On 09/18/2016 05:12 PM, Thorsten Alteholz wrote:
Package        : php5
Version        : 5.4.45-0+deb7u5


   * BUG-70436.patch
     Use After Free Vulnerability in unserialize()

This one still has no CVE ID.

   * BUG-72681.patch
     PHP Session Data Injection Vulnerability, consume data even if we're
     not storing them.

I see this one got assigned CVE-2016-7125 at 2016-09-05, nice to keep in mind for future reference.


Reply via email to