From ${URL} : SoapClient's __call() method is prone to a type confusion vulnerability which can be used to gain remote code execution through unsafe unserialize() calls. Upstream commit: http://git.php.net/?p=php-src.git;a=commitdiff;h=c8eaca013a3922e8383def6158ece2b63f6ec483;hp=0c136a2abd49298b66acb0cad504f0f972f5bfe8 CVE request: http://seclists.org/oss-sec/2015/q1/905 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This was fixed upstream in 5.4.39, 5.5.23, and 5.6.7. All versions prior to those have already been removed from the tree, and newer versions are stable.
Added to existing GLSA.
This issue was resolved and addressed in GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10 by GLSA coordinator Kristian Fiskerstrand (K_F).