I don't see any CVEs for this yet, but the following stand out in the changelog. Phar: Fixed bug #73764 (Crash while loading hostile phar archive). Fixed bug #73768 (Memory corruption when loading hostile phar). Fixed bug #73773 (Seg fault when loading hostile phar). The fixed v5.6.30 is already in the tree and can be stabilized. The unstable 7.0 and 7.1 series also got new security releases. The 7.1 version isn't marked as such, but looking at e.g. PHP bug 73831, it should have been. In any case, since they were both unstable, I dropped the old versions immediately.
@arches, please stabilize.
Stable on alpha.
amd64 stable
Stable for HPPA PPC64.
x86 stable
ppc stable
arm stable
Already added to existing GLSA.
sparc stable
ia64 stable. Maintainer(s), please cleanup.
(In reply to Agostino Sarubbo from comment #10) > > Maintainer(s), please cleanup. Done.
This issue was resolved and addressed in GLSA 201702-29 at https://security.gentoo.org/glsa/201702-29 by GLSA coordinator Thomas Deutschmann (whissi).