Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#8302 closed enhancement (fixed)

php-7.0.11 (CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7415 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418)

Reported by: bdubbs@… Owned by: Douglas R. Reno
Priority: highest Milestone: 8.0
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

New point version.

Change History (4)

comment:1 by Douglas R. Reno, 5 years ago

Owner: changed from blfs-book@… to Douglas R. Reno
Priority: normalhighest
Status: newassigned

This is a huge security release.

If I could get access to Openwall here at Lewis University, I'd give a CVE list. I know it ranges between 15-20 for this version.

comment:2 by Douglas R. Reno, 5 years ago

Summary: php-7.0.11php-7.0.11 (CVE-2016-7412 CVE-2016-7413 CVE-2016-7414 CVE-2016-7415 CVE-2016-7416 CVE-2016-7417 CVE-2016-7418)

Updated title with CVE numbers.

CVE-2016-7412: Heap overflow in mysqlnd related to BIT fields CVE-2016-7413: wddx_deserialize use-after-free CVE-2016-7414: Out of bounds r/w when verifying signature of zip phar in phar_parse_zipfile CVE-2016-7415: ICU: add locale length check CVE-2016-7416: PHP/ICU: add locale length check CVE-2016-7417: Missing type check when unserializing SplArray CVE-2016-7418: Out-Of-Bounds read in php_wddx_push_element

I'll give links tomorrow.

comment:3 by Douglas R. Reno, 5 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r17770

comment:4 by bdubbs@…, 5 years ago

Milestone: 7.118.0

Milestone renamed

Note: See TracTickets for help on using tickets.