PHP Updates for CVE-2013-6420

Hello Jeff,

Thanks for taking the time to submit this bug. So far the only reference I can find from PHP is from their git repo:

http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415

The update to the NEWS file would appear that a new release of PHP is coming out tomorrow:

http://git.php.net/?p=php-src.git;a=blobdiff;f=NEWS;h=8abf65e05b0298a6f2dba9439c9513919234766f;hp=70461d97d85c65e01e739514923303b09257f65f;hb=c1224573c773b6845e83505f717fbf820fc18415;hpb=32873cd0ddea7df8062213bb025beb6fb070e59d

It would appear that our php53u, php54 and php55u packages are effected. I will work on applying to this patch, just encase the new PHP is not released tomorrow.

-Ben

I have built php53u-5.3.27-2, php54-5.4.22-2 and php55u-5.5.6-3 with the patch from PHP's git repo and they have been tagged testing-candidate. They will be in placed in the testing repos tonight and can take around 24 hours to hit all the mirrors.

See the following for information on how to use the testing repo:

http://iuscommunity.org/pages/FAQs.html?highlight=testing#how-do-i-install-packages-from-testing

-Ben

Two days after Red Hat released their updates, PHP released new versions that included fixes for this CVE. The php53u-5.3.27-2, php54-5.4.22-2 and php55u-5.5.6-3 package have been taken out the stable repos and the updated PHP packages have already made their way into the stable repos. See the following bugs:

https://bugs.launchpad.net/ius/+bug/1260691
https://bugs.launchpad.net/ius/+bug/1260685
https://bugs.launchpad.net/ius/+bug/1260688

-Ben