-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : php5 Version : 5.4.45-0+deb7u10 CVE ID : CVE-2017-11628
A stack-based buffer overflow in the zend_ini_do_op() function in Zend/zend_ini_parser.c could cause a denial of service or potentially allow executing code. NOTE: this is only relevant for PHP applications that accept untrusted input (instead of the system's php.ini file) for the parse_ini_string or parse_ini_file function, e.g., a web application for syntax validation of php.ini directives. For Debian 7 "Wheezy", these problems have been fixed in version 5.4.45-0+deb7u10. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAlmhmhoACgkQ+COicpiD yXxJehAAi4uUHRCESiXSnRRNQJKqnO2D9BIDAYbUqjzDBUlSGu82TmGqbnEDJ86T W1sM1Eri0y22q8YL3IQpUQ3PJB+tYauhWZ7CcnjyuRcMquryE4Q69hhE52QP7SkR la1ZS+WrmDOJst5GGsEm0KAFhR/eZlqJkxRr4YCulz2b06o66xtLDhnnAk5uynTf rHoW8Zq3cduQns6145dC7CCLl///nTCTrWgI5ujzKMe+S98cEFiMcgneaNZXxqrH 64WoO8/dHVQwyAEiFO8RzvcdVEiEG4zfV7rfnP8kqCdI/cOVwzTNQbyy4+hEjD95 YFOR5+hr3AIVanVoHTcrnqh/GzBRF63avlqoHkl4v7osULGpIR9Uqi1p62q/Egac +YMsz502sEXPbIm3sro6ndk0aEbwS63DlG0IDtvUxNL68Yu2A3kSgHTl43oOJmBZ 1/jRqFMzmog/IHNx7TB9O27iGvVeQyllJV5bUK4b/uisqmnEjg7mD+6dJi96NrGe Od9FjrsZZM3waSytPdNAmnMSxP9uyGE3gyExaai6+H5QmlqCO99SRvykPOZtVZqm CXOkeBwehKMt/ipPIwQIzV8PWIsF+TSEnjkV+FIpb0+Ty8k0xiQF3ACzc7Vj9hyX 9aMUBQuIwk3/Usof/QdKAWl7yDFVrYIwdR0dkeehC5xmD5H8bNw= =zBiD -----END PGP SIGNATURE-----
