from $URL: issues fixed in PHP at the moment #73807 Performance problem with processing post request over 2000000 chars https://bugs.php.net/bug.php?id=73807 http://git.php.net/?p=php-src.git;a=commitdiff;h=0f8cf3b8497dc45c010c44ed9e96518e11e19fc3 #74145 wddx parsing empty boolean tag leads to SIGSEGV https://bugs.php.net/bug.php?id=74145 http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7 http://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9 #74651 negative-size-param (-1) in memcpy in zif_openssl_seal() https://bugs.php.net/bug.php?id=74651 http://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6 #74819 wddx_deserialize() heap out-of-bound read via php_parse_date() https://bugs.php.net/bug.php?id=74819 PHP 5.6 - http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7 PHP 7.0 - http://git.php.net/?p=php-src.git;a=commitdiff;h=6b18d956de38ecd8913c3d82ce96eb0368a1f9e5 Also, requests from past releases: PHP 5.6.28 + 7.0.13 #73192 parse_url return wrong hostname https://bugs.php.net/bug.php?id=73192 http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4 5.6.30 + 7.0.15 #73773 Seg fault when loading hostile phar https://bugs.php.net/bug.php?id=73773 http://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451
Arches, Please test and mark stable
ia64 stable
amd64 stable
x86 stable
Stable on alpha.
Thanks ago,klausman and slyfox any news from hppa, sparc, ppc and ppc64?
arm stable
ppc/ppc64 stable
ia64 stable (tested by Dakon)
> ia64 stable (tested by Dakon) My apologies. Meant to write "sparc stable (tested by Dakon)"
hppa stable \o/ Last arch is done here.
Thank you all, @Maintainers, please proceed to clean the tree from vulnerable versions. @Security please vote. Gentoo Security Padawan ChrisADR
The vulnerable versions are gone.
GLSA Vote: No