File _patchinfo of Package patchinfo.3275
<patchinfo incident="3275"> <issue id="999679" tracker="bnc">VUL-0: CVE-2016-7413: php5, php53, php7: Use after free in wddx_deserialize</issue> <issue id="999685" tracker="bnc">VUL-0: CVE-2016-7416: php5, php7: Stack based buffer overflow in msgfmt_format_message</issue> <issue id="999684" tracker="bnc">VUL-0: CVE-2016-7417: php5, php7: Missing type check when unserializing SplArray</issue> <issue id="999680" tracker="bnc">VUL-0: CVE-2016-7412: php5, php7: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field</issue> <issue id="999682" tracker="bnc">VUL-0: CVE-2016-7411: php5: Memory corruption when destructing deserialized object</issue> <issue id="999820" tracker="bnc">VUL-0: CVE-2016-7414: php5, php7: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile</issue> <issue id="999819" tracker="bnc">VUL-0: CVE-2016-7418: php5, php7: Null pointer dereference in php_wddx_push_element</issue> <issue id="2016-7418" tracker="cve" /> <issue id="2016-7417" tracker="cve" /> <issue id="2016-7416" tracker="cve" /> <issue id="2016-7414" tracker="cve" /> <issue id="2016-7413" tracker="cve" /> <issue id="2016-7412" tracker="cve" /> <issue id="2016-7411" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>pgajdos</packager> <description> This update for php5 fixes the following security issues: * CVE-2016-7411: php5: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element </description> <summary>Security update for php5</summary> </patchinfo>
