CVE-2019-11043 PHP+Nginx remote code execution

Hi A Z,
I'm not sure what VLC has to do with it, but I know that the CVE is being dealt with by the security team at the moment.

=> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-11043.html

@Marc it is assigned to you so I subscribe you here to close the bug when it got released.

Status changed to 'Confirmed' because the bug affects multiple users.

I see that updated packages have come out for PHP 7 (https://usn.ubuntu.com/4166-1/), thanks!

Will you also do a release for PHP 5 on the ESM 14.04? Although the public exploit does not (yet) work with PHP 5, it is still affected. Debian Jessie already released an update on the weekend for PHP 5.6 for example.

Thanks again

@mig5 - php5 is covered by 14.04 ESM - see https://wiki.ubuntu.com/SecurityTeam/ESM/14.04 - so there will be a corresponding release for this.

https://usn.ubuntu.com/4166-2/ provided the fix for 14.04 ESM so all supported releases are patched. As such, closing.