CVE-2016-9138 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
PHP through 5.6.27 and 7.x through 7.0.12 mishandles property modification during __wakeup processing while unserializing, which allows remote attackers to cause a denial of service or possibly execute arbitrary code via crafted serialized data, as demonstrated by Exception::__toString with DateInterval::__wakeup.
Group Package Affected Fixed Severity Status Ticket
AVG-58 php 7.0.12-2 7.0.13-1 High Fixed
Date Advisory Group Package Severity Type
18 Nov 2016 ASA-201611-19 AVG-58 php High multiple issues
References
https://bugs.php.net/bug.php?id=73147
https://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
http://seclists.org/oss-sec/2016/q4/296