group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1534203] Re: openssl_random_pseudo_bytes() security bug and PHP packages

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Marc Deslauriers <marc.deslauriers@xxxxxxxxxxxxx>
Date: Thu, 21 Apr 2016 17:31:56 -0000
Reply-to: Bug 1534203 <1534203@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This was fixed in the following security update:

http://www.ubuntu.com/usn/usn-2952-1/

** Changed in: php5 (Ubuntu Precise)
       Status: Confirmed => Fix Released

** Changed in: php5 (Ubuntu Trusty)
       Status: Confirmed => Fix Released

** Changed in: php5 (Ubuntu Vivid)
       Status: Confirmed => Won't Fix

** Changed in: php5 (Ubuntu Wily)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1534203

Title:
  openssl_random_pseudo_bytes() security bug and PHP packages

Status in php5 package in Ubuntu:
  Fix Released
Status in php5 source package in Precise:
  Fix Released
Status in php5 source package in Trusty:
  Fix Released
Status in php5 source package in Vivid:
  Won't Fix
Status in php5 source package in Wily:
  Fix Released
Status in php5 source package in Xenial:
  Fix Released

Bug description:
  Maybe Ubuntu official PHP packages aren't patched against openssl_random_pseudo_bytes() security bug (https://bugs.php.net/bug.php?id=70014). The vulnerability is corrected in the versions
  5.6.12, 5.5.28, 5.4.44, so it might be still affecting the currently supported Ubuntu PHP packages  (5.6.11, 5.6.4, 5.5.9).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203/+subscriptions