-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : php5 Version : 5.6.40+dfsg-0+deb8u4 CVE ID : CVE-2019-11039 CVE-2019-11040
Two vulnerabilities were found in PHP, a widely-used open source general purpose scripting language. CVE-2019-11039 An integer underflow in the iconv module could be exploited to trigger an out of bounds read. CVE-2019-11040 A heap buffer overflow was discovered in the EXIF parsing code. For Debian 8 "Jessie", these problems have been fixed in version 5.6.40+dfsg-0+deb8u4. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlz1AiwACgkQnUbEiOQ2 gwJ6hQ//e3FxCHkLhDfI2h1U6c2gl7iCeA3CNE8sGNcdrdhUwj6q/aO4vq7SifqD Pczdrx8eUjJqnRbvyfoC+zbVLv3Hj11EFU8RSfc5KMYjSeSWh3RZV+DR0JDtkjys SI+rShck2Ej7Ajv9XHy/xfseI2PoZ4eIOEBrZgyhMTPBULxUxzIkTUyQd0wcHQsI rAaQR/ePhH59loXagJa4HrKqRQMs0Tk6ZZo8oODbnMXpqysupfW7X/Q3kI4rn5Eq qQbsnZF8B90CptEZpUSu5VEALi4FmB7NMEMx9NjeEO93A6rvF4cFUXKlVsaSalsn U7Pl1wjlBvSJG1M5o9+g7XKCPfG5yN6/ER/NTK/zKNRcwhN6wfMc6FpsFCo6grNf YNv9rqu5ST5F4ta7NEsRo4tD4QlfAFPX6MkBpiV3oOnXe8zZ1M6ZevbNpwFuAOHX jd/T/xCrcZbhdgK2PSc+2PC+eOPbpESbl24Df5CSpNch1rt22c0GweJihYXsF2oK V/SfBN+aDvieRyaBJDRHy13N+3OuB6AiQofHh11w053SV9YUTfcgsfTB5GrqKL47 N7wqmriUIoZKKQox+ynAZ0MI6e7snuRST/r5n+U1mkh3dEl1fYfq93xLmJYX4sd1 LXat7RgOlhz1HLUNJk2vNE77a0Ykwvu6dNuwCAdqyoa1bMXTSo4= =WqNG -----END PGP SIGNATURE-----