|Related CVE||CVE-2019-9637 CVE-2019-9638 CVE-2019-9639 CVE-2019-9640 CVE-2019-9641|
Vulnerabilities have been discovered in php5, a server-side, HTML-embedded scripting language. Note that this update includes a change to the default behavior for IMAP connections. See below for details.
rename() across the device may allow unwanted access during processing
Uninitialized read in exif_process_IFD_in_MAKERNOTE
Invalid Read on exif_process_SOFn
Uninitialized read in exif_process_IFD_in_TIFF
For Debian 7 Wheezy, these problems have been fixed in version 5.4.45-0+deb7u20.
We recommend that you upgrade your php5 packages.
Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/