Re: [SECURITY] [DLA 628-1] php5 security update

To: debian-lts-announce@lists.debian.org
Subject: Re: [SECURITY] [DLA 628-1] php5 security update
From: Jan Ingvoldstad <jan-debian-lts-2014@oyet.no>
Date: Mon, 19 Sep 2016 16:46:47 +0200
Message-id: <[🔎] 03038c85-c233-2b1c-619e-d57a0f93dfa5@oyet.no>
Mail-followup-to: debian-lts@lists.debian.org
In-reply-to: <alpine.DEB.2.02.1609181710190.23371@jupiter.server.alteholz.net>
References: <alpine.DEB.2.02.1609181710190.23371@jupiter.server.alteholz.net>

On 09/18/2016 05:12 PM, Thorsten Alteholz wrote:

Package        : php5
Version        : 5.4.45-0+deb7u5


Thanks!

   * BUG-70436.patch
     Use After Free Vulnerability in unserialize()


This one still has no CVE ID.

   * BUG-72681.patch
     PHP Session Data Injection Vulnerability, consume data even if we're
     not storing them.

I see this one got assigned CVE-2016-7125 at 2016-09-05, nice to keep inmind for future reference.


--
Cheers,
Jan

Reply to: