[SECURITY] [DLA 2345-1] php7.0 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2345-1] php7.0 security update
From: "Chris Lamb" <lamby@debian.org>
Date: Wed, 26 Aug 2020 11:48:56 +0100
Message-id: <[🔎] 159843867013.1735235.1571490508869030664@tinycat.chris-lamb.co.uk>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2345-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
August 26, 2020                               https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : php7.0
Version        : 7.0.33-0+deb9u9
CVE ID         : CVE-2020-7068

It was discovered that there was a use-after-free vulnerability when
parsing PHAR files, a method of putting entire PHP applications into
a single file.

For Debian 9 "Stretch", this problem has been fixed in version
7.0.33-0+deb9u9.

We recommend that you upgrade your php7.0 packages.

For the detailed security status of php7.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.0

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl9GPQsACgkQHpU+J9Qx
HljVjBAAjz0h5aeM/9wAZfX4i/SfvXiqX+w40yIlLNC+rtvr8TieFuwLBI53aatI
xWzyvbwd63Jigoc/vbxIfCX03V0pWw8Y7Vs914MCFFPvKRDYn4pi8MNgzbv7hFrM
b28BrOiKjCoLoH50hZ3+beJ1tvROjszyaoimgED/RPTcBmmj69ZeT8GIcEJxnIPX
aw5fJKs8KUYbGcD7Kg9go3jgS7t2yXhFAPAFTOeQcLRJdcfrS3Vv6RyanQ5ml5r2
wQCNnbxAddftX1YOcHtG01GohR4FEjrnPguZruZRDVDraf5C6ar3DdFsncEirYRl
ejKiYbWZHyVmzosTI/LuiR6+QgfgCArxF+QQzZOLzo7isNpVKKN0tJ1AhLAV3pk0
rPTotdLKYJUv32JBBmGggyP32BZ6QBbZbnZmbOvxbvDIIaDoozXqfvp27cFshxrq
jLInlxgCJyPhw71PL43dAPmZPoyA8kGWnlFIMxUY/o1/I2vvTokFVyj08YuEMm0k
7ePTJJc2ipvCQ6yhUuFmiC69n2rpy65lmQgoImEBGhj0XqhqX5nkNHkhahuKUAyj
9OlecHZ9DPDbzEYc5HkJVJT6QtYJ4t80Hzsq3fgt0ultWyJ+7WGVCcNAn2Tu5VVy
Qypp4RIFUVMb0p7nI/FNAnP5IXEoN1pRKnUp6RzuI4cOCBPvYV4=
=yN+e
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2338-2] proftpd-dfsg regression update
Next by Date: [SECURITY] [DLA 2346-1] firefox-esr security update
Previous by thread: [SECURITY] [DLA 2338-2] proftpd-dfsg regression update
Next by thread: [SECURITY] [DLA 2346-1] firefox-esr security update
Index(es):
- Date
- Thread