There are couple more heading our way: https://bugs.php.net/bug.php?id=68976
Sec Bug #68976 Use After Free Vulnerability in unserialize() and https://bugs.php.net/bug.php?id=69133 Sec Bug #69133 Use after free vulnerability in unserialize() with DateInterval also https://bugs.php.net/bug.php?id=68486 that can crash apache with apache2handler SAPI I suggest we wait couple of days for a new upstream release and in case it doesn't happen till end of week, I will go and cherry-pick. ok? Cheers, Ondrej On Wed, Mar 18, 2015, at 10:21, Moritz Muehlenhoff wrote: > Source: php5 > Severity: grave > Tags: security > > This has been assigned CVE-2015-2331: > > https://bugs.php.net/bug.php?id=69253 > https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 > > Cheers, > Moritz > > _______________________________________________ > pkg-php-maint mailing list > pkg-php-ma...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint -- Ondřej Surý <ond...@sury.org> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
