Comment 2 for bug 1721607

Thank Tyler :)

Steven,

a) The patched version from Ondrej's repo is not an official, nor supported version, it's irrelevant to this discussion.

b) If you can provide the CVEs that Tyler asked for, then a security update will occur.

c) We do have an MRE for PHP7.0 (probably also for PHP7.1 by the same logic) and I plan on submitting an update to the latest PHP7.0 upstream in the next week or two. But that will only be present in -updates, not -security unless b) is addressed.

Sorry for the delay on my end in replying to this bug.