[SECURITY] [DLA 2124-1] php5 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2124-1] php5 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Fri, 28 Feb 2020 23:24:08 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.20.2002282321490.6110@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : php5
Version        : 5.6.40+dfsg-0+deb8u9
CVE ID         : CVE-2020-7059 CVE-2020-7060

Two issues have been found in php5, a server-side, HTML-embedded scriptinglanguage. Both issues are related to crafted data that could lead toreading after an allocated buffer and result in information disclosure orcrash.



For Debian 8 "Jessie", these problems have been fixed in version
5.6.40+dfsg-0+deb8u9.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl5ZkwhfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcXeA//ZyVc5ZUBy44U+WKJYrOqGPDmbJQX9VWsDg1+UmS6T+59RXoI/jBt3XQj
bfcoekeglrSjHLpQjU1d+zs6DL8PQrLXDGYNFKEqFDz9fmJmrMF3shii3UCusqlB
sENpgqmStWniUjgamEjIYade1sTshshExxUPkRdkdsCZS+Glormrk8JmUe54JSJO
7kCnVBN1w8ODD20Wi0b7vyyFcnn3W7kcJGeh8JA4Nr6BPGu7KkQCTouDOkvpkwKA
mEgbOa+EJO5Xe0Yj1740brLlkW0jk8BI2ftvEc/nPSAuphMXspUT7k4XQYxvqM6t
+wnXpiJDPuO4C1wJR2DKleAH2aRnVTwZ5gxOOwt6Xeb96VQkPvUmXhxNFcF2NrAv
lVXDv8fZcRVGq3ASAMigMcRDaQWu870x/Cd4CVLeDZyr3BcRy6Fvw4cX6+Id78xG
GoHgLzMtCBXCtDd/Wx+mZoGHtkgJk5Lw+Iu9sO7uEMwa8RTpU7qktEveK8cSKHGD
qqt3N7MiwuHw3aqJnGq3Ni1MQrbxJyP41eCnQtGrLOOydKghs1MV4m2P2lfdNdB4
hGvoDslKEn/h4MsDfZDJn+77w7tMY7U2u9Kr3Dq/WfUhw2xW+Mb3XVQTtpLoxO/X
pZDlypjoHFIg4bUDDogsW6yf96QvY/W9jIcCyq0LkJjczbiG1xY=
=x1Ky
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2123-1] pure-ftpd security update
Next by Date: [SECURITY] [DLA 2125-1] collabtive security update
Previous by thread: [SECURITY] [DLA 2123-1] pure-ftpd security update
Next by thread: [SECURITY] [DLA 2125-1] collabtive security update
Index(es):
- Date
- Thread