{ "schema_version": "1.7.0", "id": "MGASA-2013-0379", "published": "2013-12-19T21:08:56Z", "modified": "2013-12-19T21:08:53Z", "summary": "Updated php packages fix multiple security vulnerabilities", "details": "Updated php packages fix security vulnerabilities:\n\nStefan Esser discovered that PHP incorrectly parsed certificates. An\nattacker could use a malformed certificate to cause PHP to crash, resulting\nin a denial of service, or possibly execute arbitrary code (CVE-2013-6420).\n\nIt was discovered that PHP incorrectly handled DateInterval objects. An\nattacker could use this issue to cause PHP to crash, resulting in a denial\nof service (CVE-2013-6712).\n", "upstream": [ "CVE-2013-6420", "CVE-2013-6712" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2013-0379.html" }, { "type": "WEB", "url": "http://www.php.net/ChangeLog-5.php#5.4.23" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/usn-2055-1/" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=11947" } ], "affected": [ { "package": { "ecosystem": "Mageia:3", "name": "php", "purl": "pkg:rpm/mageia/php?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.4.23-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "php-gd-bundled", "purl": "pkg:rpm/mageia/php-gd-bundled?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "5.4.23-1.mga3" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:3", "name": "php-apc", "purl": "pkg:rpm/mageia/php-apc?arch=source&distro=mageia-3" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "3.1.14-7.5.mga3" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }