php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #67867 php.net is vulnerable to CVE-2014-0224 and exploitable
Submitted: 2014-08-19 20:05 UTC Modified: 2014-12-28 05:36 UTC
From: fn84b at outlook dot com Assigned: bjori (profile)
Status: Closed Package: Website problem
PHP Version: Irrelevant OS: Irrelevant
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: fn84b at outlook dot com
New email:
PHP Version: OS:

 

 [2014-08-19 20:05 UTC] fn84b at outlook dot com 
Description:
------------
Qualys SSL Labs says php.net server "is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224) and exploitable". So please fix it.

https://www.ssllabs.com/ssltest/analyze.html?d=php.net

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2014-08-19 20:12 UTC] fn84b at outlook dot com 
Also bugs.php.net "is vulnerable to the OpenSSL CCS vulnerability (CVE-2014-0224), but probably not exploitable."

https://www.ssllabs.com/ssltest/analyze.html?d=bugs.php.net
 [2014-08-20 19:01 UTC] bjori@php.net
-Status: Open +Status: Verified
 [2014-08-20 19:01 UTC] bjori@php.net 
php.net and wiki.php.net are now fixed.
master and bugs need to be updated.
 [2014-12-28 02:01 UTC] jacob dot bednarz at gmail dot com 
Can confirm this is showing as fixed for me. Is this one ok to close now?
 [2014-12-28 05:36 UTC] bjori@php.net
-Status: Verified +Status: Closed -Assigned To: +Assigned To: bjori
 [2014-12-28 05:36 UTC] bjori@php.net 
They are all updated now.
Thanks for the report.
 
PHP Copyright © 2001-2025 The PHP Group
All rights reserved. 		Last updated: Fri Nov 21 04:00:02 2025 UTC