524972 – (CVE-2014-3622) <dev-lang/php-5.6.2: Posthandler Potential Illegal efree() vulnerability (CVE-2014-3622)

Bug 524972 (CVE-2014-3622) - <dev-lang/php-5.6.2: Posthandler Potential Illegal efree() vulnerability (CVE-2014-3622)

Summary: <dev-lang/php-5.6.2: Posthandler Potential Illegal efree() vulnerability (CVE...

Status:	RESOLVED FIXED

Alias:	CVE-2014-3622

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	~2 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2014-10-10 16:05 UTC by Agostino Sarubbo
Modified:	2014-10-20 09:46 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2014-10-10 16:05:06 UTC

From ${URL} :

It was found [1] that there's an issue in php which in some cases may lead to remote code 
execution.

[1]: https://bugs.php.net/bug.php?id=68088


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 1 Yury German Gentoo Infrastructure

2014-10-15 04:09:00 UTC

As per upstream this is fixed in: 5.6.0

https://bugs.php.net/bug.php?id=68088

Maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.

Comment 2 Ole Markus With (RETIRED) gentoo-dev

2014-10-17 12:39:43 UTC

As I understand it, it seems like only php 5.6.0 was affected, but the 5.6 slot has no stable version.

As no stable version was affected, there is no need for stabilisation. Affected version removed from the tree.