http://php.net/ChangeLog-5.php#5.6.27 http://php.net/ChangeLog-7.php#7.0.12
(In reply to Tomáš Mózes from comment #0) > http://php.net/ChangeLog-5.php#5.6.27 > http://php.net/ChangeLog-7.php#7.0.12 Package versions do not go in the bug title until the respective package has been added to the tree.
5.6.27 and 7.0.12 are now in the tree
(In reply to Brian Evans from comment #2) > 5.6.27 and 7.0.12 are now in the tree Please call for stabilization when ready
CVE discussion in thread on http://www.openwall.com/lists/oss-security/2016/10/18/1. PHP team only request CVE for one issue, that seems reather defensive.
(In reply to Kristian Fiskerstrand from comment #3) > (In reply to Brian Evans from comment #2) > > 5.6.27 and 7.0.12 are now in the tree > > Please call for stabilization when ready The 7.x series is still ~arch, but 5.6.27 can be stabilized ASAP.
Arches, please test and mark stable: =dev-lang/php-5.6.27 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Thank you!
Stable for HPPA.
amd64 stable
x86 stable
Stable for PPC64.
arm stable
Superseded by bug 599326.
This issue was resolved and addressed in GLSA 201611-22 at https://security.gentoo.org/glsa/201611-22 by GLSA coordinator Aaron Bauman (b-man).