Bug 13796

Summary: php new security issues CVE-2014-3538, CVE-2014-4698, and CVE-2014-4670
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: major    
Priority: Normal CC: oe, rverschelde, sysadmin-bugs
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/607287/
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok advisory
Source RPM: php-5.5.14-1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2014-07-24 16:33:52 CEST 
PHP 5.5.15 has been released today (July 24):
http://php.net/ChangeLog-5.php#5.5.15

It fixes two security issues in SPL (one CVE is in the bug report, the other is posted on the ChangeLog).  No word yet on whether 5.4.x is affected (both bugs reported for 5.5.14).

I'm not aware of CVEs for any other bugs fixed in 5.5.14.

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2014-07-31 20:06:06 CEST 
PHP 5.4.31 has been released:
http://php.net/ChangeLog-5.php#5.4.31

It doesn't list those two bugs.

However, OpenSuSE has issued an advisory for this on July 30:
http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html

Their update is for PHP 5.3.x and 5.4.x, so perhaps they have patches.

URL: (none) => http://lwn.net/Vulnerabilities/607287/
Whiteboard: (none) => MGA3TOO

Comment 2 Oden Eriksson 2014-08-04 16:04:31 CEST 
php-5.4.31-1.1.mga3 fixes CVE-2014-4698 and CVE-2014-4670 as well.
Comment 3 David Walser 2014-08-04 16:24:22 CEST 
Updated and patched packages uploaded by Oden.  Thanks Oden!

There is some discussion of these security issues in RedHat's Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4670

So it sounds like this is a low-priority update at this point in time.

Advisory:
========================

Updated php packages fix security vulnerabilities:

Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in
PHP through 5.5.14 allows context-dependent attackers to cause a denial of
service or possibly have unspecified other impact via crafted ArrayIterator
usage within applications in certain web-hosting environments (CVE-2014-4698).

Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in
PHP through 5.5.14 allows context-dependent attackers to cause a denial of
service or possibly have unspecified other impact via crafted iterator usage
within applications in certain web-hosting environments (CVE-2014-4670).

The php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for
Mageia 4, and additional patches have been added to 5.4.31, fixing these
issues and several other bugs.

Also, php-apc has been rebuilt against the updated PHP versions and the
php-timezonedb package has been updated to the latest version, 2014.5.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
http://php.net/ChangeLog-5.php#5.4.31
http://php.net/ChangeLog-5.php#5.5.15
http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html
========================

