php5 security update

To: debian-lts-announce@lists.debian.org
Subject: php5 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 27 Jun 2014 13:29:37 +0200
Message-id: <[🔎] 20140627112936.GA4799@pisco.westfalen.local>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Package        : php5
Version        : 5.3.3-7+squeeze20
CVE ID         : CVE-2014-4049

It was discovered that PHP, a general-purpose scripting
language commonly used for web application development, is
vulnerable to a heap-based buffer overflow in the DNS TXT
record parsing. A malicious server or man-in-the-middle
attacker could possibly use this flaw to execute arbitrary
code as the PHP interpreter if a PHP application uses
dns_get_record() to perform a DNS query.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJTrVFEAAoJEBDCk7bDfE42ccAP/2ec9fV9p2i3W0R4A5QKI01X
81sOSwuAN1XJPNL5dWFb2Ju711T2T+PnJNKqRLraVkW2AhHpCcvcV/M7yv7tIHgq
BMrXZTsC4FKghrjsmFw+5oh52p/Ryx5v/wAmKsITFDOeBaTxqhHrwL0V9tdmxmma
SNyCEF04HsQKGcg3Og8B4hBth5jFuIl7QvaLk8aadPTdNKAm9LmZlrEmIsKXGv+Q
Z6tkXRdjW2sgB3gcDF2VbrItvx8iTmwBnnwQqO8WJVcEBSMXgx3OLj02vglO0YrS
8nwkdzZyiqDS0bhBtKZWJ+QP8vOygI6vDqa0v0XDTl63+FLCAnENhoItwxrkV0xn
5t+QBhluCZrh2EnJO2Sh8a0UNSP0mopRXXq8xLwEmz8xkTEzu0TCDZ9UWdx54/dq
0F8VqhXZNrRlq7v97v4qgc16JkMqj8cW9bkThQA2PLscH1NnAFZHKcbyOZgFwOVP
SxytwU2Hzqhb/iuqaoxnAwPkoa0uY2C92PbGrA7TCk1JcYgfZGR/dJtaQ+E60ARx
jQBau3hZogcLi7p5SkqsaXN9IfPg8Wth1nzV7Ccc9z2l+grKmr4bSs0W8U+HR+2t
sEWvyy2okIXyHA7uDIXXtrRCuTc4sX925bpFUsmX0S7PKMpjeIl9O1A/VmgFHLho
cQTHP0PnatUIe9RTXvB4
=MIsc
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: lxml security update
Next by Date: libemail-address-perl security update
Previous by thread: lxml security update
Next by thread: libemail-address-perl security update
Index(es):
- Date
- Thread