openssl_random_pseudo_bytes() security bug and PHP packages

Bug #1534203 reported by vinc-q
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php5 (Ubuntu)
Fix Released
Undecided
Unassigned
Precise
Fix Released
Medium
Marc Deslauriers
Trusty
Fix Released
Medium
Marc Deslauriers
Vivid
Won't Fix
Medium
Marc Deslauriers
Wily
Fix Released
Medium
Marc Deslauriers
Xenial
Fix Released
Undecided
Unassigned

Bug Description

Maybe Ubuntu official PHP packages aren't patched against openssl_random_pseudo_bytes() security bug (https://bugs.php.net/bug.php?id=70014). The vulnerability is corrected in the versions
5.6.12, 5.5.28, 5.4.44, so it might be still affecting the currently supported Ubuntu PHP packages (5.6.11, 5.6.4, 5.5.9).

vinc-q (vinc-q)
information type: Public → Public Security
Changed in php5 (Ubuntu Xenial):
status: New → Fix Released
Changed in php5 (Ubuntu Precise):
status: New → Confirmed
Changed in php5 (Ubuntu Trusty):
status: New → Confirmed
Changed in php5 (Ubuntu Vivid):
status: New → Confirmed
Changed in php5 (Ubuntu Wily):
status: New → Confirmed
Changed in php5 (Ubuntu Precise):
importance: Undecided → Medium
Changed in php5 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in php5 (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in php5 (Ubuntu Vivid):
importance: Undecided → Medium
Changed in php5 (Ubuntu Wily):
importance: Undecided → Medium
Changed in php5 (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in php5 (Ubuntu Vivid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in php5 (Ubuntu Wily):
assignee: nobody → Marc Deslauriers (mdeslaur)
Revision history for this message
Nish Aravamudan (nacc) wrote :
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This was fixed in the following security update:

http://www.ubuntu.com/usn/usn-2952-1/

Changed in php5 (Ubuntu Precise):
status: Confirmed → Fix Released
Changed in php5 (Ubuntu Trusty):
status: Confirmed → Fix Released
Changed in php5 (Ubuntu Vivid):
status: Confirmed → Won't Fix
Changed in php5 (Ubuntu Wily):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.