-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : php5 Version : 5.6.40+dfsg-0+deb8u10 CVE ID : CVE-2020-7062 CVE-2020-7063
Two security issues have been identified and fixed in php5, a server-side, HTML-embedded scripting language.
CVE-2020-7062 is about a possible null pointer derefernce, which would likely lead to a crash, during a failed upload with progress tracking. CVE-2020-7063 is about wrong file permissions of files added to tar with Phar::buildFromIterator when extracting them again.
For Debian 8 "Jessie", these problems have been fixed in version 5.6.40+dfsg-0+deb8u10. We recommend that you upgrade your php5 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl59HbRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7 WEcS3RAAxEodKnWvz60CSqutGAWGB/ElD9ijjDzactuq0zFat04gnRmaJD2EvLor X+jcDk4i2gn3Sofghd+h2xpI8iqkMbVl5y44AcLavPPE9oYCOm/dy6aQNMjcaxHJ 6EMUFvzlCkCt7uFtt4SVvdmOSVCEburWpgphQGT1KPhiQvY8vqT6bcVr4xbEp7Xu tePhyVFWcPZS/VpeaW+aKxJNL2eur3koI0IU5UwTZtI8jdmmUINF14ey107Nulqq vPT+ad9f3JvLFNDtBdHrpBNnqEpSw3AgQkAoEN+15iF5BSCFochWiWnabAYStZfw n0WA/3qyZdxmV/F1/T2LJOesjXqJtjUIqjDn2hA/DUeB5i80XqiXIzbAYGN7lS5s HqY9f7ECOD3+cngU6ASLNrYmce++5Kk4ZFjx7iS6rPcz8H5x2p7If65XPiSttGPt 91YpQxZ7BgxNK9inBcbjjPZ5xDTxEUvGWsSEGmdvlnPWfAroCMHvwMIOyS9I5nNB 7oYYV/KjV+NRXkY5A/ysUhlB1UF8yCCTg1slkBn24qF/CIlSNcH5zXjcMBlPqQeK WIykqG93YEvQWuO5B8YuXs+brNktaIuwz263/XXptyA4sbk7OZydxgxKFiKWTEPR Q35ECeZHCnVGoIAo40McWybAtNKLsnrD3BPZutgtpH+bN4MIwcg= =P3Fu -----END PGP SIGNATURE-----
