Bug 210491 - lang/php70: Update to 7.0.8 (Security fixes)
Summary: lang/php70: Update to 7.0.8 (Security fixes)
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Martin Wilke
URL: http://php.net/ChangeLog-7.php#7.0.8
Keywords: patch, patch-ready, security
Depends on:
Blocks:
 
Reported: 2016-06-23 12:46 UTC by VK
Modified: 2016-06-25 22:25 UTC (History)
3 users (show)

See Also:
bugzilla: maintainer-feedback? (miwi)
junovitch: merge-quarterly+


Attachments
7.0.8 patch (782 bytes, patch)
2016-06-23 19:48 UTC, FiLiS
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description VK freebsd_triage 2016-06-23 12:46:19 UTC
Please update php70 to 7.0.8, contains security fixes.

* Changelog: http://php.net/ChangeLog-7.php#7.0.8
* Possibly also related to: http://openwall.com/lists/oss-security/2016/06/23/2

I'm currently unable to produce patches (vuxml + php70), I'll see if I have some time to do so later. So I'm opening this to track progress for the issue, and give heads up with regards to the security issues involved.
Comment 1 VK freebsd_triage 2016-06-23 12:55:35 UTC
Btw, miwi@, my apologies, I'm not ignoring your maintainership, I usually want to come up with a solution first, that's why I mentioned I couldn't prepare the patches at the moment. :)
Comment 2 FiLiS 2016-06-23 19:48:48 UTC
Created attachment 171721 [details]
7.0.8 patch
Comment 3 commit-hook freebsd_committer 2016-06-25 22:19:19 UTC
A commit references this bug:

Author: junovitch
Date: Sat Jun 25 22:18:24 UTC 2016
New revision: 417490
URL: https://svnweb.freebsd.org/changeset/ports/417490

Log:
  Docment security issues fixed in PHP 7.0.8, 5.6.23, and 5.5.37

  PR:		210491
  PR:		210502
  Reported by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
  Reported by:	Philip Jocks <freebsdbugs@filis.org>
  Security:	CVE-2015-8874
  Security:	CVE-2016-5766
  Security:	CVE-2016-5767
  Security:	CVE-2016-5768
  Security:	CVE-2016-5769
  Security:	CVE-2016-5770
  Security:	CVE-2016-5771
  Security:	CVE-2016-5772
  Security:	CVE-2016-5773
  Security:	https://vuxml.FreeBSD.org/freebsd/66d77c58-3b1d-11e6-8e82-002590263bf5.html

Changes:
  head/security/vuxml/vuln.xml
Comment 4 commit-hook freebsd_committer 2016-06-25 22:21:26 UTC
A commit references this bug:

Author: junovitch
Date: Sat Jun 25 22:20:31 UTC 2016
New revision: 417495
URL: https://svnweb.freebsd.org/changeset/ports/417495

Log:
  lang/php70: update 7.0.7 -> 7.0.8

  PR:		210491
  Reported by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
  Submitted by:	Philip Jocks <freebsdbugs@filis.org>
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2015-8874
  Security:	CVE-2016-5766
  Security:	CVE-2016-5767
  Security:	CVE-2016-5768
  Security:	CVE-2016-5769
  Security:	CVE-2016-5770
  Security:	CVE-2016-5771
  Security:	CVE-2016-5772
  Security:	CVE-2016-5773
  Security:	https://vuxml.FreeBSD.org/freebsd/66d77c58-3b1d-11e6-8e82-002590263bf5.html
  MFH:		2016Q2

Changes:
  head/lang/php70/Makefile
  head/lang/php70/distinfo
Comment 5 commit-hook freebsd_committer 2016-06-25 22:21:28 UTC
A commit references this bug:

Author: junovitch
Date: Sat Jun 25 22:20:56 UTC 2016
New revision: 417496
URL: https://svnweb.freebsd.org/changeset/ports/417496

Log:
  MFH: r417495

  lang/php70: update 7.0.7 -> 7.0.8

  PR:		210491
  Reported by:	Vladimir Krstulja <vlad-fbsd@acheronmedia.com>
  Submitted by:	Philip Jocks <freebsdbugs@filis.org>
  Approved by:	ports-secteam (with hat)
  Security:	CVE-2015-8874
  Security:	CVE-2016-5766
  Security:	CVE-2016-5767
  Security:	CVE-2016-5768
  Security:	CVE-2016-5769
  Security:	CVE-2016-5770
  Security:	CVE-2016-5771
  Security:	CVE-2016-5772
  Security:	CVE-2016-5773
  Security:	https://vuxml.FreeBSD.org/freebsd/66d77c58-3b1d-11e6-8e82-002590263bf5.html

Changes:
_U  branches/2016Q2/
  branches/2016Q2/lang/php70/Makefile
  branches/2016Q2/lang/php70/distinfo
Comment 6 Jason Unovitch freebsd_committer 2016-06-25 22:25:41 UTC
Vladimir, thank you for the report.
Philip, thank you for the patch.  The patch has been committed in head and quarterly and an associated VuXML has been documented.