Updated packages in core/updates_testing:
========================
php-ini-5.4.31-1.1.mga3
apache-mod_php-5.4.31-1.1.mga3
php-cli-5.4.31-1.1.mga3
php-cgi-5.4.31-1.1.mga3
libphp5_common5-5.4.31-1.1.mga3
php-devel-5.4.31-1.1.mga3
php-openssl-5.4.31-1.1.mga3
php-zlib-5.4.31-1.1.mga3
php-doc-5.4.31-1.1.mga3
php-bcmath-5.4.31-1.1.mga3
php-bz2-5.4.31-1.1.mga3
php-calendar-5.4.31-1.1.mga3
php-ctype-5.4.31-1.1.mga3
php-curl-5.4.31-1.1.mga3
php-dba-5.4.31-1.1.mga3
php-dom-5.4.31-1.1.mga3
php-enchant-5.4.31-1.1.mga3
php-exif-5.4.31-1.1.mga3
php-fileinfo-5.4.31-1.1.mga3
php-filter-5.4.31-1.1.mga3
php-ftp-5.4.31-1.1.mga3
php-gd-5.4.31-1.1.mga3
php-gettext-5.4.31-1.1.mga3
php-gmp-5.4.31-1.1.mga3
php-hash-5.4.31-1.1.mga3
php-iconv-5.4.31-1.1.mga3
php-imap-5.4.31-1.1.mga3
php-interbase-5.4.31-1.1.mga3
php-intl-5.4.31-1.1.mga3
php-json-5.4.31-1.1.mga3
php-ldap-5.4.31-1.1.mga3
php-mbstring-5.4.31-1.1.mga3
php-mcrypt-5.4.31-1.1.mga3
php-mssql-5.4.31-1.1.mga3
php-mysql-5.4.31-1.1.mga3
php-mysqli-5.4.31-1.1.mga3
php-mysqlnd-5.4.31-1.1.mga3
php-odbc-5.4.31-1.1.mga3
php-pcntl-5.4.31-1.1.mga3
php-pdo-5.4.31-1.1.mga3
php-pdo_dblib-5.4.31-1.1.mga3
php-pdo_firebird-5.4.31-1.1.mga3
php-pdo_mysql-5.4.31-1.1.mga3
php-pdo_odbc-5.4.31-1.1.mga3
php-pdo_pgsql-5.4.31-1.1.mga3
php-pdo_sqlite-5.4.31-1.1.mga3
php-pgsql-5.4.31-1.1.mga3
php-phar-5.4.31-1.1.mga3
php-posix-5.4.31-1.1.mga3
php-readline-5.4.31-1.1.mga3
php-recode-5.4.31-1.1.mga3
php-session-5.4.31-1.1.mga3
php-shmop-5.4.31-1.1.mga3
php-snmp-5.4.31-1.1.mga3
php-soap-5.4.31-1.1.mga3
php-sockets-5.4.31-1.1.mga3
php-sqlite3-5.4.31-1.1.mga3
php-sybase_ct-5.4.31-1.1.mga3
php-sysvmsg-5.4.31-1.1.mga3
php-sysvsem-5.4.31-1.1.mga3
php-sysvshm-5.4.31-1.1.mga3
php-tidy-5.4.31-1.1.mga3
php-tokenizer-5.4.31-1.1.mga3
php-xml-5.4.31-1.1.mga3
php-xmlreader-5.4.31-1.1.mga3
php-xmlrpc-5.4.31-1.1.mga3
php-xmlwriter-5.4.31-1.1.mga3
php-xsl-5.4.31-1.1.mga3
php-wddx-5.4.31-1.1.mga3
php-zip-5.4.31-1.1.mga3
php-fpm-5.4.31-1.1.mga3
php-apc-3.1.14-7.11.mga3
php-apc-admin-3.1.14-7.11.mga3
php-gd-bundled-5.4.31-1.mga3
php-timezonedb-2014.5-1.mga3
php-ini-5.5.15-1.mga4
apache-mod_php-5.5.15-1.mga4
php-cli-5.5.15-1.mga4
php-cgi-5.5.15-1.mga4
libphp5_common5-5.5.15-1.mga4
php-devel-5.5.15-1.mga4
php-openssl-5.5.15-1.mga4
php-zlib-5.5.15-1.mga4
php-doc-5.5.15-1.mga4
php-bcmath-5.5.15-1.mga4
php-bz2-5.5.15-1.mga4
php-calendar-5.5.15-1.mga4
php-ctype-5.5.15-1.mga4
php-curl-5.5.15-1.mga4
php-dba-5.5.15-1.mga4
php-dom-5.5.15-1.mga4
php-enchant-5.5.15-1.mga4
php-exif-5.5.15-1.mga4
php-fileinfo-5.5.15-1.mga4
php-filter-5.5.15-1.mga4
php-ftp-5.5.15-1.mga4
php-gd-5.5.15-1.mga4
php-gettext-5.5.15-1.mga4
php-gmp-5.5.15-1.mga4
php-hash-5.5.15-1.mga4
php-iconv-5.5.15-1.mga4
php-imap-5.5.15-1.mga4
php-interbase-5.5.15-1.mga4
php-intl-5.5.15-1.mga4
php-json-5.5.15-1.mga4
php-ldap-5.5.15-1.mga4
php-mbstring-5.5.15-1.mga4
php-mcrypt-5.5.15-1.mga4
php-mssql-5.5.15-1.mga4
php-mysql-5.5.15-1.mga4
php-mysqli-5.5.15-1.mga4
php-mysqlnd-5.5.15-1.mga4
php-odbc-5.5.15-1.mga4
php-opcache-5.5.15-1.mga4
php-pcntl-5.5.15-1.mga4
php-pdo-5.5.15-1.mga4
php-pdo_dblib-5.5.15-1.mga4
php-pdo_firebird-5.5.15-1.mga4
php-pdo_mysql-5.5.15-1.mga4
php-pdo_odbc-5.5.15-1.mga4
php-pdo_pgsql-5.5.15-1.mga4
php-pdo_sqlite-5.5.15-1.mga4
php-pgsql-5.5.15-1.mga4
php-phar-5.5.15-1.mga4
php-posix-5.5.15-1.mga4
php-readline-5.5.15-1.mga4
php-recode-5.5.15-1.mga4
php-session-5.5.15-1.mga4
php-shmop-5.5.15-1.mga4
php-snmp-5.5.15-1.mga4
php-soap-5.5.15-1.mga4
php-sockets-5.5.15-1.mga4
php-sqlite3-5.5.15-1.mga4
php-sybase_ct-5.5.15-1.mga4
php-sysvmsg-5.5.15-1.mga4
php-sysvsem-5.5.15-1.mga4
php-sysvshm-5.5.15-1.mga4
php-tidy-5.5.15-1.mga4
php-tokenizer-5.5.15-1.mga4
php-xml-5.5.15-1.mga4
php-xmlreader-5.5.15-1.mga4
php-xmlrpc-5.5.15-1.mga4
php-xmlwriter-5.5.15-1.mga4
php-xsl-5.5.15-1.mga4
php-wddx-5.5.15-1.mga4
php-zip-5.5.15-1.mga4
php-fpm-5.5.15-1.mga4
php-apc-3.1.15-4.6.mga4
php-apc-admin-3.1.15-4.6.mga4
php-timezonedb-2014.5-1.mga4

