php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67867 php.net is vulnerable to CVE-2014-0224 and exploitable
Submitted: 2014-08-19 20:05 UTC Modified: 2014-12-28 05:36 UTC
From: fn84b at outlook dot com Assigned: bjori (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: fn84b at outlook dot com
New email:
PHP Version: OS:

 

 [2014-08-19 20:05 UTC] fn84b at outlook dot com 
Description:
------------
Qualys SSL Labs says php.net server "is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable". So please fix it.

https://www.ssllabs.com/ssltest/analyze.html?d=php.net

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-08-19 20:12 UTC] fn84b at outlook dot com 
Also bugs.php.net "is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224), but probably not exploitable."

https://www.ssllabs.com/ssltest/analyze.html?d=bugs.php.net
 [2014-08-20 19:01 UTC] bjori@php.net
-Status: Open +Status: Verified
 [2014-08-20 19:01 UTC] bjori@php.net 
php.net and wiki.php.net are now fixed.
master and bugs need to be updated.
 [2014-12-28 02:01 UTC] jacob dot bednarz at gmail dot com 
Can confirm this is showing as fixed for me. Is this one ok to close now?
 [2014-12-28 05:36 UTC] bjori@php.net
-Status: Verified +Status: Closed -Assigned To: +Assigned To: bjori
 [2014-12-28 05:36 UTC] bjori@php.net 
They are all updated now.
Thanks for the report.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Nov 21 03:00:01 2025 UTC