Timeline to update PHP 7.0.14 to 7.0.21


#1

Received this security report. Is/did Dreamhost backport patches, or will DH be updating? What’s the time line?

See security report below.

PHP 7.0.14 has 3 known vulnerabilities

Type: Vulnerability Severity: Medium (6.8)

Below is a list of known vulnerabilities in this version of PHP. Note that the specific binary of PHP running on this server may include backported security fixes that resolve these vulnerabilities. If you aren’t sure, check with your hosting provider.

In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an error in the date extension's timelib_meridian parsing code could be used by attackers able to supply date strings to leak information from the interpreter, related to ext/date/lib/par... - CVE-2017-11145 - Requires upgrading to at least version 7.0.20
Remote Code Execution - CVE-2017-11362 - Requires upgrading to at least version 7.0.20
Denial of Service - CVE-2017-11142 - Requires upgrading to at least version 7.0.16

Vendor URL: https://secure.php.net/


#2

We’re on it, thanks for reaching out and for paying attention to vulnerabilities. Patches are to be rolled out real soon now.