from SRPMS:
php-5.4.31-1.1.mga3.src.rpm
php-apc-3.1.14-7.11.mga3.src.rpm
php-gd-bundled-5.4.31-1.mga3.src.rpm
php-timezonedb-2014.5-1.mga3.src.rpm
php-5.5.15-1.mga4.src.rpm
php-apc-3.1.15-4.6.mga4.src.rpm
php-timezonedb-2014.5-1.mga4.src.rpm

CC: (none) => oe
Assignee: oe => qa-bugs

Comment 4 Oden Eriksson 2014-08-04 17:02:18 CEST 
php-5.5.15-1.1.mga4 and php-5.4.31-1.2.mga3 also fixes CVE-2014-3538.
Comment 5 David Walser 2014-08-04 17:08:05 CEST 
Thanks Oden!

Advisory:
========================

Updated php packages fix security vulnerabilities:

Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in
PHP through 5.5.14 allows context-dependent attackers to cause a denial of
service or possibly have unspecified other impact via crafted ArrayIterator
usage within applications in certain web-hosting environments (CVE-2014-4698).

Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in
PHP through 5.5.14 allows context-dependent attackers to cause a denial of
service or possibly have unspecified other impact via crafted iterator usage
within applications in certain web-hosting environments (CVE-2014-4670).

file before 5.19 does not properly restrict the amount of data read during
a regex search, which allows remote attackers to cause a denial of service
(CPU consumption) via a crafted file that triggers backtracking during
processing of an awk rule, due to an incomplete fix for CVE-2013-7345
(CVE-2014-3538).

The php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for
Mageia 4, and additional patches have been added to fix these issues and
several other bugs.

