[php-maint] Bug#780713: Bug#780713: CVE-2015-2331
Ondřej Surý
ondrej at sury.org
Wed Mar 18 11:22:05 UTC 2015
There are couple more heading our way:
https://bugs.php.net/bug.php?id=68976
Sec Bug #68976 Use After Free Vulnerability in unserialize()
and https://bugs.php.net/bug.php?id=69133
Sec Bug #69133 Use after free vulnerability in unserialize() with
DateInterval
also https://bugs.php.net/bug.php?id=68486
that can crash apache with apache2handler SAPI
I suggest we wait couple of days for a new upstream release and in case
it doesn't happen till end of week, I will go and cherry-pick. ok?
Cheers,
Ondrej
On Wed, Mar 18, 2015, at 10:21, Moritz Muehlenhoff wrote:
> Source: php5
> Severity: grave
> Tags: security
>
> This has been assigned CVE-2015-2331:
>
> https://bugs.php.net/bug.php?id=69253
> https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
>
> Cheers,
> Moritz
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
--
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
More information about the pkg-php-maint
mailing list