From mboxrd@z Thu Jan 1 00:00:00 1970 From: Leo Famulari Subject: bug#27808: PHP CVE-2017-11144, CVE-2017-11145, CVE-2017-11362 Date: Mon, 24 Jul 2017 14:57:44 -0400 Message-ID: <20170724185744.GA4997@jasmine.lan> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="J2SCkAp4GZ/dPZZf" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55971) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dZiYQ-0008WI-7S for bug-guix@gnu.org; Mon, 24 Jul 2017 14:58:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dZiYM-0005CJ-AT for bug-guix@gnu.org; Mon, 24 Jul 2017 14:58:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:51991) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dZiYM-0005CE-6Q for bug-guix@gnu.org; Mon, 24 Jul 2017 14:58:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1dZiYL-0006xL-Ty for bug-guix@gnu.org; Mon, 24 Jul 2017 14:58:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55935) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dZiYA-0008J8-Kx for bug-guix@gnu.org; Mon, 24 Jul 2017 14:57:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dZiY6-00057w-Of for bug-guix@gnu.org; Mon, 24 Jul 2017 14:57:50 -0400 Received: from out1-smtp.messagingengine.com ([66.111.4.25]:40127) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1dZiY6-00057J-2B for bug-guix@gnu.org; Mon, 24 Jul 2017 14:57:46 -0400 Received: from localhost (c-73-165-108-70.hsd1.pa.comcast.net [73.165.108.70]) by mail.messagingengine.com (Postfix) with ESMTPA id 03CB27E2DE for ; Mon, 24 Jul 2017 14:57:44 -0400 (EDT) Content-Disposition: inline List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: 27808@debbugs.gnu.org --J2SCkAp4GZ/dPZZf Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Apparently our PHP package is vulnerable to CVE-2017-11144, CVE-2017-11145, and CVE-2017-11362: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145 This one looks especially bad: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11362 Can someone please take a look at this? --J2SCkAp4GZ/dPZZf Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAll2QyQACgkQJkb6MLrK fwib1Q/6AvhmCk96bwJY9x9xI4vu9iTV7abi0nN2aKWtERlQpRWMCU6d1RKhPz67 OQtT8XYB2mmvuPRl5lk3QT0Bl0+LeLBkhE2jyP0zGMoNVLqatDb4PhuBh+JmyF65 MJd+AJ+Vqy5jV6PIPVK1LbwTSuFegF1BzEpvKyn2PkXvH//dsF+7PxL6rP39qsId gkbH4Xce7Ou7zCvJDBZ4C9JOuhLDxZiUQO99EVCMMubmVatNeB/nNlg6mugapLmV KWdRUjD2+jLNmjLeRGyCyzr0/bbt1RvHpcCHopKh6iOnDpjMtoajJXvLseAgpPJp Ck2p36fjBAdX9U1zAlKdLdMjAZNRJvtPL47zOBsXlfzFYsOghmBPhIUvVA6tycTo cNYGdjfM92UvSQs0SP30HsxruHsIHYZmx7GYM/BsiiwiOX+R7bsGrPY4jIo4hABs CJpkyEsI7oR1xp8CyuYyibA6NCnq7zFIBhbK6FAho0/SXbGHWlY6eJL/X15SiduJ TTJFKM8+YDxvGmExd/1oAIgNH+39Ck0siaI7zlU7v3SXSD9fMVTji23UdMnVTY/E OYZRgs5IMAeP6N7TUIePC7bfAB+1JsJrRpWz3CTpuxdcMXZRpKA95o0CgbJ/X7y+ Vi934pZF12NRi7t+Wuv8jCEg3PzF/ujXLTaBIvByMpcrcooWl8A= =WEg8 -----END PGP SIGNATURE----- --J2SCkAp4GZ/dPZZf--