
<div dir="ltr"><div>As PHP.net has released the fix also for 5.3 and 5.4 branches, I assume it's relevant for the both squeeze and wheezy. The problematic code was there for a long time.<br><br></div>Kaplan<br></div><div class="gmail_extra">

<br><br><div class="gmail_quote">On Wed, Dec 11, 2013 at 8:41 AM, Salvatore Bonaccorso <span dir="ltr"><<a href="mailto:carnil@debian.org" target="_blank">carnil@debian.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

Package: php5<br>

Severity: grave<br>

Tags: security upstream patch<br>

<br>

Hi,<br>

<br>

the following vulnerability was published for php5.<br>

<br>

CVE-2013-6420[0]:<br>

php: memory corruption in openssl_x509_parse()<br>

<br>

The upstream commit is found at [1].<br>

<br>

If you fix the vulnerability please also make sure to include the<br>

CVE (Common Vulnerabilities & Exposures) id in your changelog entry.<br>

<br>

For further information see:<br>

<br>

[0] <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420" target="_blank">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420</a><br>

    <a href="http://security-tracker.debian.org/tracker/CVE-2013-6420" target="_blank">http://security-tracker.debian.org/tracker/CVE-2013-6420</a><br>

[1] <a href="http://git.php.net/?p=php-src.git;a=commitdiff;h=c1224573c773b6845e83505f717fbf820fc18415" target="_blank">http://git.php.net/?p=php-src.git;a=commitdiff;h=c1224573c773b6845e83505f717fbf820fc18415</a><br>

<br>

Please adjust the affected versions in the BTS as needed; could you<br>

check if squeeze and wheezy are affected as well?<br>

<br>

Regards,<br>

Salvatore<br>

<br>

_______________________________________________<br>

pkg-php-maint mailing list<br>

<a href="mailto:pkg-php-maint@lists.alioth.debian.org">pkg-php-maint@lists.alioth.debian.org</a><br>

<a href="http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint" target="_blank">http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint</a><br>

</blockquote></div><br></div>