Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP1:GA
patchinfo.5534
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.5534
<patchinfo incident="5534"> <issue id="1057845" tracker="bnc">L3: PHP7 Fatal error - Namespace encapsulation not working</issue> <issue id="1057104" tracker="bnc">php7-devel package should require php7-pear</issue> <issue id="1054432" tracker="bnc">VUL-0: CVE-2017-12932: php7: ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x through7.1.8 is prone to a heap use after free while unserializing untrusted data,related to improper use of the hash API for key deletion</issue> <issue id="1054408" tracker="bnc">VUL-0: CVE-2017-12934: php7: ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x before7.1.7 is prone to a heap use after free while unserializing untrusted data,related to the zval_get_type function in Zend/zend_types.h</issue> <issue id="1054430" tracker="bnc">VUL-0: CVE-2017-12933: php5,php7,php53: The finish_nested_data function in ext/standard/var_unserializer.re in PHPbefore 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a bufferover-read while unserializing untrusted data.</issue> <issue id="2017-12933" tracker="cve" /> <issue id="2017-12934" tracker="cve" /> <issue id="2017-12932" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>pgajdos</packager> <description>This update for php7 fixes several issues. These security issues were fixed: - CVE-2017-12932: Prevent heap use after free while unserializing untrusted data, related to improper use of the hash API for key deletion in a situation with an invalid array size. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054432). - CVE-2017-12934: Prevent heap use after free while unserializing untrusted data, related to the zval_get_type function in Zend/zend_types.h. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054408). - CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430) These non-security issues were fixed: - bsc#1057104: php7-devel now requires php7-pear - bsc#1057845: Fixed namespace encapsulation of imported classes/functions/constants </description> <summary>Security update for php7</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor