Sarubbo gentoo-dev 2017-11-08 13:39:32 UTC
amd64 stable
Comment 5 Sergei Trofimovich gentoo-dev 2017-11-08 20:10:12 UTC
ia64 stable
Comment 6 Tobias Klausmann gentoo-dev 2017-11-08 20:51:30 UTC
Stable on alpha.
Comment 7 Sergei Trofimovich gentoo-dev 2017-11-08 22:29:30 UTC
sparc stable (thanks to Rolf Eike Beer)
Comment 8 Sergei Trofimovich gentoo-dev 2017-11-09 08:04:31 UTC
ppc/ppc64 stable
Comment 9 Thomas Deutschmann gentoo-dev Security 2017-11-09 12:53:29 UTC
x86 stable
Comment 10 Sergei Trofimovich gentoo-dev 2017-11-09 20:07:48 UTC
hppa stablee
Comment 11 Markus Meier gentoo-dev 2017-11-19 15:13:29 UTC
arm stable, all arches done.
Comment 12 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2017-11-19 17:49:04 UTC
@maintainer(s), please clean the vulnerable versions.
Comment 13 Brian Evans Gentoo Infrastructure gentoo-dev 2017-11-19 18:42:03 UTC
Cleanup complete.