Overview

File _patchinfo of Package patchinfo.3677

<patchinfo incident="3677">
  <issue id="925109" tracker="bnc">VUL-0: php5,php53: PHP SoapClient's __call() type confusion through unserialize()</issue>
  <issue id="924972" tracker="bnc">VUL-0: CVE-2015-2787: php5,php53: Use-after-free vulnerability in the process_nested_data function inext/standard/var_unserializer.re...</issue>
  <issue id="924970" tracker="bnc">VUL-0: CVE-2015-2348: php5,php53: The move_uploaded_file implementation in ext/standard/basic_FUNCTIONs.c in PHP before 5.4.39, 5.5.x ...</issue>
  <issue id="CVE-2015-2348" tracker="cve" />
  <issue id="CVE-2015-2787" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>pgajdos</packager>
  <description>PHP was updated to fix three security issues.

The following vulnerabilities were fixed:

* use-after-free vulnerability in the process_nested_data function (CVE-2015-2787 bnc#924972)
* unserialize SoapClient type confusion (bnc#925109)
* move_uploaded_file truncates a pathNAME upon encountering a x00 character (CVE-2015-2348 bnc#924970)
</description>
  <summary>Security update for php5</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places