File _patchinfo of Package patchinfo.11086

<patchinfo incident="11086">
  <issue tracker="cve" id="2019-11035"/>
  <issue tracker="cve" id="2019-9675"/>
  <issue tracker="cve" id="2019-9637"/>
  <issue tracker="cve" id="2019-9638"/>
  <issue tracker="cve" id="2019-9640"/>
  <issue tracker="cve" id="2019-9639"/>
  <issue tracker="cve" id="2019-11034"/>
  <issue id="2019-11036" tracker="cve" />
  <issue tracker="bnc" id="1128883">VUL-1: CVE-2019-9640: php5,php72,php7,php53: php7.0 -- security update</issue>
  <issue tracker="bnc" id="1132838">VUL-1: CVE-2019-11034: php5,php72,php7,php53: Heap-buffer-overflow in php_ifd_get32s</issue>
  <issue tracker="bnc" id="1132837">VUL-1: CVE-2019-11035: php5,php72,php7,php53: Heap-buffer-overflow in exif_iif_add_value in EXIF</issue>
  <issue tracker="bnc" id="1128892">VUL-1: CVE-2019-9637: php5,php72,php7,php53: rename has wrong chown / chmod order</issue>
  <issue tracker="bnc" id="1128889">VUL-1: CVE-2019-9638: php5,php72,php7,php53:  Uninitialized read in exif_process_IFD_in_MAKERNOTE</issue>
  <issue tracker="bnc" id="1128886">VUL-1: CVE-2019-9675: php5,php72,php7,php53: php7.0 -- security update</issue>
  <issue tracker="bnc" id="1128887">VUL-1: CVE-2019-9639: php5,php72,php7,php53: php7.0 -- security update</issue>
  <issue id="1134322" tracker="bnc">VUL-0: CVE-2019-11036: php5,php72,php7,php53: php: buffer over-read in exif_process_IFD_TAG function leading to information disclosure</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for php5</summary>
  <description>This update for php5 fixes the following issues:

Security issues fixed:

- CVE-2019-11034: Fixed a heap-buffer overflow in php_ifd_get32si() (bsc#1132838).
- CVE-2019-11035: Fixed a heap-buffer overflow in exif_iif_add_value() (bsc#1132837).
- CVE-2019-9637: Fixed a potential information disclosure in rename() (bsc#1128892).
- CVE-2019-9675: Fixed a potential buffer overflow in phar_tar_writeheaders_int() (bsc#1128886).
- CVE-2019-9638: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to value_len (bsc#1128889).
- CVE-2019-9639: Fixed an uninitialized read in exif_process_IFD_in_MAKERNOTE() related to data_len (bsc#1128887).
- CVE-2019-9640: Fixed an invalid Read in exif_process_SOFn() (bsc#1128883).
- CVE-2019-11036: Fixed buffer over-read in exif_process_IFD_TAG function leading to information disclosure (bsc#1134322).
</description>
</patchinfo>
openSUSE Build Service is sponsored by