http://bugzilla.opensuse.org/show_bug.cgi?id=1015191 Bug ID: 1015191 Summary: VUL-0: CVE-2016-9936: php: Use After Free in PHP7 unserialize() Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Reference: http://seclists.org/oss-sec/2016/q4/658 =================================================== Fixed in PHP 7.0.14 and 7.1.0: Bug #72978 Use After Free in PHP7 unserialize() https://bugs.php.net/bug.php?id=72978 https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d... Use CVE-2016-9936. The b2af4e8868726a040234de113436c6e4f6372d17 commit message is "Complete the fix of bug #70172 for PHP 7." Because 70172 is referenced by CVE-2015-6834, it is possible to say that CVE-2016-9936 exists because of an incomplete fix for CVE-2015-6834. =================================================== -- You are receiving this mail because: You are on the CC list for the bug.