[php-maint] Bug#780713: Bug#780713: CVE-2015-2331

Ondřej Surý ondrej at sury.org
Wed Mar 18 11:22:05 UTC 2015

There are couple more heading our way:


Sec Bug #68976   Use After Free Vulnerability in unserialize()

and https://bugs.php.net/bug.php?id=69133

Sec Bug #69133  Use after free vulnerability in unserialize() with

also https://bugs.php.net/bug.php?id=68486

that can crash apache with apache2handler SAPI

I suggest we wait couple of days for a new upstream release and in case
it doesn't happen till end of week, I will go and cherry-pick. ok?


On Wed, Mar 18, 2015, at 10:21, Moritz Muehlenhoff wrote:
> Source: php5
> Severity: grave
> Tags: security
> This has been assigned CVE-2015-2331:
> https://bugs.php.net/bug.php?id=69253
> https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
> Cheers,
>         Moritz
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint

Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server

More information about the pkg-php-maint mailing list