{"update": {"autokarma": true, "autotime": false, "stable_karma": 3, "stable_days": 0, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "23 Jun 2016, **PHP 5.6.23**\n\n**Core:**\n\n* Fixed bug php#72275 (Integer Overflow in json_encode()/json_decode()/json_utf8_to_utf16()). (Stas)\n* Fixed bug php#72400 (Integer Overflow in addcslashes/addslashes). (Stas)\n* Fixed bug php#72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)\n\n**GD:**\n\n* Fixed bug php#72298 (pass2_no_dither out-of-bounds access). (Stas)\n* Fixed bug php#72337 (invalid dimensions can lead to crash) (Pierre)\n* Fixed bug php#72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre)\n* Fixed bug php#72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)\n* Fixed bug php#72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (Pierre)\n\n**Intl:**\n\n* Fixed bug php#70484 (selectordinal doesn't work with named parameters). (Anatol)\n\n**mbstring:**\n\n* Fixed bug php#72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)\n\n**mcrypt:**\n\n* Fixed bug php#72455 (Heap Overflow due to integer overflows). (Stas)\n\n**Phar:**\n\n* Fixed bug php#72321 (invalid free in phar_extract_file()). (hji at dyntopia dot com)\n\n**SPL:**\n\n* Fixed bug php#72262 (int/size_t confusion in SplFileObject::fread). (Stas)\n* Fixed bug php#72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry)\n\n**OpenSSL:**\n\n* Fixed bug php#72140 (segfault after calling ERR_free_strings()). (Jakub Zelenka)\n\n**WDDX:**\n\n* Fixed bug php#72340 (Double Free Courruption in wddx_deserialize). (Stas)\n", "type": "security", "status": "stable", "request": null, "severity": "unspecified", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": null, "close_bugs": true, "date_submitted": "2016-06-23 05:12:51", "date_modified": "2016-06-30 04:50:11", "date_approved": null, "date_testing": "2016-06-23 17:59:45", "date_stable": "2016-07-02 13:22:22", "alias": "FEDORA-2016-99fbdc5c34", "test_gating_status": null, "from_tag": null, "date_pushed": "2016-07-02 13:22:22", "meets_testing_requirements": false, "url": "https://bodhi.stg.fedoraproject.org/updates/FEDORA-2016-99fbdc5c34", "title": "php-5.6.23-1.fc22", "version_hash": "c7e40f8c92614699c979e4023eea41beaafbed42", "release": {"name": "F22", "long_name": "Fedora 22", "version": "22", "id_prefix": "FEDORA", "branch": "f22", "dist_tag": "f22", "stable_tag": "f22-updates", "testing_tag": "f22-updates-testing", "candidate_tag": "f22-updates-candidate", "pending_signing_tag": "", "pending_testing_tag": "f22-updates-testing-pending", "pending_stable_tag": "f22-updates-pending", "override_tag": "f22-override", "mail_template": "fedora_errata_template", "state": "archived", "composed_by_bodhi": true, "create_automatic_updates": null, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": null, "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "remi", "email": "fedora@famillecollet.com", "id": 94, "avatar": "https://seccdn.libravatar.org/avatar/619d3923bdf71a705e6f65371e59246522f52ad96485c9731408ff28554716cf?s=24&d=retro", "openid": "remi.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "sig-sclo"}, {"name": "trust admins"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by remi. ", "timestamp": "2016-06-23 05:12:51", "update_id": 61092, "user_id": 91, "id": 450037, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2016-06-23 18:56:53", "update_id": 61092, "user_id": 91, "id": 450310, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "remi edited this update.", "timestamp": "2016-06-30 04:50:11", "update_id": 61092, "user_id": 91, "id": 452786, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes", "timestamp": "2016-06-30 18:00:19", "update_id": 61092, "user_id": 91, "id": 452970, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by remi. ", "timestamp": "2016-07-01 05:53:59", "update_id": 61092, "user_id": 91, "id": 453289, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2016-07-02 19:28:14", "update_id": 61092, "user_id": 91, "id": 453842, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.stg.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "php-5.6.23-1.fc22", "signed": true, "release_id": 12, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 1351068, "title": "CVE-2016-5766 php: Integer Overflow in _gd2GetHeader() resulting in heap overflow", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 452948, "bug_id": 1351068, "comment": {"karma": 1, "karma_critpath": 0, "text": "Seems to work for me - I ran a number of phpunit tests on projects we have. But didn't specifically test any of the CVE's", "timestamp": "2016-06-30 16:02:02", "update_id": 61093, "user_id": 365, "id": 452948, "testcase_feedback": [], "user": {"name": "gnat", "email": "nathanael@gnat.ca", "id": 365, "avatar": "https://seccdn.libravatar.org/avatar/ad2bc840863bfa1997b299b8f82dd494cb524d3b0b1ae61eb8b47226f712f97a?s=24&d=retro", "openid": "gnat.