PHP-8.1.7 has been released with security fixes: Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626) Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
7.4.30 and 8.0.20 were released with security fixes aswell.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fcb3c9c1056d5cfbffe79808ecf7a7df85f4627 commit 4fcb3c9c1056d5cfbffe79808ecf7a7df85f4627 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2022-06-17 15:30:33 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2022-06-17 15:33:08 +0000 dev-lang/php: Version bump for 8.1.7 Bug: https://bugs.gentoo.org/850772 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-8.1.7.ebuild | 759 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 760 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1051285f2c6040d26cf195813fc95eb5655d065 commit d1051285f2c6040d26cf195813fc95eb5655d065 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2022-06-17 13:39:26 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2022-06-17 15:33:08 +0000 dev-lang/php: Version bump for 8.0.20 Bug: https://bugs.gentoo.org/850772 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-8.0.20.ebuild | 758 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 759 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76a85812becbd12f300ee619fa78e0973c3e2cdf commit 76a85812becbd12f300ee619fa78e0973c3e2cdf Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2022-06-17 13:20:01 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2022-06-17 15:33:07 +0000 dev-lang/php: Version bump for 7.4.30 Bug: https://bugs.gentoo.org/850772 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-7.4.30.ebuild | 746 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 747 insertions(+)
Thanks! Please stabilize when ready.
GLSA request filed
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4447c90f117a8f0928cc5e880f3cfc9fde7ee918 commit 4447c90f117a8f0928cc5e880f3cfc9fde7ee918 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-29 14:23:13 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-29 14:48:00 +0000 [ GLSA 202209-20 ] PHP: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/799776 Bug: https://bugs.gentoo.org/810526 Bug: https://bugs.gentoo.org/819510 Bug: https://bugs.gentoo.org/833585 Bug: https://bugs.gentoo.org/850772 Bug: https://bugs.gentoo.org/857054 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-20.xml | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+)
GLSA released, all done!