Also, php-apc has been rebuilt against the updated PHP versions and the
php-timezonedb package has been updated to the latest version, 2014.5.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
http://php.net/ChangeLog-5.php#5.4.31
http://php.net/ChangeLog-5.php#5.5.15
http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:146/
http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html
========================

Updated packages in core/updates_testing:
========================
php-ini-5.4.31-1.2.mga3
apache-mod_php-5.4.31-1.2.mga3
php-cli-5.4.31-1.2.mga3
php-cgi-5.4.31-1.2.mga3
libphp5_common5-5.4.31-1.2.mga3
php-devel-5.4.31-1.2.mga3
php-openssl-5.4.31-1.2.mga3
php-zlib-5.4.31-1.2.mga3
php-doc-5.4.31-1.2.mga3
php-bcmath-5.4.31-1.2.mga3
php-bz2-5.4.31-1.2.mga3
php-calendar-5.4.31-1.2.mga3
php-ctype-5.4.31-1.2.mga3
php-curl-5.4.31-1.2.mga3
php-dba-5.4.31-1.2.mga3
php-dom-5.4.31-1.2.mga3
php-enchant-5.4.31-1.2.mga3
php-exif-5.4.31-1.2.mga3
php-fileinfo-5.4.31-1.2.mga3
php-filter-5.4.31-1.2.mga3
php-ftp-5.4.31-1.2.mga3
php-gd-5.4.31-1.2.mga3
php-gettext-5.4.31-1.2.mga3
php-gmp-5.4.31-1.2.mga3
php-hash-5.4.31-1.2.mga3
php-iconv-5.4.31-1.2.mga3
php-imap-5.4.31-1.2.mga3
php-interbase-5.4.31-1.2.mga3
php-intl-5.4.31-1.2.mga3
php-json-5.4.31-1.2.mga3
php-ldap-5.4.31-1.2.mga3
php-mbstring-5.4.31-1.2.mga3
php-mcrypt-5.4.31-1.2.mga3
php-mssql-5.4.31-1.2.mga3
php-mysql-5.4.31-1.2.mga3
php-mysqli-5.4.31-1.2.mga3
php-mysqlnd-5.4.31-1.2.mga3
php-odbc-5.4.31-1.2.mga3
php-pcntl-5.4.31-1.2.mga3
php-pdo-5.4.31-1.2.mga3
php-pdo_dblib-5.4.31-1.2.mga3
php-pdo_firebird-5.4.31-1.2.mga3
php-pdo_mysql-5.4.31-1.2.mga3
php-pdo_odbc-5.4.31-1.2.mga3
php-pdo_pgsql-5.4.31-1.2.mga3
php-pdo_sqlite-5.4.31-1.2.mga3
php-pgsql-5.4.31-1.2.mga3
php-phar-5.4.31-1.2.mga3
php-posix-5.4.31-1.2.mga3
php-readline-5.4.31-1.2.mga3
php-recode-5.4.31-1.2.mga3
php-session-5.4.31-1.2.mga3
php-shmop-5.4.31-1.2.mga3
php-snmp-5.4.31-1.2.mga3
php-soap-5.4.31-1.2.mga3
php-sockets-5.4.31-1.2.mga3
php-sqlite3-5.4.31-1.2.mga3
php-sybase_ct-5.4.31-1.2.mga3
php-sysvmsg-5.4.31-1.2.mga3
php-sysvsem-5.4.31-1.2.mga3
php-sysvshm-5.4.31-1.2.mga3
php-tidy-5.4.31-1.2.mga3
php-tokenizer-5.4.31-1.2.mga3
php-xml-5.4.31-1.2.mga3
php-xmlreader-5.4.31-1.2.mga3
php-xmlrpc-5.4.31-1.2.mga3
