Overview

File _patchinfo of Package patchinfo.5555

<patchinfo incident="5555">
  <issue id="1054430" tracker="bnc">VUL-0: CVE-2017-12933: php5,php7,php53: The finish_nested_data function in ext/standard/var_unserializer.re in PHPbefore 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a bufferover-read while unserializing untrusted data.</issue>
  <issue id="2017-12933" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>This update for php5 fixes on issues.

This security issue was fixed:

- CVE-2017-12933: The finish_nested_data function in ext/standard/var_unserializer.re was prone to a buffer over-read while unserializing untrusted data. Exploitation of this issue could have had an unspecified impact on the integrity of PHP (bsc#1054430)
</description>
  <summary>Security update for php5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places