Packages

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Security Issue
  • Category Any
  • Assigned To
    André Silva
  • Operating System All
  • Severity Critical
  • Priority Very Low
  • Reported Version Any
  • Due in Version Undecided
  • Due Date Undecided
  • Votes
  • Private
Attached to Project: Packages
Opened by Jesús E. - 29/10/2018
Last edited by Jesús E. - 29/10/2018

FS#1236 - [php] CVE-2017-9120

Description:

PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string.

Additional info:
* package version(s)

$ pacman -Si php
Repositorio               : extra
Nombre                    : php
Versión                   : 7.1.4-3.hyperbola3
Descripción               : A general-purpose scripting language that is especially suited to web development, without systemd support
Arquitectura              : x86_64
URL                       : http://www.php.net
Licencias                 : PHP
Grupos                    : Nada
Provee                    : php-ldap=7.1.4
Depende de                : libxml2  curl  libzip  pcre
Dependencias opcionales   : Nada
En conflicto con          : php-ldap
Remplaza a                : php-ldap
Tamaño de la descarga     : 3,02 MiB
Tamaño de la instalación  : 15,94 MiB
Encargado                 : André Silva <emulatorman@hyperbola.info>
Fecha de creación         : mié 27 dic 2017 19:15:03 -05
Validado por              : Suma MD5  Suma SHA-256  Firma

* config and/or log files etc.

Last update of php be v7.1.x is v7.1.23:

- https://secure.php.net/ChangeLog-7.php#7.1.23

Patch availabble from v7.1.5
https://bugs.php.net/bug.php?id=74544

Steps to reproduce:

- Install php

Date User Effort (H:M)

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing