bug-guix
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#27808: PHP CVE-2017-11144, CVE-2017-11145, CVE-2017-11362


From: Alex Sassmannshausen
Subject: bug#27808: PHP CVE-2017-11144, CVE-2017-11145, CVE-2017-11362
Date: Tue, 25 Jul 2017 17:26:35 +0200
User-agent: mu4e 0.9.18; emacs 25.2.1

Hi Leo,

I've just submitted a patch to update PHP to version 7.1.7, which
resolves the CVEs. Unfortunately PHP has 4 test errors on my machine
(but also on the previous version), so I could not fully build it
(disabling tests results in a working version of PHP).

The relevant patch is at 27826. If someone could try building it, on
x86_64 then we could be sure it's just my local environment that messes
things up…

Alex

Leo Famulari writes:

> Apparently our PHP package is vulnerable to CVE-2017-11144,
> CVE-2017-11145, and CVE-2017-11362:
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11144
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11145
>
> This one looks especially bad:
>
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11362
>
> Can someone please take a look at this?





reply via email to

[Prev in Thread] Current Thread [Next in Thread]