Attachment #159952 for bug #202386

View | Details | Raw Unified | Return to bug 202386
Collapse All | Expand All





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="787ef75e-44da-11e5-93ad-002590263bf5">
    <topic>php5 -- multiple vulnerabilities</topic>
    <affects>
      <package>
	<name>php5</name>
	<name>php5-openssl</name>
	<name>php5-phar</name>
	<name>php5-soap</name>
	<range><lt>5.4.44</lt></range>
      </package>
      <package>
	<name>php55</name>
	<name>php55-openssl</name>
	<name>php55-phar</name>
	<name>php55-soap</name>
	<range><lt>5.5.28</lt></range>
      </package>
      <package>
	<name>php56</name>
	<name>php56-openssl</name>
	<name>php56-phar</name>
	<name>php56-soap</name>
	<range><lt>5.6.12</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The PHP project reports:</p>
	<blockquote cite="http://php.net/ChangeLog-5.php">
	  <p>Core:</p>
	  <ul>
	    <li>Fixed bug #69793 (Remotely triggerable stack exhaustion via
	      recursive method calls).</li>
	    <li>Fixed bug #70121 (unserialize() could lead to unexpected methods
	      execution / NULL pointer deref).</li>
	  </ul>
	  <p>OpenSSL:</p>
	  <ul>
	    <li>Fixed bug #70014 (openssl_random_pseudo_bytes() is not
	      cryptographically secure).</li>
	  </ul>
	  <p>Phar:</p>
	  <ul>
	    <li>Improved fix for bug #69441.</li>
	    <li>Fixed bug #70019 (Files extracted from archive may be placed
	      outside of destination directory).</li>
	  </ul>
	  <p>SOAP:</p>
	  <ul>
	    <li>Fixed bug #70081 (SoapClient info leak / null pointer
	      dereference via multiple type confusions).</li>
	  </ul>
	  <p>SPL:</p>
	  <ul>
	    <li>Fixed bug #70068 (Dangling pointer in the unserialization of
	      ArrayObject items).</li>
	    <li>Fixed bug #70166 (Use After Free Vulnerability in unserialize()
	      with SPLArrayObject).</li>
	    <li>Fixed bug #70168 (Use After Free Vulnerability in unserialize()
	      with SplObjectStorage).</li>
	    <li>Fixed bug #70169 (Use After Free Vulnerability in unserialize()
	      with SplDoublyLinkedList).</li>
	  </ul>
	</blockquote>
      </body>
    </description>
    <references>
      <url>http://php.net/ChangeLog-5.php#5.4.44</url>
      <url>http://php.net/ChangeLog-5.php#5.5.28</url>
      <url>http://php.net/ChangeLog-5.php#5.6.12</url>
    </references>
    <dates>
      <discovery>2015-08-06</discovery>
      <entry>2015-08-17</entry>
    </dates>
  </vuln>

  <vuln vid="6241b5df-42a1-11e5-93ad-002590263bf5">
    <topic>mediawiki -- multiple vulnerabilities</topic>
    <affects>

Return to bug 202386

Lines 58-63 Link Here

(-)vuln.xml (+77 lines)
58		58
59	-->	59	-->
60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	60	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		61	<vuln vid="787ef75e-44da-11e5-93ad-002590263bf5">
		62	<topic>php5 -- multiple vulnerabilities</topic>
		63	<affects>
		64	<package>
		65	<name>php5</name>
		66	<name>php5-openssl</name>
		67	<name>php5-phar</name>
		68	<name>php5-soap</name>
		69	<range><lt>5.4.44</lt></range>
		70	</package>
		71	<package>
		72	<name>php55</name>
		73	<name>php55-openssl</name>
		74	<name>php55-phar</name>
		75	<name>php55-soap</name>
		76	<range><lt>5.5.28</lt></range>
		77	</package>
		78	<package>
		79	<name>php56</name>
		80	<name>php56-openssl</name>
		81	<name>php56-phar</name>
		82	<name>php56-soap</name>
		83	<range><lt>5.6.12</lt></range>
		84	</package>
		85	</affects>
		86	<description>
		87	<body xmlns="http://www.w3.org/1999/xhtml">
		88	<p>The PHP project reports:</p>
		89	<blockquote cite="http://php.net/ChangeLog-5.php">
		90	<p>Core:</p>
		91	<ul>
		92	<li>Fixed bug #69793 (Remotely triggerable stack exhaustion via
		93	recursive method calls).</li>
		94	<li>Fixed bug #70121 (unserialize() could lead to unexpected methods
		95	execution / NULL pointer deref).</li>
		96	</ul>
		97	<p>OpenSSL:</p>
		98	<ul>
		99	<li>Fixed bug #70014 (openssl_random_pseudo_bytes() is not
		100	cryptographically secure).</li>
		101	</ul>
		102	<p>Phar:</p>
		103	<ul>
		104	<li>Improved fix for bug #69441.</li>
		105	<li>Fixed bug #70019 (Files extracted from archive may be placed
		106	outside of destination directory).</li>
		107	</ul>
		108	<p>SOAP:</p>
		109	<ul>
		110	<li>Fixed bug #70081 (SoapClient info leak / null pointer
		111	dereference via multiple type confusions).</li>
		112	</ul>
		113	<p>SPL:</p>
		114	<ul>
		115	<li>Fixed bug #70068 (Dangling pointer in the unserialization of
		116	ArrayObject items).</li>
		117	<li>Fixed bug #70166 (Use After Free Vulnerability in unserialize()
		118	with SPLArrayObject).</li>
		119	<li>Fixed bug #70168 (Use After Free Vulnerability in unserialize()
		120	with SplObjectStorage).</li>
		121	<li>Fixed bug #70169 (Use After Free Vulnerability in unserialize()
		122	with SplDoublyLinkedList).</li>
		123	</ul>
		124	</blockquote>
125	</body>
126	</description>
127	<references>
128	<url>http://php.net/ChangeLog-5.php#5.4.44</url>
129	<url>http://php.net/ChangeLog-5.php#5.5.28</url>
130	<url>http://php.net/ChangeLog-5.php#5.6.12</url>
131	</references>
132	<dates>
133	<discovery>2015-08-06</discovery>
134	<entry>2015-08-17</entry>
135	</dates>
136	</vuln>
137
61	<vuln vid="6241b5df-42a1-11e5-93ad-002590263bf5">	138	<vuln vid="6241b5df-42a1-11e5-93ad-002590263bf5">
62	<topic>mediawiki -- multiple vulnerabilities</topic>	139	<topic>mediawiki -- multiple vulnerabilities</topic>
63	<affects>	140	<affects>