1
PublicDateAtUSN: 2016-05-06
2
Candidate: CVE-2016-3132
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3132
6
https://usn.ubuntu.com/usn/usn-2984-1
8
Double free vulnerability in the SplDoublyLinkedList::offsetSet function in
9
ext/spl/spl_dllist.c in PHP 7.x before 7.0.6 allows remote attackers to
10
execute arbitrary code via a crafted index.
13
sbeattie> only affects php7
15
https://bugs.php.net/bug.php?id=71735
21
upstream_php5: not-affected (php-7.0 only)
22
precise_php5: not-affected (php-7.0 only)
23
trusty_php5: not-affected (php-7.0 only)
24
vivid/stable-phone-overlay_php5: DNE
25
vivid/ubuntu-core_php5: DNE
26
wily_php5: not-affected (php-7.0 only)
31
upstream: http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5
32
upstream_php7.0: released (7.0.6-1)
35
vivid/stable-phone-overlay_php7.0: DNE
36
vivid/ubuntu-core_php7.0: DNE
38
xenial_php7.0: released (7.0.4-7ubuntu2.1)
39
devel_php7.0: not-affected (7.0.8-3ubuntu1)