-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Package : php5 Version : 5.3.3-7+squeeze20 CVE ID : CVE-2014-3515 CVE-2014-0207 CVE-2014-3480 CVE-2014-4721
[CVE-2014-3515]: fix unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion [CVE-2014-0207]: fileinfo: cdf_read_short_sector insufficient boundary check [CVE-2014-3480]: fileinfo: cdf_count_chain insufficient boundary check [CVE-2014-4721]: The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHP_AUTH_PW, PHP_AUTH_TYPE, PHP_AUTH_USER, and PHP_SELF variables, which might allow context-dependent attackers to obtain sensitive information from process memory by using the integer data type with crafted values, related to a "type confusion" vulnerability, as demonstrated by reading a private SSL key in an Apache HTTP Server web-hosting environment with mod_ssl and a PHP 5.3.x mod_php. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFT0AjE02K2KlS5mJARAt5+AJ0Vj+Ok7ngPeCJ+AMPiV8uP2nRIeQCeO1yf 0HB5GUpQZplV8gaX2VsM8XI= =kZPc -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-lts-announce-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/pine.lnx.4.64.1407232101520.5...@tor.gallien.in-chemnitz.de