From - https://github.com/php/php-src/blob/php-7.0.13/NEWS - https://github.com/php/php-src/blob/php-5.6.28/NEWS -GD: - Integer overflow in imageline() with antialiasing https://bugs.php.net/73213 - Integer overflow in gdImageScaleBilinearPalette() https://bugs.php.net/73279 - Stack Buffer Overflow in GD dynamicGetbuf https://bugs.php.net/73280 - Illegal write/read access caused by gdImageAALine overflow). https://bugs.php.net/72482 - imagefilltoborder stackoverflow on truecolor images https://bugs.php.net/72696 - Imap: - Integer Overflow in "_php_imap_mail" leads Heap Overflow https://bugs.php.net/73418 - SPL: - Use-after-free in ArrayObject Deserialization https://bugs.php.net/73144 - Standard: - Use after free in userspace streams https://bugs.php.net/73188 - Wddx: - NULL Pointer Dereference in WDDX Packet Deserialization with PDORow https://bugs.php.net/73331 (the list maybe incomplete)
@maintainer(s): Source tarballs are already available on the mirrors. Please bump the package and let us know if it is ready for the stabilization or not.
Fixed versions are in the tree, and v5.6.28 can be stabilized.
Arches, please test and mark stable: =dev-lang/php-5.6.28 Target keywords: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Thank you!
amd64 stable
x86 stable
Stable for PPC64.
Stable on alpha.
(In reply to Tobias Klausmann from comment #7) > Stable on alpha. Seems that 7.0.13 got stabilized just by accident. Not that I wouldn't like it,but seems we are not ready for that yet :)
Stable for HPPA.
arm stable
ppc stable
sparc stable
ia64 stable. Maintainer(s), please cleanup.
arm stable, all arches done.
This issue was resolved and addressed in GLSA 201611-22 at https://security.gentoo.org/glsa/201611-22 by GLSA coordinator Aaron Bauman (b-man).