Hello community, here is the log from the commit of package patchinfo.4029 for openSUSE:13.2:Update checked in at 2015-09-25 10:19:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.4029 (Old) and /work/SRC/openSUSE:13.2:Update/.patchinfo.4029.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "patchinfo.4029" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="4029"> <issue id="945428" tracker="bnc">VUL-0: CVE-2015-6836: php53, php5: SOAP serialize_function_call() type confusion / RCE</issue> <issue id="945402" tracker="bnc">VUL-0: CVE-2015-6835: php5 , php53: Use after free vulnerability in session deserializer</issue> <issue id="945403" tracker="bnc">VUL-0: CVE-2015-6834: php5, php53: Use After Free Vulnerability in unserialize()</issue> <issue id="945412" tracker="bnc">VUL-0: CVE-2015-6837 CVE-2015-6838: php5, php53: NULL pointer dereference in XSLTProcessor class</issue> <issue id="942293" tracker="bnc">VUL-0: php5,php53: Dangling pointer in the unserialization of ArrayObject items</issue> <issue id="942291" tracker="bnc">VUL-0: CVE-2015-6831: php5,php53: Use After Free Vulnerability in unserialize() with SPLArrayObject</issue> <issue id="942296" tracker="bnc">VUL-1: php5,php53: phar: Files extracted from archive may be placed outside of destination directory</issue> <issue id="942294" tracker="bnc">VUL-0: php5,php53: Use After Free Vulnerability in unserialize() with SplObjectStorage</issue> <issue id="942295" tracker="bnc">VUL-0: php5,php53: Use After Free Vulnerability in unserialize() with SplDoublyLinkedList</issue> <issue id="CVE-2015-6831" tracker="cve" /> <issue id="CVE-2015-6832" tracker="cve" /> <issue id="CVE-2015-6833" tracker="cve" /> <issue id="CVE-2015-6834" tracker="cve" /> <issue id="CVE-2015-6835" tracker="cve" /> <issue id="CVE-2015-6836" tracker="cve" /> <issue id="CVE-2015-6837" tracker="cve" /> <issue id="CVE-2015-6838" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>pgajdos</packager> <description> The PHP5 script interpreter was updated to fix various security issues: * CVE-2015-6831: A use after free vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#942291] [bnc#942294] [bnc#942295] * CVE-2015-6832: A dangling pointer in the unserialization of ArrayObject items could be used to crash php or potentially execute code. [bnc#942293] * CVE-2015-6833: A directory traversal when extracting ZIP files could be used to overwrite files outside of intended area. [bnc#942296] * CVE-2015-6834: A Use After Free Vulnerability in unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945403] * CVE-2015-6835: A Use After Free Vulnerability in session unserialize() has been fixed which could be used to crash php or potentially execute code. [bnc#945402] * CVE-2015-6836: A SOAP serialize_function_call() type confusion leading to remote code execution problem was fixed. [bnc#945428] * CVE-2015-6837 CVE-2015-6838: Two NULL pointer dereferences in the XSLTProcessor class were fixed. [bnc#945412] </description> <summary>Security update for php5</summary> </patchinfo>
