Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-6420 Stefan Esser reported possible memory corruption in openssl_x509_parse(). CVE-2013-6712 Creating DateInterval objects from parsed ISO dates was not properly restricted, which allowed to cause a denial of service. In addition, the update for Debian 7 Wheezy contains several bugfixes originally targeted for the upcoming Wheezy point release. For the oldstable distribution (squeeze), these problems have been fixed in version 5.3.3-7+squeeze18. For the stable distribution (wheezy), these problems have been fixed in version 5.4.4-14+deb7u7. For the unstable distribution (sid), these problems have been fixed in version 5.5.6+dfsg-2. We recommend that you upgrade your php5 packages.
Several vulnerabilities were found in PHP, a general-purpose scripting language commonly used for web application development. The Common Vulnerabilities and Exposures project identifies the following issues:
Stefan Esser reported possible memory corruption in openssl_x509_parse().
Creating DateInterval objects from parsed ISO dates was not properly restricted, which allowed to cause a denial of service.
In addition, the update for Debian 7 Wheezy
contains several bugfixes
originally targeted for the upcoming Wheezy point release.
For the oldstable distribution (squeeze), these problems have been fixed in version 5.3.3-7+squeeze18.
For the stable distribution (wheezy), these problems have been fixed in version 5.4.4-14+deb7u7.
For the unstable distribution (sid), these problems have been fixed in version 5.5.6+dfsg-2.
We recommend that you upgrade your php5 packages.