From https://bugzilla.redhat.com/show_bug.cgi?id=977463 : Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4636 to the following vulnerability: The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object. References: [1] http://www.php.net/ChangeLog-5.php [2] https://bugs.php.net/bug.php?id=64830 Relevant upstream patch: [3] http://git.php.net/?p=php-src.git;a=commit;h=74555e7c26b2c61bb8e67b7d6a6f4d2b8eb3a5f3
From https://bugzilla.redhat.com/show_bug.cgi?id=977462 : Common Vulnerabilities and Exposures assigned an identifier CVE-2013-4635 to the following vulnerability: Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function. References: [1] http://www.php.net/ChangeLog-5.php [2] https://bugs.php.net/bug.php?id=64895 Relevant upstream patches: [3] http://git.php.net/?p=php-src.git;a=commit;h=fc2a9d6e47ae23adb28122539b56df0d6195bdce [4] http://git.php.net/?p=php-src.git;a=commit;h=c50cef1dc54ffd1d0fb71d1afb8b2c3cb3c5b6ef [5] http://git.php.net/?p=php-src.git;a=commit;h=c50cef1dc54ffd1d0fb71d1afb8b2c3cb3c5b6ef @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Sorry. Must have missed this one, but version with a fix has been in the tree for a while. Maintainer OK for stabilisation.
Versions with fixes are being stabled in bug 472558.
Added to GLSA request.
CVE-2013-4636 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4636): The mget function in libmagic/softmagic.c in the Fileinfo component in PHP 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (invalid pointer dereference and application crash) via an MP3 file that triggers incorrect MIME type detection during access to an finfo object. CVE-2013-4635 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-4635): Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (application hang) via a large argument to the jdtojewish function.
This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F).