Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) Phar: Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78205d9878dfc9826ce1d7046d2f7c2b3dd5d073 commit 78205d9878dfc9826ce1d7046d2f7c2b3dd5d073 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2023-08-15 23:51:49 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2023-08-15 23:55:23 +0000 dev-lang/php: add 8.0.30 Fixes CVE-2023-3823 and CVE-2023-3824. Bug: https://bugs.gentoo.org/912331 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-8.0.30.ebuild | 757 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 758 insertions(+)
Also fixed in 8.1.22, 8.2.9. First fixed 8.1 in Gentoo was 8.1.23.