TEMP-0000000-35D7C1

NameTEMP-0000000-35D7C1
DescriptionOutput of stream_get_meta_data can be falsified by its input
SourceAutomatically generated temporary name. Not for external reference.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
php5 (PTS)wheezy5.4.45-0+deb7u2vulnerable
wheezy (security)5.4.45-0+deb7u11fixed
jessie5.6.30+dfsg-0+deb8u1fixed
jessie (security)5.6.33+dfsg-0+deb8u1fixed
php7.0 (PTS)stretch7.0.19-1fixed
stretch (security)7.0.27-0+deb9u1fixed
buster, sid7.0.27-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
php5source(unstable)5.6.18+dfsg-1
php5sourcejessie5.6.19+dfsg-0+deb8u1
php5sourcewheezy5.4.45-0+deb7u7
php5.6source(unstable)5.6.18+dfsg-1
php7.0source(unstable)7.0.3-1

Notes

https://bugs.php.net/bug.php?id=71323
https://bugzilla.redhat.com/show_bug.cgi?id=1305523
https://git.php.net/?p=php-src.git;a=commit;h=6297a117d77fa3a0df2e21ca926a92c231819cd5
Fixed in 5.6.18, 5.5.32, 7.0.3

Search for package or bug name: Reporting problems