PHP Updates for CVE-2013-6420
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| | IUS Community Project |
Undecided
|
bharper | ||
Bug Description
RedHat has released PHP updates for PHP 5.1, 5.3, 5.4. See https:/
Seems this would affect many IUS versions as well, though I don't see any references to it (yet?) on php.net.
CVE References
| information type: | Private Security → Public Security |
| bharper (bharper) wrote : | #2 |
I have built php53u-5.3.27-2, php54-5.4.22-2 and php55u-5.5.6-3 with the patch from PHP's git repo and they have been tagged testing-candidate. They will be in placed in the testing repos tonight and can take around 24 hours to hit all the mirrors.
See the following for information on how to use the testing repo:
http://
-Ben
| Changed in ius: | |
| status: | New → Fix Released |
| Changed in ius: | |
| status: | Fix Released → Fix Committed |
| bharper (bharper) wrote : | #3 |
Two days after Red Hat released their updates, PHP released new versions that included fixes for this CVE. The php53u-5.3.27-2, php54-5.4.22-2 and php55u-5.5.6-3 package have been taken out the stable repos and the updated PHP packages have already made their way into the stable repos. See the following bugs:
https:/
https:/
https:/
-Ben
| Changed in ius: | |
| status: | Fix Committed → Fix Released |
Hello Jeff,
Thanks for taking the time to submit this bug. So far the only reference I can find from PHP is from their git repo:
http://
The update to the NEWS file would appear that a new release of PHP is coming out tomorrow:
http://
It would appear that our php53u, php54 and php55u packages are effected. I will work on applying to this patch, just encase the new PHP is not released tomorrow.
-Ben