Summary: | <dev-lang/php-{7.2.33, 7.3.21, 7.4.9}: Use-after-free in phar_parse_zipfile | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | hydrapolic, mjo, php-bugs |
Priority: | Normal | Flags: | nattka:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.php.net/bug.php?id=79797 | ||
Whiteboard: | B4 [glsa+ cve] | ||
Package list: |
dev-lang/php-7.2.33
dev-lang/php-7.3.21
dev-lang/php-7.4.9
|
Runtime testing required: | --- |
Description
Sam James
2020-08-06 18:08:29 UTC
Let us know when ready to stable. arm64 done sparc done amd64 done arm done x86 done hppa stable ppc done ppc64 done all arches done Please cleanup. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7476c2a596118d7287feb80a487f8e204f495334 commit 7476c2a596118d7287feb80a487f8e204f495334 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2020-09-01 11:39:25 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2020-09-01 11:39:25 +0000 dev-lang/php: remove old versions vulnerable to CVE-2020-7068. Bug: https://bugs.gentoo.org/736158 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-lang/php/Manifest | 8 - dev-lang/php/php-7.2.31.ebuild | 759 -------------------------------------- dev-lang/php/php-7.2.32.ebuild | 759 -------------------------------------- dev-lang/php/php-7.3.18.ebuild | 760 --------------------------------------- dev-lang/php/php-7.3.19.ebuild | 760 --------------------------------------- dev-lang/php/php-7.3.20.ebuild | 760 --------------------------------------- dev-lang/php/php-7.4.6.ebuild | 750 -------------------------------------- dev-lang/php/php-7.4.7.ebuild | 750 -------------------------------------- dev-lang/php/php-7.4.8-r1.ebuild | 750 -------------------------------------- 9 files changed, 6056 deletions(-) New GLSA request filed. This issue was resolved and addressed in GLSA 202009-10 at https://security.gentoo.org/glsa/202009-10 by GLSA coordinator Thomas Deutschmann (whissi). |