Comment 1 Aaron Bauman (RETIRED) 2016-10-21 12:01:04 UTC

(In reply to Tomáš Mózes from comment #0)
> http://php.net/ChangeLog-5.php#5.6.27
> http://php.net/ChangeLog-7.php#7.0.12

Package versions do not go in the bug title until the respective package has been added to the tree.

Comment 2 Brian Evans (RETIRED) 2016-10-26 14:54:08 UTC

5.6.27 and 7.0.12 are now in the tree

Comment 3 Kristian Fiskerstrand (RETIRED) 2016-10-29 22:32:58 UTC

(In reply to Brian Evans from comment #2)
> 5.6.27 and 7.0.12 are now in the tree

Please call for stabilization when ready

Comment 4 Kristian Fiskerstrand (RETIRED) 2016-10-29 22:36:29 UTC

CVE discussion in thread on http://www.openwall.com/lists/oss-security/2016/10/18/1. PHP team only request CVE for one issue, that seems reather defensive.

Comment 5 Michael Orlitzky 2016-10-29 22:54:00 UTC

(In reply to Kristian Fiskerstrand from comment #3)
> (In reply to Brian Evans from comment #2)
> > 5.6.27 and 7.0.12 are now in the tree
> 
> Please call for stabilization when ready

The 7.x series is still ~arch, but 5.6.27 can be stabilized ASAP.

Comment 6 Yury German 2016-10-31 05:55:23 UTC

Arches, please test and mark stable:

=dev-lang/php-5.6.27

Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

Thank you!

Comment 7 Jeroen Roovers (RETIRED) 2016-11-02 07:50:09 UTC

Stable for HPPA.

Comment 8 Agostino Sarubbo 2016-11-02 11:09:38 UTC

amd64 stable

Comment 9 Agostino Sarubbo 2016-11-02 11:10:19 UTC

x86 stable

Comment 10 Jeroen Roovers (RETIRED) 2016-11-04 13:21:22 UTC

Stable for PPC64.

Comment 11 Markus Meier 2016-11-10 17:49:31 UTC

arm stable

Comment 12 Thomas Deutschmann (RETIRED) 2016-11-10 22:03:35 UTC

Superseded by bug 599326.

Comment 13 GLSAMaker/CVETool Bot 2016-11-30 21:49:19 UTC

This issue was resolved and addressed in
 GLSA 201611-22 at https://security.gentoo.org/glsa/201611-22
by GLSA coordinator Aaron Bauman (b-man).