AVG-152 log

Package php
Status Fixed
Severity High
Type access restriction bypass
Affected 7.0.9-1
Fixed 7.0.10-1
Current 7.4.0-2 [extra]
Ticket None
Created Thu Jan 19 21:27:08 2017
Issue Severity Remote Type Description
CVE-2016-7125 High Yes Access restriction bypass
It has been discovered that ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect...
References
http://www.php.net/ChangeLog-7.php
https://bugs.php.net/bug.php?id=72681
https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1