This bug was fixed in the package php5 - 5.5.9+dfsg-1ubuntu4.23

---------------
php5 (5.5.9+dfsg-1ubuntu4.23) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer over-read while unserializing untrusted data
    - debian/patches/CVE-2017-12933.patch: add check to
      ext/standard/var_unserializer.*, add test to
      ext/standard/tests/serialize/bug74111.phpt, adjust test in
      ext/standard/tests/serialize/bug25378.phpt.
    - CVE-2017-12933
  * SECURITY UPDATE: information leak in php_parse_date function
    - debian/patches/CVE-2017-16642.patch: fix backof/frontof in
      ext/date/lib/parse_date.*, fix test in
      ext/date/tests/bug53437_var3.phpt, added test to
      ext/wddx/tests/bug75055.*.
    - CVE-2017-16642
  * SECURITY UPDATE: XSS in PHAR error page
    - debian/patches/CVE-2018-5712.patch: remove file name from output to
      avoid XSS in ext/phar/shortarc.php, ext/phar/stub.h, fix tests in
      ext/phar/tests/*.
    - CVE-2018-5712
  * SECURITY REGRESSION: exif_read_data broken (LP: #1633031)
    - debian/patches/CVE-2016-6291-regression.patch: add DJI signatures to
      the MAKERNOTE and its supported tags in ext/exif/exif.c.

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Thu, 08 Feb 2018
08:24:11 -0500

** Changed in: php5 (Ubuntu Trusty)
       Status: Triaged => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-6291

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12933

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-16642

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-5712

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1633031

Title:
  exif_read_data broken in a lot of use cases by the CVE-2016-6291
  bugfix

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1633031/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to