[pkg-php-pear] Bug#866200: phpunit: CVE-2017-9841
carnil at debian.org
Wed Jun 28 08:17:54 UTC 2017
Tags: patch upstream security fixed-upstream
the following vulnerability was published for phpunit.
| Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3
| allows remote attackers to execute arbitrary PHP code via HTTP POST
| data beginning with a "<?php " substring, as demonstrated by an attack
| on a site with an exposed /vendor folder, i.e., external access to the
| /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
More information about the pkg-php-pear