| Package | php5 |
|---|---|
| Version | 5.6.40+dfsg-0+deb8u13 |
| Related CVEs | CVE-2020-7070 |
A vulnerability was discovered in PHP, a server-side, HTML-embedded scripting language. When PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge a cookie which is supposed to be secure.
For Debian 8 jessie, these problems have been fixed in version 5.6.40+dfsg-0+deb8u13.
We recommend that you upgrade your php5 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.