Summary: | <dev-lang/php-{7.4.3,7.3.15,7.2.28}: multiple vulnerabilities (CVE-2020-{7061,7062,7063}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | hydrapolic, mjo, php-bugs |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: |
dev-lang/php-7.4.3-r1
dev-lang/php-7.3.15-r1
dev-lang/php-7.2.28-r1
virtual/httpd-php-7.4
|
Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2020-02-20 16:13:35 UTC
CVE-2020-7061: heap-buffer-overflow in phar_extract_file CVE-2020-7062: Null Pointer Dereference in PHP Session Upload Progress CVE-2020-7063: Files added to tar with Phar::buildFromIterator have all-access permissions amd64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6bfa335a2777b3d09e8c3be3e4d1996e93dc694b commit 6bfa335a2777b3d09e8c3be3e4d1996e93dc694b Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-02-23 22:49:38 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-02-23 22:49:38 +0000 virtual/httpd-php: amd64 stable (bug #710304) Bug: https://bugs.gentoo.org/710304 Package-Manager: Portage-2.3.89, Repoman-2.3.20 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> virtual/httpd-php/httpd-php-7.4.ebuild | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) ia64 stable ppc64 stable ppc stable x86 stable sparc stable An automated check of this bug failed - the following atoms are unknown: dev-lang/php-7.4.3 dev-lang/php-7.3.15 dev-lang/php-7.2.28 Please verify the atom list. hppa stable arm stable arm64 stable New GLSA request filed. This issue was resolved and addressed in GLSA 202003-57 at https://security.gentoo.org/glsa/202003-57 by GLSA coordinator Thomas Deutschmann (whissi). |