CVE-2016-9936 log

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
The unserialize implementation in ext/standard/var.c in PHP 7.x before 7.0.14 allows remote attackers to cause a denial of service (use-after-free) or possibly execute arbitrary code via crafted serialized data.
Group Package Affected Fixed Severity Status Ticket
AVG-105 php 7.0.13-1 7.1.1-0 High Fixed
Date Advisory Group Package Severity Description
19 Jan 2017 ASA-201701-28 AVG-105 php High multiple issues
References
https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
https://bugs.php.net/bug.php?id=72978
http://www.openwall.com/lists/oss-security/2016/12/12/2