[Mageia-dev] New security issues affect libzip and php (freeze push will be needed)
Anne Nicolas
ennael1 at gmail.com
Fri Mar 23 08:39:01 CET 2012
Le 23/03/2012 01:31, David Walser a écrit :
> New vulnerabilities CVE-2012-1162 (heap overflow) and CVE-2012-1163 (integer overflow) in libzip, which also affect PHP (probably the php-zip subpackage) were recently announced.
>
> libzip 0.10.1 has been released to fix these. I have updated it in SVN and confirmed it builds, but I have not tested it yet.
>
> PHP has not yet issued an update for this.
>
> References:
> https://bugs.mageia.org/show_bug.cgi?id=5063
> http://seclists.org/oss-sec/2012/q1/710
> https://bugzilla.redhat.com/show_bug.cgi?id=802564
> https://bugzilla.redhat.com/show_bug.cgi?id=803028
done
--
Anne
http://mageia.org
More information about the Mageia-dev
mailing list