Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 597586 - <dev-lang/php-{5.6.27,7.0.12}: Multiple vulnerabilities
Summary: <dev-lang/php-{5.6.27,7.0.12}: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa blocked]
Keywords:
Depends on: 599326
Blocks:
  Show dependency tree
 
Reported: 2016-10-20 05:16 UTC by Tomáš Mózes
Modified: 2016-11-30 21:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-10-21 12:01:04 UTC
(In reply to Tomáš Mózes from comment #0)
> http://php.net/ChangeLog-5.php#5.6.27
> http://php.net/ChangeLog-7.php#7.0.12

Package versions do not go in the bug title until the respective package has been added to the tree.
Comment 2 Brian Evans Gentoo Infrastructure gentoo-dev 2016-10-26 14:54:08 UTC
5.6.27 and 7.0.12 are now in the tree
Comment 3 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-29 22:32:58 UTC
(In reply to Brian Evans from comment #2)
> 5.6.27 and 7.0.12 are now in the tree

Please call for stabilization when ready
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-10-29 22:36:29 UTC
CVE discussion in thread on http://www.openwall.com/lists/oss-security/2016/10/18/1. PHP team only request CVE for one issue, that seems reather defensive.
Comment 5 Michael Orlitzky gentoo-dev 2016-10-29 22:54:00 UTC
(In reply to Kristian Fiskerstrand from comment #3)
> (In reply to Brian Evans from comment #2)
> > 5.6.27 and 7.0.12 are now in the tree
> 
> Please call for stabilization when ready

The 7.x series is still ~arch, but 5.6.27 can be stabilized ASAP.
Comment 6 Yury German Gentoo Infrastructure gentoo-dev 2016-10-31 05:55:23 UTC
Arches, please test and mark stable:

=dev-lang/php-5.6.27

Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"

Thank you!
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2016-11-02 07:50:09 UTC
Stable for HPPA.
Comment 8 Agostino Sarubbo gentoo-dev 2016-11-02 11:09:38 UTC
amd64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2016-11-02 11:10:19 UTC
x86 stable
Comment 10 Jeroen Roovers (RETIRED) gentoo-dev 2016-11-04 13:21:22 UTC
Stable for PPC64.
Comment 11 Markus Meier gentoo-dev 2016-11-10 17:49:31 UTC
arm stable
Comment 12 Thomas Deutschmann gentoo-dev 2016-11-10 22:03:35 UTC
Superseded by bug 599326.
Comment 13 GLSAMaker/CVETool Bot gentoo-dev 2016-11-30 21:49:19 UTC
This issue was resolved and addressed in
 GLSA 201611-22 at https://security.gentoo.org/glsa/201611-22
by GLSA coordinator Aaron Bauman (b-man).