As PHP.net has released the fix also for 5.3 and 5.4 branches, I assume it's relevant for the both squeeze and wheezy. The problematic code was there for a long time.
Kaplan On Wed, Dec 11, 2013 at 8:41 AM, Salvatore Bonaccorso <car...@debian.org>wrote: > Package: php5 > Severity: grave > Tags: security upstream patch > > Hi, > > the following vulnerability was published for php5. > > CVE-2013-6420[0]: > php: memory corruption in openssl_x509_parse() > > The upstream commit is found at [1]. > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420 > http://security-tracker.debian.org/tracker/CVE-2013-6420 > [1] > http://git.php.net/?p=php-src.git;a=commitdiff;h=c1224573c773b6845e83505f717fbf820fc18415 > > Please adjust the affected versions in the BTS as needed; could you > check if squeeze and wheezy are affected as well? > > Regards, > Salvatore > > _______________________________________________ > pkg-php-maint mailing list > pkg-php-ma...@lists.alioth.debian.org > http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint >
