[SECURITY] [DLA 1878-1] php5 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1878-1] php5 security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Mon, 12 Aug 2019 23:24:17 +0200
Message-id: <[🔎] efbf0184-cde2-ba32-f27f-0780f20ba500@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : php5
Version        : 5.6.40+dfsg-0+deb8u5
CVE ID         : CVE-2019-11041 CVE-2019-11042

Two heap buffer overflows were found in the EXIF parsing code of PHP,
a widely-used open source general purpose scripting language.

For Debian 8 "Jessie", these problems have been fixed in version
5.6.40+dfsg-0+deb8u5.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1R2QEACgkQnUbEiOQ2
gwLj/g//YbVrMeI/7EqO4dxUDm+SgzS5PGIuBVg2R3O6Hmh+QLqPVdS4DTM0duoR
6+NAGj9kiYwWDZk7mloFTm5bRsKxizFmNNtz02xFMYuQzF94rDnTHyV30oLwz24T
DnLeIM+xBbGtLxsT3GetA1q10BzNvyOtsSPpf8bQQWedDdiWTDqDvX/nULk34V36
oD2nocurcn8a6WZxf3h+NzHEck7+058EiKo/RT/0VRZ6pw6zEi0hrELkfiGioNmX
DwrpnBiSj78LkV8pO4OOERuw8PWK3dFdgBunTNqKkzpzjXFukKF0nfsRYZbKxVhs
EFKfYrTCfZLb84LshbDr8IqpQuvPVrLMD1BStK5AZH8QHasnZa1MnKYNKHuKB6yU
d0r4zTDdmgBGcURKeKoVGi/kn8jB3JJMjBcDeD9zBqi9GTmdjy5D/0NVPAuRN2cH
njTi/WX7gkfsW1GXM6E63a0awkAWjhDBn/EbDFd6VZ89jOYESV5195bjy21CtayQ
vnY2ZY98CuM9SYk9/iWLidg8dT8ja3or9KO8kWkM+x2o5QohKgkR0fbXfh90NFhl
B7YD0d+a1+roYyETULpeyM7k2yuVFoEUQVF+ymDGKFbcB49rbsZSRpRPFq7fiMhE
MMaO2w8PLTe4iNMJ2yqOg4jGBYUlO6RfOcvaMPjkZK8YRbobanI=
=1fhH
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1876-1] gosa security update
Next by Date: [SECURITY] [DLA 1879-1] jackson-databind security update
Previous by thread: [SECURITY] [DLA 1876-1] gosa security update
Next by thread: [SECURITY] [DLA 1879-1] jackson-databind security update
Index(es):
- Date
- Thread