Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 556952 - <dev-lang/php-{5.4.44,5.5.28,5.6.12} : Multiple vulnerabilities and bugfixes (CVE-2015-{6831,6832,6833})
Summary: <dev-lang/php-{5.4.44,5.5.28,5.6.12} : Multiple vulnerabilities and bugfixes ...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://www.php.net/ChangeLog-5.php#5....
Whiteboard: A2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-08-07 13:28 UTC by devnull
Modified: 2016-06-19 00:27 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description devnull 2015-08-07 13:28:01 UTC
See http://www.php.net/ChangeLog-5.php#5.6.12 for bug & security fixes.

Would be nice to have these versions stable asap, the previous ones are still not marked stable in the tree.

Reproducible: Always
Comment 1 devnull 2015-08-07 13:30:36 UTC
https://bugs.php.net/bug.php?id=66387
Comment 2 Brian Evans Gentoo Infrastructure gentoo-dev 2015-08-07 14:28:38 UTC
Correct me if I'm wrong on this..

Should 5.6.12 be included with a vulnerability bug when the ChangeLog does not appear to list exploitable paths?
Comment 3 Brian Evans Gentoo Infrastructure gentoo-dev 2015-08-07 18:22:23 UTC
(In reply to Brian Evans from comment #2)
> Correct me if I'm wrong on this..
> 
> Should 5.6.12 be included with a vulnerability bug when the ChangeLog does
> not appear to list exploitable paths?

Nevermind, the ChangeLog was updated to list the SPL vulnerabilities on 5.6.12
Comment 4 Ole Markus With (RETIRED) gentoo-dev 2015-08-08 15:31:01 UTC
Ebuilds committed. Feel free to stabilise
Comment 5 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-08-09 21:39:44 UTC
Arches, please test and mark stable:

=dev-lang/php-5.4.44
=dev-lang/php-5.5.28
=dev-lang/php-5.6.12

target KEYWORDS="alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 6 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-08-09 21:43:35 UTC
amd64 stable
Comment 7 Tobias Klausmann (RETIRED) gentoo-dev 2015-08-10 17:33:01 UTC
All three stable on alpha.
Comment 8 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-08-10 23:45:59 UTC
x86 stable
Comment 9 Jeroen Roovers (RETIRED) gentoo-dev 2015-08-15 20:00:09 UTC
Stable for PPC64.
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2015-08-16 12:10:13 UTC
Stable for HPPA.
Comment 11 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2015-08-16 17:39:16 UTC
ia64 stable
Comment 12 Markus Meier gentoo-dev 2015-08-19 17:12:40 UTC
arm stable
Comment 13 Agostino Sarubbo gentoo-dev 2015-08-26 07:29:14 UTC
ppc stable
Comment 14 Agostino Sarubbo gentoo-dev 2015-09-06 08:33:21 UTC
sparc stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 15 Yury German Gentoo Infrastructure gentoo-dev 2015-09-13 13:05:59 UTC
Added to an existing GLSA Request.
Maintainer(s), Thank you for you for cleanup.
Comment 16 GLSAMaker/CVETool Bot gentoo-dev 2016-06-19 00:27:27 UTC
This issue was resolved and addressed in
 GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10
by GLSA coordinator Kristian Fiskerstrand (K_F).