Re: Security update of PHP 5.4?

To: Jan Ingvoldstad <jan-debian-lts-2014@oyet.no>
Cc: debian-lts@lists.debian.org
Subject: Re: Security update of PHP 5.4?
From: Thorsten Alteholz <debian@alteholz.de>
Date: Tue, 23 Aug 2016 19:56:31 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.02.1608231950100.9648@jupiter.server.alteholz.net>
In-reply-to: <[🔎] abf5c555-949c-b2f8-3748-9e6a16a9bb57@oyet.no>
References: <[🔎] abf5c555-949c-b2f8-3748-9e6a16a9bb57@oyet.no>

Hi Jan,

On Tue, 23 Aug 2016, Jan Ingvoldstad wrote:

It looks as if the patches for unserializing and session handling arerelevant, possibly others:
https://bugs.php.net/bug.php?id=70436
https://bugs.php.net/bug.php?id=72681

do you know whether there has been a CVE assigned for these bugs already?As far as I can see there is none yet.

Anyway, I plan to upload a new version in the next few days and I can addpatches for these bugs as well ...


  Thorsten

Reply to:

Follow-Ups:
- Re: Security update of PHP 5.4?
  - From: Jan Ingvoldstad <jan-debian-lts-2014@oyet.no>

References:
- Security update of PHP 5.4?
  - From: Jan Ingvoldstad <jan-debian-lts-2014@oyet.no>

Prev by Date: Re: Security update of PHP 5.4?
Next by Date: Re: matrixssl
Previous by thread: Re: Security update of PHP 5.4?
Next by thread: Re: Security update of PHP 5.4?
Index(es):
- Date
- Thread