Re: [SECURITY] [DSA 2974-1] php5 security update
On 18. juli 2014, at 16:28, Marko Randjelovic <marko-r@sbb.rs> wrote:
> Hi,
Hi!
>
> Some patches from 5.4.4-14+deb7u12 could be unmodified or with
> modifications applied to 5.3.3-7+squeeze20. Some of them may be
> relevant for security. Since I am not a DD, patches I found could be
> useful are attached with eventual my modifications. I don't know if
> they solve the problems nor if they do not make new bugs.
>
> patch affected solved
> --------------------------------------------------------------- -------- ------
> proc_open-separate-environment-values-that-arent-strings.patch ? ?
> Out-of-memory-on-command-stream_get_contents.patch y y
> stream_socket_server-creates-wrong-Abstract-Namespace-UNIX-sock y y
> exit-in-stream-filter-produces-segfault.patch y y
> fpassthru-broken.patch partial ?
> openssl_seal-memory-leak.patch y ?
> Segfault-in-mysqli_stmt-bind_result-when-link-closed.patch ? ?
> Segmentation-fault-after-memory_limit.patch ? ?
> bug67498.patch y ?
> CVE-2014-3480.patch ? ?
It's a bit hard for me to read this, but I assume you're referring to DSA 2974-1.
Several (if not all) of the issues in DSA 2974-1 are relevant to PHP 5.3.3.
Judging from the patch labels, I would say that these should be applied.
--
Cheers,
Jan
Reply to: