AVG-152 log
| Package | php |
| Status | Fixed |
| Severity | High |
| Type | access restriction bypass |
| Affected | 7.0.9-1 |
| Fixed | 7.0.10-1 |
| Current | 8.4.15-1 [extra] |
| Ticket | None |
| Created | Thu Jan 19 21:27:08 2017 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2016-7125 | High | Yes | Access restriction bypass | It has been discovered that ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect... |
| References |
|---|
http://www.php.net/ChangeLog-7.php https://bugs.php.net/bug.php?id=72681 https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1 |