From ${URL} : Description A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an error within the "php_quot_print_encode()" function (ext/standard/quot_print.c) when parsing passed strings, which can be exploited to cause a heap-based buffer overflow. Successful exploitation may allow execution of arbitrary code. NOTE: Additionally, a security issue exists when parsing mimetype for MP3 files, which can be exploited to cause a crash in version 5.4.15. The vulnerability is reported in versions prior to 5.4.16 and 5.3.26. Solution Update to version 5.4.16 or 5.3.26. Provided and/or discovered by Reported by the vendor. Original Advisory http://php.net/archive/2013.php#id2013-06-06-2 http://www.php.net/ChangeLog-5.php @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Ebuilds in portage. Please go ahead with stabilisation.
Sure, why not. Arches, please stabilize =dev-lang/php-5.3.26 and =dev-lang/php-5.4.16, target arches for both: alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86. Thanks!
Stable for HPPA.
Arches, please test and mark stable: =dev-lang/php-5.3.26 =dev-lang/php-5.4.16 =app-admin/eselect-php-0.7.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86"
amd64 stable
x86 stable
(In reply to Agostino Sarubbo from comment #4) > Arches, please test and mark stable: > =dev-lang/php-5.3.26 > =dev-lang/php-5.4.16 > =app-admin/eselect-php-0.7.1 > Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" Arches, please test and mark stable: =dev-lang/php-5.3.26 =dev-lang/php-5.4.17 =app-admin/eselect-php-0.7.1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86" It fixes also bug 474656 and bug 472204
ia64 stable
Re-adding completed 5.3.26 arches. Please test and stable =dev-lang/php-5.3.27, target arches alpha amd64 arm hppa ia64 ppc ppc64 s390 sh sparc x86, in order to also fix bug 476570 (this seemed like the simplest way, instead of adding several more blockers).
ppc stable
(In reply to Chris Reffett from comment #11) > Re-adding completed 5.3.26 arches. Please test and stable > =dev-lang/php-5.3.27, target arches alpha amd64 arm hppa ia64 ppc ppc64 s390 > sh sparc x86, in order to also fix bug 476570 (this seemed like the simplest > way, instead of adding several more blockers). I don't see that version in tree
ppc64 stable
alpha stable
arm stable
sh stable
sparc stable
*** Bug 470284 has been marked as a duplicate of this bug. ***
s390 stable
Thank you, GLSA request filed.
CVE-2013-2110 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2110): Heap-based buffer overflow in the php_quot_print_encode function in ext/standard/quot_print.c in PHP before 5.3.26 and 5.4.x before 5.4.16 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted argument to the quoted_printable_encode function.
This issue was resolved and addressed in GLSA 201408-11 at http://security.gentoo.org/glsa/glsa-201408-11.xml by GLSA coordinator Kristian Fiskerstrand (K_F).
