-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3198-1 security@xxxxxxxxxx http://www.debian.org/security/ Moritz Muehlenhoff March 20, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php5 CVE ID : CVE-2015-2301 CVE-2015-2331 Multiple vulnerabilities have been discovered in the PHP language: CVE-2015-2301 Use-after-free in the phar extension. CVE-2015-2331 Emmanuel Law discovered an integer overflow in the processing of ZIP archives, resulting in denial of service or potentially the execution of arbitrary code. For the stable distribution (wheezy), these problems have been fixed in version 5.4.39-0+deb7u1. This update also fixes a regression in the curl support introduced in DSA 3195. For the unstable distribution (sid), these problems will be fixed soon. We recommend that you upgrade your php5 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJVDFjtAAoJEBDCk7bDfE42QWUP/AwLl9c70jCgYqGBTYSHf6qV 1/oFMLL2wX3luvlbU4u8/WIJMBz5JEVoIZiJlFI4JM8NW4jzRV6K7mMCFqeB16zY VLIPjujtcGMQg7xgG1mC5Z08Fe65Er9M7ZUKtGW6znjybYVmLiXDYEnjnTgLfLVM tdKhPdOCRY6srWhejy6bGRQ2mO46YeDm8eyAQA5csC1Vv+Q4GLSi66qYO7EXmo4x zpiFQWDgn1WTajGNEYPsrzof+qZoLRtpA7UxCXiZzBH25q7a/G0wrTw52J0+3HDZ hezWRm6a8VrMJEDeWekZnp9BZLCVhxeN2mANhvWQhiKbZFr8mAxoMWz/Xj4nLATL VYZxUrMIY7NWXgrNAzk4FOX7WpwqMZdCeFkyw8h+NzkGuuKjVsfa1CoE3EQW4LQr eLjZRza7qYFU13xP4t3GU4hPqWiSOC/Rz7Za6SXfMfDwjCOcVB7knH12kskiGqte n9KZV9Q0g972eDLNDRVyvB5eUW6LkbrovP0xdtySuGdmLN7sJNA1s5kLZSARq/OP ew+KmPwIGbwaIf6gr0k4rIEWL1C75kBRz24R0QG1LJE4yJ9a370D6vTdR7yUKwye ZKP1oQmjJ5c/mN2aeZo1SxLeYra5xBud9LxM1hkATQ3gd6Ngrj26YN9qdlstghBj 6sLuKDh4rOYYp0vzyK0V =ucpL -----END PGP SIGNATURE-----
