PHP Updates for CVE-2013-6420
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
| IUS Community Project |
Undecided
|
bharper |
Bug Description
RedHat has released PHP updates for PHP 5.1, 5.3, 5.4. See https:/
Seems this would affect many IUS versions as well, though I don't see any references to it (yet?) on php.net.
CVE References
information type: | Private Security → Public Security |
bharper (bharper) wrote : | #2 |
I have built php53u-5.3.27-2, php54-5.4.22-2 and php55u-5.5.6-3 with the patch from PHP's git repo and they have been tagged testing-candidate. They will be in placed in the testing repos tonight and can take around 24 hours to hit all the mirrors.
See the following for information on how to use the testing repo:
http://
-Ben
Changed in ius: | |
status: | New → Fix Released |
Changed in ius: | |
status: | Fix Released → Fix Committed |
bharper (bharper) wrote : | #3 |
Two days after Red Hat released their updates, PHP released new versions that included fixes for this CVE. The php53u-5.3.27-2, php54-5.4.22-2 and php55u-5.5.6-3 package have been taken out the stable repos and the updated PHP packages have already made their way into the stable repos. See the following bugs:
https:/
https:/
https:/
-Ben
Changed in ius: | |
status: | Fix Committed → Fix Released |
Hello Jeff,
Thanks for taking the time to submit this bug. So far the only reference I can find from PHP is from their git repo:
http:// git.php. net/?p= php-src. git;a=commit; h=c1224573c773b 6845e83505f717f bf820fc18415
The update to the NEWS file would appear that a new release of PHP is coming out tomorrow:
http:// git.php. net/?p= php-src. git;a=blobdiff; f=NEWS; h=8abf65e05b029 8a6f2dba9439c95 13919234766f; hp=70461d97d85c 65e01e739514923 303b09257f65f; hb=c1224573c773 b6845e83505f717 fbf820fc18415; hpb=32873cd0dde a7df8062213bb02 5beb6fb070e59d
It would appear that our php53u, php54 and php55u packages are effected. I will work on applying to this patch, just encase the new PHP is not released tomorrow.
-Ben