File _patchinfo of Package patchinfo.14088

<patchinfo incident="14088">
  <issue tracker="cve" id="2019-11047"/>
  <issue tracker="cve" id="2019-11041"/>
  <issue tracker="cve" id="2020-7059"/>
  <issue tracker="cve" id="2019-11045"/>
  <issue tracker="cve" id="2019-11043"/>
  <issue tracker="cve" id="2020-7060"/>
  <issue tracker="cve" id="2019-11050"/>
  <issue tracker="cve" id="2019-11046"/>
  <issue tracker="cve" id="2019-11042"/>
  <issue tracker="bnc" id="1162629">VUL-0: CVE-2020-7059: php5,php72,php7,php53: Out of bounds read in php_strip_tags_ex</issue>
  <issue tracker="bnc" id="1145095">VUL-1: CVE-2019-11042: php5,php72,php7,php53: php: heap buffer over-read in exif_process_user_comment()</issue>
  <issue tracker="bnc" id="1146360">VUL-0: CVE-2019-11041: php5,php72,php7,php53: php: heap buffer over-read in exif_scan_thumbnail()</issue>
  <issue tracker="bnc" id="1159923">VUL-0: CVE-2019-11045: php5,php72,php7,php53: PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte</issue>
  <issue tracker="bnc" id="1159922">VUL-0: CVE-2019-11047: php5,php72,php7,php53: information disclosure in exif_read_data()</issue>
  <issue tracker="bnc" id="1161982">VUL-1: CVE-2019-20433: aspell: encoding set to ucs-2 or ucs-4 for a string ending with a single '\0' byte leads to a buffer over-read</issue>
  <issue tracker="bnc" id="1162632">VUL-0: CVE-2020-7060: php5,php72,php7,php53: Global buffer-overflow in mbfl_filt_conv_big5_wchar function</issue>
  <issue tracker="bnc" id="1154999">VUL-0: CVE-2019-11043: php5,php72,php7,php53: env_path_info underflow in fpm_main.c can lead to RCE</issue>
  <issue tracker="bnc" id="1159924">VUL-0: CVE-2019-11046: php5,php72,php7,php53: OOB read  in bc_shift_addsub</issue>
  <issue tracker="bnc" id="1159927">VUL-0: CVE-2019-11050: php5,php72,php7,php53: PHP EXIF extension is parsing EXIF information from an image that can cause it to read past the allocated buffer</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for php5</summary>
  <description>This update for php5 fixes the following issues:

Security issues fixed:

- CVE-2019-11041: Fixed heap buffer over-read in exif_scan_thumbnail() (bsc#1146360).
- CVE-2019-11042: Fixed heap buffer over-read in exif_process_user_comment() (bsc#1145095).
- CVE-2019-11043: Fixed possible remote code execution via env_path_info underflow in fpm_main.c (bsc#1154999).
- CVE-2019-11045: Fixed an issue with the PHP DirectoryIterator class that accepts filenames with embedded \0 bytes (bsc#1159923).
- CVE-2019-11046: Fixed an out-of-bounds read in bc_shift_addsub (bsc#1159924).
- CVE-2019-11047: Fixed an information disclosure in exif_read_data (bsc#1159922).
- CVE-2019-11050: Fixed a buffer over-read in the EXIF extension (bsc#1159927).
- CVE-2020-7059: Fixed an out-of-bounds read in php_strip_tags_ex (bsc#1162629).
- CVE-2020-7060: Fixed a global buffer-overflow in mbfl_filt_conv_big5_wchar (bsc#1162632).
</description>
</patchinfo>