php-xmlwriter-5.4.31-1.2.mga3
php-xsl-5.4.31-1.2.mga3
php-wddx-5.4.31-1.2.mga3
php-zip-5.4.31-1.2.mga3
php-fpm-5.4.31-1.2.mga3
php-apc-3.1.14-7.11.mga3
php-apc-admin-3.1.14-7.11.mga3
php-gd-bundled-5.4.31-1.mga3
php-timezonedb-2014.5-1.mga3
php-ini-5.5.15-1.1.mga4
apache-mod_php-5.5.15-1.1.mga4
php-cli-5.5.15-1.1.mga4
php-cgi-5.5.15-1.1.mga4
libphp5_common5-5.5.15-1.1.mga4
php-devel-5.5.15-1.1.mga4
php-openssl-5.5.15-1.1.mga4
php-zlib-5.5.15-1.1.mga4
php-doc-5.5.15-1.1.mga4
php-bcmath-5.5.15-1.1.mga4
php-bz2-5.5.15-1.1.mga4
php-calendar-5.5.15-1.1.mga4
php-ctype-5.5.15-1.1.mga4
php-curl-5.5.15-1.1.mga4
php-dba-5.5.15-1.1.mga4
php-dom-5.5.15-1.1.mga4
php-enchant-5.5.15-1.1.mga4
php-exif-5.5.15-1.1.mga4
php-fileinfo-5.5.15-1.1.mga4
php-filter-5.5.15-1.1.mga4
php-ftp-5.5.15-1.1.mga4
php-gd-5.5.15-1.1.mga4
php-gettext-5.5.15-1.1.mga4
php-gmp-5.5.15-1.1.mga4
php-hash-5.5.15-1.1.mga4
php-iconv-5.5.15-1.1.mga4
php-imap-5.5.15-1.1.mga4
php-interbase-5.5.15-1.1.mga4
php-intl-5.5.15-1.1.mga4
php-json-5.5.15-1.1.mga4
php-ldap-5.5.15-1.1.mga4
php-mbstring-5.5.15-1.1.mga4
php-mcrypt-5.5.15-1.1.mga4
php-mssql-5.5.15-1.1.mga4
php-mysql-5.5.15-1.1.mga4
php-mysqli-5.5.15-1.1.mga4
php-mysqlnd-5.5.15-1.1.mga4
php-odbc-5.5.15-1.1.mga4
php-opcache-5.5.15-1.1.mga4
php-pcntl-5.5.15-1.1.mga4
php-pdo-5.5.15-1.1.mga4
php-pdo_dblib-5.5.15-1.1.mga4
php-pdo_firebird-5.5.15-1.1.mga4
php-pdo_mysql-5.5.15-1.1.mga4
php-pdo_odbc-5.5.15-1.1.mga4
php-pdo_pgsql-5.5.15-1.1.mga4
php-pdo_sqlite-5.5.15-1.1.mga4
php-pgsql-5.5.15-1.1.mga4
php-phar-5.5.15-1.1.mga4
php-posix-5.5.15-1.1.mga4
php-readline-5.5.15-1.1.mga4
php-recode-5.5.15-1.1.mga4
php-session-5.5.15-1.1.mga4
php-shmop-5.5.15-1.1.mga4
php-snmp-5.5.15-1.1.mga4
php-soap-5.5.15-1.1.mga4
php-sockets-5.5.15-1.1.mga4
php-sqlite3-5.5.15-1.1.mga4
php-sybase_ct-5.5.15-1.1.mga4
php-sysvmsg-5.5.15-1.1.mga4
php-sysvsem-5.5.15-1.1.mga4
php-sysvshm-5.5.15-1.1.mga4
php-tidy-5.5.15-1.1.mga4
php-tokenizer-5.5.15-1.1.mga4
php-xml-5.5.15-1.1.mga4
php-xmlreader-5.5.15-1.1.mga4
php-xmlrpc-5.5.15-1.1.mga4
php-xmlwriter-5.5.15-1.1.mga4
php-xsl-5.5.15-1.1.mga4
php-wddx-5.5.15-1.1.mga4
php-zip-5.5.15-1.1.mga4
php-fpm-5.5.15-1.1.mga4
php-apc-3.1.15-4.6.mga4
php-apc-admin-3.1.15-4.6.mga4
php-timezonedb-2014.5-1.mga4

from SRPMS:
php-5.4.31-1.2.mga3.src.rpm
php-apc-3.1.14-7.11.mga3.src.rpm
php-gd-bundled-5.4.31-1.mga3.src.rpm
php-timezonedb-2014.5-1.mga3.src.rpm
php-5.5.15-1.1.mga4.src.rpm
php-apc-3.1.15-4.6.mga4.src.rpm
php-timezonedb-2014.5-1.mga4.src.rpm

Severity: normal => major

Comment 6 Oden Eriksson 2014-08-04 17:11:26 CEST 
Note: php-5.5.15-*.mga4 also updates jsonc to the 1.3.6 version

http://pecl.php.net/package-changelog.php?package=jsonc&release=1.3.6
Comment 7 David Walser 2014-08-06 15:43:33 CEST 
Mandriva has issued an advisory for this today (August 6):
http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:149/

Now that we've added the additional patch for the file/libmagic issue, this raises the priority.  This update is ready to test and go.

Updating the advisory based on Oden's last comment.

Advisory:
========================

Updated php packages fix security vulnerabilities:

Use-after-free vulnerability in ext/spl/spl_array.c in the SPL component in
PHP through 5.5.14 allows context-dependent attackers to cause a denial of
service or possibly have unspecified other impact via crafted ArrayIterator
usage within applications in certain web-hosting environments (CVE-2014-4698).

Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL component in
PHP through 5.5.14 allows context-dependent attackers to cause a denial of
service or possibly have unspecified other impact via crafted iterator usage
within applications in certain web-hosting environments (CVE-2014-4670).

file before 5.19 does not properly restrict the amount of data read during
a regex search, which allows remote attackers to cause a denial of service
(CPU consumption) via a crafted file that triggers backtracking during
processing of an awk rule, due to an incomplete fix for CVE-2013-7345
(CVE-2014-3538).

The php packages have been updated to 5.4.31 for Mageia 3 and 5.5.14 for
Mageia 4, and additional patches have been added to fix these issues and
several other bugs.

Also, php-apc has been rebuilt against the updated PHP versions and the
php-timezonedb package has been updated to the latest version, 2014.5.

Additionally, the jsonc extension has been upgraded to the 1.3.6
version.

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3538
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4698
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4670
http://php.net/ChangeLog-5.php#5.4.31
http://php.net/ChangeLog-5.php#5.5.15
http://pecl.php.net/package-changelog.php?package=jsonc&release=1.3.6
http://lists.opensuse.org/opensuse-updates/2014-07/msg00035.html
http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014:149/
Comment 8 claire robinson 2014-08-06 17:18:17 CEST 
Testing complete mga3 64

Tested with drupal, phpmyadmin, wordpress & checked http://localhost/php-apc

Whiteboard: MGA3TOO => MGA3TOO has_procedure mga3-64-ok

Comment 9 claire robinson 2014-08-06 17:25:23 CEST 
Testing complete mga4 64

Tested with zencart, zoneminder, phpmyadmin and php-apc

Whiteboard: MGA3TOO has_procedure mga3-64-ok => MGA3TOO has_procedure mga3-64-ok mga4-64-ok

David Walser 2014-08-07 14:48:30 CEST

Summary: php new security issues CVE-2014-4698 and CVE-2014-4670 => php new security issues CVE-2014-3538, CVE-2014-4698, and CVE-2014-4670

Comment 10 claire robinson 2014-08-07 18:11:15 CEST 
Testing complete mga4 32

Owncloud, phpmyadmin, drupal and php-apc

Whiteboard: MGA3TOO has_procedure mga3-64-ok mga4-64-ok => MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok

Comment 11 Rémi Verschelde 2014-08-07 22:10:32 CEST 
Testing complete mga3 32 with drupal from updates/testing.

CC: (none) => remi
Whiteboard: MGA3TOO has_procedure mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok

Comment 12 Rémi Verschelde 2014-08-07 22:18:59 CEST 
Validating update. Advisory uploaded.

Please push php* to Mageia 3 & 4 core/updates.

Keywords: (none) => validated_update
Whiteboard: MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok => MGA3TOO has_procedure mga3-32-ok mga3-64-ok mga4-32-ok mga4-64-ok advisory
CC: (none) => sysadmin-bugs

Comment 13 Mageia Robot 2014-08-08 13:24:32 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0324.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED