Hello community, here is the log from the commit of package patchinfo.5648 for openSUSE:13.2:Update checked in at 2016-10-04 13:06:08 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.2:Update/patchinfo.5648 (Old) and /work/SRC/openSUSE:13.2:Update/.patchinfo.5648.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "patchinfo.5648" Changes: -------- New Changes file: NO CHANGES FILE!!! New: ---- _patchinfo ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ _patchinfo ++++++ <patchinfo incident="5648"> <issue id="999679" tracker="bnc">VUL-0: CVE-2016-7413 php5, php53, php7: Use after free in wddx_deserialize</issue> <issue id="999685" tracker="bnc">VUL-0: CVE-2016-7416: php5, php7: Stack based buffer overflow in msgfmt_format_message</issue> <issue id="999684" tracker="bnc">VUL-0: CVE-2016-7417: php5, php7: Missing type check when unserializing SplArray</issue> <issue id="999680" tracker="bnc">VUL-0: CVE-2016-7412: php5, php7: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field</issue> <issue id="999682" tracker="bnc">VUL-0: CVE-2016-7411: php5: Memory corruption when destructing deserialized object</issue> <issue id="999820" tracker="bnc">VUL-0: CVE-2016-7414: php5, php7: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile</issue> <issue id="999819" tracker="bnc">VUL-0: CVE-2016-7418: php5, php7: Null pointer dereference in php_wddx_push_element</issue> <issue id="2016-7418" tracker="cve" /> <issue id="2016-7417" tracker="cve" /> <issue id="2016-7416" tracker="cve" /> <issue id="2016-7414" tracker="cve" /> <issue id="2016-7413" tracker="cve" /> <issue id="2016-7412" tracker="cve" /> <issue id="2016-7411" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>pgajdos</packager> <description> This update for php5 fixes the following security issues: * CVE-2016-7411: Memory corruption when destructing deserialized object * CVE-2016-7412: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field * CVE-2016-7413: Use after free in wddx_deserialize * CVE-2016-7414: Out of bounds heap read when verifying signature of zip phar in phar_parse_zipfile * CVE-2016-7416: Stack based buffer overflow in msgfmt_format_message * CVE-2016-7417: Missing type check when unserializing SplArray * CVE-2016-7418: Null pointer dereference in php_wddx_push_element </description> <summary>Security update for php5</summary> </patchinfo>