[SECURITY] [DLA 2188-1] php5 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2188-1] php5 security update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sun, 26 Apr 2020 16:08:10 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.20.2004261605550.16484@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : php5
Version        : 5.6.40+dfsg-0+deb8u11
CVE ID         : CVE-2020-7064 CVE-2020-7066 CVE-2020-7067

Three issues have been found in php5, a server-side, HTML-embeddedscripting language.


CVE-2020-7064
     A one byte out-of-bounds read, which could potentially lead to
     information disclosure or crash.

CVE-2020-7066
     An URL containing zero (\0) character will be truncated at it, which
     may cause some software to make incorrect assumptions and possibly
     send some information to a wrong server.

CVE-2020-7067
     Using a malformed url-encoded string an Out-of-Bounds read can occur.


For Debian 8 "Jessie", these problems have been fixed in version
5.6.40+dfsg-0+deb8u11.

We recommend that you upgrade your php5 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl6llcpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEfkBg/+O+XDy+I4Ec0sSX5Bh8kdAiq26ogLhpoWfJ6xQvnDZvw01h4SfVOGyvgl
v9fcRgiRSybhbCngpgE8r4XNmCPEmaMBJe4zdpTUvfMSvOOohVaXRwE8y8/0fMcC
qDJvrJfAzswvqxkarXebozYpg21KNBI8SJskTCT4aQw/zvTWEyLpWe7vAnClfxfZ
XdkIAcJk00mtHDTkn4EHDCaJMeLgIMPYyF0mKN53AOXjxX7aRmv8J6kj6TrCozhT
VjZaNH4EIrMdAHe5UFeRts9UkPU5DTqsc+XbPc2bSUD5DjHDcdrMyfcDM1lz9d01
lBacmHfTcxVx8gGN0XS9HeJq2p+XBviRIHyaT8bgaWO4RmFP7+MVYoMRMFjLhl9W
ez+A/x2gaxOrB8EfvYmV5lazU72gcY+fmBDE/xT2txp+yJukhr0EzdWszfauD+Ec
K3GFTH3iZXcTA/tVLE6/I4+yTKO+6++ul8/AtmKtQMrFcZFT/kEvixcgANJ584Mx
3YBkZEEd0fSdQG+iq0CZibpgjSd0TrSpR+ObbA0CHrDW+3uDy00MeqnHf8bXaCKN
HHjxbaRoTWMSdPyZzGe4gYZER7kCq04bHHJJwCPfoWKWZK4++W2QI5UJnmYcpAOv
7fwUdSz9kfJWPbyUJFETbnyoJ02rc/L0Fx6CyElzbrwOKAY13Ck=
=jw+E
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2186-1] ncmpc security update
Next by Date: [SECURITY] [DLA 2189-1] rzip security update
Previous by thread: [SECURITY] [DLA 2186-1] ncmpc security update
Next by thread: [SECURITY] [DLA 2189-1] rzip security update
Index(es):
- Date
- Thread