On 09/18/2016 05:12 PM, Thorsten Alteholz wrote:
Package : php5 Version : 5.4.45-0+deb7u5
Thanks!
* BUG-70436.patch
Use After Free Vulnerability in unserialize()
This one still has no CVE ID.
* BUG-72681.patch
PHP Session Data Injection Vulnerability, consume data even if we're
not storing them.
I see this one got assigned CVE-2016-7125 at 2016-09-05, nice to keep in mind for future reference.
-- Cheers, Jan
