Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 587246 - <dev-lang/php-{5.5.37,5.6.23,7.0.8}: Multiple vulnerabilities
Summary: <dev-lang/php-{5.5.37,5.6.23,7.0.8}: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa]
Keywords:
Depends on:
Blocks: 584204
  Show dependency tree
 
Reported: 2016-06-27 14:57 UTC by Thomas Stein
Modified: 2016-11-30 21:48 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Stein 2016-06-27 14:57:15 UTC
Hello Devs.

New PHP Versions have been released covering a few security issue.

http://www.php.net/ChangeLog-5.php#5.6.23

Please bump.

cheers
t.

Reproducible: Always
Comment 1 Jonas Stein gentoo-dev 2016-06-27 20:17:42 UTC
see also #584204
Comment 2 Michael Orlitzky gentoo-dev 2016-06-28 17:28:47 UTC
Fixed versions are in the tree:

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9d086bd3fcee29d448a86c0ff8cf942a4d2db68d
Comment 3 Agostino Sarubbo gentoo-dev 2016-06-30 09:13:30 UTC
Arches, please test and mark stable:
=dev-lang/php-5.5.37
=dev-lang/php-5.6.23
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 4 Agostino Sarubbo gentoo-dev 2016-06-30 10:50:03 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-06-30 10:50:35 UTC
x86 stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2016-06-30 14:24:01 UTC
Both stable on alpha.
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2016-07-03 10:02:34 UTC
Stable for PPC64.
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2016-07-03 11:34:04 UTC
Stable for HPPA.
Comment 9 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-07-05 21:47:34 UTC
Added to existing GLSA.
Comment 10 Agostino Sarubbo gentoo-dev 2016-07-08 08:19:57 UTC
ppc stable
Comment 11 Agostino Sarubbo gentoo-dev 2016-07-08 08:44:13 UTC
sparc stable
Comment 12 Agostino Sarubbo gentoo-dev 2016-07-08 13:30:29 UTC
ia64 stable
Comment 13 Markus Meier gentoo-dev 2016-07-08 14:39:30 UTC
arm stable, all arches done.
Comment 15 A Collector 2016-11-30 18:07:19 UTC
Shouldn't this ticket and a few similar ones be closed?
Comment 16 Thomas Deutschmann gentoo-dev 2016-11-30 18:20:55 UTC
No, not before we have published the corresponding GLSA. Visit https://www.gentoo.org/support/security/vulnerability-treatment-policy.html to learn more about our official policy the Gentoo security team follows.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2016-11-30 21:48:50 UTC
This issue was resolved and addressed in
 GLSA 201611-22 at https://security.gentoo.org/glsa/201611-22
by GLSA coordinator Aaron Bauman (b-man).