Unaffected versions in tree already.
PHP team, can we go stable with 5.5.22?
(In reply to Tobias Heinlein from comment #1) > PHP team, can we go stable with 5.5.22? Yes. Go ahead
Arches, please test and mark stable: =dev-lang/php-5.4.38 =dev-lang/php-5.5.22 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
amd64 stable
Stable for HPPA.
arm stable
x86 done
ia64 stable
ppc stable
ppc64 stable
this will continue in bug 544186
CVE-2015-0273 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-0273): Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed.
CVE-2014-9705 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9705): Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute arbitrary code via vectors that trigger creation of multiple dictionaries.
This issue was resolved and addressed in GLSA 201606-10 at https://security.gentoo.org/glsa/201606-10 by GLSA coordinator Kristian Fiskerstrand (K_F).