- CVE-2014-3538
It was discovered that the original fix for CVE-2013-7345 did not
sufficiently address the problem. A remote attacker could still
cause a denial of service (CPU consumption) via a specially-crafted
input file that triggers backtracking during processing of an awk
regular expression rule.
- CVE-2014-3587
It was discovered that the CDF parser of the fileinfo module does
not properly process malformed files in the Composite Document File
(CDF) format, leading to crashes.
- CVE-2014-3597
It was discovered that the original fix for CVE-2014-4049 did not
completely address the issue. A malicious server or
man-in-the-middle attacker could cause a denial of service (crash)
and possibly execute arbitrary code via a crafted DNS TXT record.
- CVE-2014-4670
It was discovered that PHP incorrectly handled certain SPL
Iterators. A local attacker could use this flaw to cause PHP to
crash, resulting in a denial of service.
For Debian 6 Squeeze, these issues have been fixed in php5 version 5.3.3-7+squeeze22