php -- multiple vulnerabilities

The PHP Group reports:

• Core:
  • Fixed bug #72114 (Integer underflow / arbitrary null write in fread/gzread). (CVE-2016-5096) (PHP 5.5/5.6 only)
  • Fixed bug #72135 (Integer Overflow in php_html_entities). (CVE-2016-5094) (PHP 5.5/5.6 only)
• GD:
  • Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)
• Intl:
  • Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
• Phar:
  • Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343) (PHP 5.5 only)

[source]