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}, {"bug_id": 1351069, "title": "CVE-2016-5767 php: Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 452948, "bug_id": 1351069, "comment": {"karma": 1, "karma_critpath": 0, "text": "Seems to work for me - I ran a number of phpunit tests on projects we have. But didn't specifically test any of the CVE's", "timestamp": "2016-06-30 16:02:02", "update_id": 61093, "user_id": 365, "id": 452948, "testcase_feedback": [], "user": {"name": "gnat", "email": "nathanael@gnat.ca", "id": 365, "avatar": "https://seccdn.libravatar.org/avatar/ad2bc840863bfa1997b299b8f82dd494cb524d3b0b1ae61eb8b47226f712f97a?s=24&d=retro", "openid": "gnat.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}, {"bug_id": 1351070, "title": "CVE-2016-5769 php: Integer Overflows in mcrypt_generic() and mdecrypt_generic() resulting in heap overflows", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 452948, "bug_id": 1351070, "comment": {"karma": 1, "karma_critpath": 0, "text": "Seems to work for me - I ran a number of phpunit tests on projects we have. But didn't specifically test any of the CVE's", "timestamp": "2016-06-30 16:02:02", "update_id": 61093, "user_id": 365, "id": 452948, "testcase_feedback": [], "user": {"name": "gnat", "email": "nathanael@gnat.ca", "id": 365, "avatar": "https://seccdn.libravatar.org/avatar/ad2bc840863bfa1997b299b8f82dd494cb524d3b0b1ae61eb8b47226f712f97a?s=24&d=retro", "openid": "gnat.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}, {"bug_id": 1351168, "title": "CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 452948, "bug_id": 1351168, "comment": {"karma": 1, "karma_critpath": 0, "text": "Seems to work for me - I ran a number of phpunit tests on projects we have. But didn't specifically test any of the CVE's", "timestamp": "2016-06-30 16:02:02", "update_id": 61093, "user_id": 365, "id": 452948, "testcase_feedback": [], "user": {"name": "gnat", "email": "nathanael@gnat.ca", "id": 365, "avatar": "https://seccdn.libravatar.org/avatar/ad2bc840863bfa1997b299b8f82dd494cb524d3b0b1ae61eb8b47226f712f97a?s=24&d=retro", "openid": "gnat.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}, {"bug_id": 1351171, "title": "CVE-2016-5770 php: Int/size_t confusion in SplFileObject::fread", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 452948, "bug_id": 1351171, "comment": {"karma": 1, "karma_critpath": 0, "text": "Seems to work for me - I ran a number of phpunit tests on projects we have. But didn't specifically test any of the CVE's", "timestamp": "2016-06-30 16:02:02", "update_id": 61093, "user_id": 365, "id": 452948, "testcase_feedback": [], "user": {"name": "gnat", "email": "nathanael@gnat.ca", "id": 365, "avatar": "https://seccdn.libravatar.org/avatar/ad2bc840863bfa1997b299b8f82dd494cb524d3b0b1ae61eb8b47226f712f97a?s=24&d=retro", "openid": "gnat.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}, {"bug_id": 1351173, "title": "CVE-2016-5771 php: Use After Free Vulnerability in PHP's GC algorithm and unserialize", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 452948, "bug_id": 1351173, "comment": {"karma": 1, "karma_critpath": 0, "text": "Seems to work for me - I ran a number of phpunit tests on projects we have. But didn't specifically test any of the CVE's", "timestamp": "2016-06-30 16:02:02", "update_id": 61093, "user_id": 365, "id": 452948, "testcase_feedback": [], "user": {"name": "gnat", "email": "nathanael@gnat.ca", "id": 365, "avatar": "https://seccdn.libravatar.org/avatar/ad2bc840863bfa1997b299b8f82dd494cb524d3b0b1ae61eb8b47226f712f97a?s=24&d=retro", "openid": "gnat.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}, {"bug_id": 1351175, "title": "CVE-2016-5772 php: Double Free Corruption in wddx_deserialize", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 452948, "bug_id": 1351175, "comment": {"karma": 1, "karma_critpath": 0, "text": "Seems to work for me - I ran a number of phpunit tests on projects we have. But didn't specifically test any of the CVE's", "timestamp": "2016-06-30 16:02:02", "update_id": 61093, "user_id": 365, "id": 452948, "testcase_feedback": [], "user": {"name": "gnat", "email": "nathanael@gnat.ca", "id": 365, "avatar": "https://seccdn.libravatar.org/avatar/ad2bc840863bfa1997b299b8f82dd494cb524d3b0b1ae61eb8b47226f712f97a?s=24&d=retro", "openid": "gnat.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}, {"bug_id": 1351180, "title": "CVE-2016-5766 CVE-2016-5767 CVE-2016-5768 CVE-2016-5769 CVE-2016-5770 CVE-2016-5771 CVE-2016-5772 CVE-2016-5773 php: various flaws [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 452948, "bug_id": 1351180, "comment": {"karma": 1, "karma_critpath": 0, "text": "Seems to work for me - I ran a number of phpunit tests on projects we have. But didn't specifically test any of the CVE's", "timestamp": "2016-06-30 16:02:02", "update_id": 61093, "user_id": 365, "id": 452948, "testcase_feedback": [], "user": {"name": "gnat", "email": "nathanael@gnat.ca", "id": 365, "avatar": "https://seccdn.libravatar.org/avatar/ad2bc840863bfa1997b299b8f82dd494cb524d3b0b1ae61eb8b47226f712f97a?s=24&d=retro", "openid": "gnat.id.stg.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}]}}}]}], "updateid": "FEDORA-2016-99fbdc5c34", "karma": 0, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}