Re: Security update of PHP 5.4?

2016-08-23 Thread Jan Ingvoldstad
On 2016-08-23 19:56, Thorsten Alteholz wrote: Hi Jan, Hi Thorsten, do you know whether there has been a CVE assigned for these bugs already? As far as I can see there is none yet. Nope, not a clue. All I have to go by is PHP's security announcement (http://php.net/releases/5_6_25.php)

[SECURITY] [DLA 600-1] libgcrypt11 security update

2016-08-23 Thread Ola Lundqvist
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Package: libgcrypt11 Version: 1.5.0-5+deb7u5 CVE ID : CVE-2016-6313 The crypto library libgcrypt11 has a weakness in the random number generator. CVE-2016-6313 Felix Dörre and Vladimir Klebanov from the Karlsruhe

Accepted libgcrypt11 1.5.0-5+deb7u5 (source all amd64) into oldstable

2016-08-23 Thread Ola Lundqvist
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Format: 1.8 Date: Thu, 18 Aug 2016 18:32:50 + Source: libgcrypt11 Binary: libgcrypt11-doc libgcrypt11-dev libgcrypt11-dbg libgcrypt11 libgcrypt11-udeb Architecture: source all amd64 Version: 1.5.0-5+deb7u5 Distribution: wheezy-security Urgency:

Re: Security update of PHP 5.4?

2016-08-23 Thread Thorsten Alteholz
Hi Jan, On Tue, 23 Aug 2016, Jan Ingvoldstad wrote: It looks as if the patches for unserializing and session handling are relevant, possibly others: https://bugs.php.net/bug.php?id=70436 https://bugs.php.net/bug.php?id=72681 do you know whether there has been a CVE assigned for these bugs

Re: Security update of PHP 5.4?

2016-08-23 Thread Roberto C . Sánchez
On Tue, Aug 23, 2016 at 03:19:39PM +0200, Jan Ingvoldstad wrote: > Hi, > > PHP 5.6.25 was released a few days ago, and it seems as if some of the > issues are relevant to PHP 5.4 as well. > > It looks as if the patches for unserializing and session handling are > relevant, possibly others: > >

Security update of PHP 5.4?

2016-08-23 Thread Jan Ingvoldstad
Hi, PHP 5.6.25 was released a few days ago, and it seems as if some of the issues are relevant to PHP 5.4 as well. It looks as if the patches for unserializing and session handling are relevant, possibly others: https://bugs.php.net/bug.php?id=70436 https://bugs.php.net/bug.php?id=72681

Re: matrixssl

2016-08-23 Thread Ola Lundqvist
Hi Guido Brian wrote in his mail that he had not tried to reproduce the crash. Quote: "...although I don't have any exploits test it with." Best regards // Ola On Tue, Aug 23, 2016 at 7:22 AM, Guido Günther wrote: > On Mon, Aug 22, 2016 at 06:15:33PM +1000, Brian May wrote: