PHP 5.6.25 has been released on August 18 (even though it says 19): http://php.net/archive/2016.php#id2016-08-18-2 There are several security bugs fixed in this update. No CVEs are available yet. Updated packages uploaded for Mageia 5 and Cauldron. The only possible security issue in php-gd that may affect libgd is php#72709, which has not been addressed in libgd. I'll update it if an update becomes available. Advisory: ======================== Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.25, which fixes several security issues and other bugs. See the upstream ChangeLog for more details. References: http://www.php.net/ChangeLog-5.php#5.6.25 ======================== Updated packages in core/updates_testing: ======================== php-ini-5.6.25-1.mga5 apache-mod_php-5.6.25-1.mga5 php-cli-5.6.25-1.mga5 php-cgi-5.6.25-1.mga5 libphp5_common5-5.6.25-1.mga5 php-devel-5.6.25-1.mga5 php-openssl-5.6.25-1.mga5 php-zlib-5.6.25-1.mga5 php-doc-5.6.25-1.mga5 php-bcmath-5.6.25-1.mga5 php-bz2-5.6.25-1.mga5 php-calendar-5.6.25-1.mga5 php-ctype-5.6.25-1.mga5 php-curl-5.6.25-1.mga5 php-dba-5.6.25-1.mga5 php-dom-5.6.25-1.mga5 php-enchant-5.6.25-1.mga5 php-exif-5.6.25-1.mga5 php-fileinfo-5.6.25-1.mga5 php-filter-5.6.25-1.mga5 php-ftp-5.6.25-1.mga5 php-gd-5.6.25-1.mga5 php-gettext-5.6.25-1.mga5 php-gmp-5.6.25-1.mga5 php-hash-5.6.25-1.mga5 php-iconv-5.6.25-1.mga5 php-imap-5.6.25-1.mga5 php-interbase-5.6.25-1.mga5 php-intl-5.6.25-1.mga5 php-json-5.6.25-1.mga5 php-ldap-5.6.25-1.mga5 php-mbstring-5.6.25-1.mga5 php-mcrypt-5.6.25-1.mga5 php-mssql-5.6.25-1.mga5 php-mysql-5.6.25-1.mga5 php-mysqli-5.6.25-1.mga5 php-mysqlnd-5.6.25-1.mga5 php-odbc-5.6.25-1.mga5 php-opcache-5.6.25-1.mga5 php-pcntl-5.6.25-1.mga5 php-pdo-5.6.25-1.mga5 php-pdo_dblib-5.6.25-1.mga5 php-pdo_firebird-5.6.25-1.mga5 php-pdo_mysql-5.6.25-1.mga5 php-pdo_odbc-5.6.25-1.mga5 php-pdo_pgsql-5.6.25-1.mga5 php-pdo_sqlite-5.6.25-1.mga5 php-pgsql-5.6.25-1.mga5 php-phar-5.6.25-1.mga5 php-posix-5.6.25-1.mga5 php-readline-5.6.25-1.mga5 php-recode-5.6.25-1.mga5 php-session-5.6.25-1.mga5 php-shmop-5.6.25-1.mga5 php-snmp-5.6.25-1.mga5 php-soap-5.6.25-1.mga5 php-sockets-5.6.25-1.mga5 php-sqlite3-5.6.25-1.mga5 php-sybase_ct-5.6.25-1.mga5 php-sysvmsg-5.6.25-1.mga5 php-sysvsem-5.6.25-1.mga5 php-sysvshm-5.6.25-1.mga5 php-tidy-5.6.25-1.mga5 php-tokenizer-5.6.25-1.mga5 php-xml-5.6.25-1.mga5 php-xmlreader-5.6.25-1.mga5 php-xmlrpc-5.6.25-1.mga5 php-xmlwriter-5.6.25-1.mga5 php-xsl-5.6.25-1.mga5 php-wddx-5.6.25-1.mga5 php-zip-5.6.25-1.mga5 php-fpm-5.6.25-1.mga5 phpdbg-5.6.25-1.mga5 from php-5.6.25-1.mga5.src.rpm
Looks like gdbm databases are incompatible between i586 and x86_64 (I just switched my workstation at home to x86_64 last weekend), so that's a shame, but starting with a fresh one, my normal apache/php/php-gd/php-cgi/php-dba/mod_suexec/mod_userdir test works fine on Mageia 5 x86_64.
Whiteboard: (none) => MGA5-64-OK
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK => MGA5-64-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0293.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/698797/
CVEs have been assigned: http://www.openwall.com/lists/oss-security/2016/09/02/9 The last two were PHP 7.0.x only. Also, CVE-2016-7126 and CVE-2016-7127 only affect bundled gd, and not us using external libgd. So we have for this update: CVE-2016-7124 CVE-2016-7125 CVE-2016-7128 CVE-2016-7129 CVE-2016-7130 CVE-2016-7131 CVE-2016-7132