Summary: | <dev-lang/php-{7.3.25,7.4.13}: Multiple vulnerabilities | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mjo, php-bugs |
Priority: | Normal | Keywords: | CC-ARCHES, STABLEREQ |
Version: | unspecified | Flags: | nattka:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.php.net/ChangeLog-7.php#7.4.13 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: |
dev-lang/php-7.3.25
dev-lang/php-7.4.13
|
Runtime testing required: | --- |
Description
John Helmert III
2020-11-26 02:20:54 UTC
Please bump. Note - it appears Bugzilla interpreted the "bug #xxxxx" strings in my previous comment as references to bugs in our Bugzilla, but they are copied from the PHP changelog and refer to their bug tracker. Thanks! Several of these fixed in 7.3.25: Fixed bug #62474 (com_event_sink crashes on certain arguments). Fixed bug #76618 (segfault on imap_reopen). Fixed bug #80239 (imap_rfc822_write_address() leaks memory). Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822). Fixed bug #44618 (Fetching may rely on uninitialized data). x86 stable ppc/ppc64 stable arm64 done arm done sparc stable dropped to ~hppa amd64 done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=af490b398669857e7fcba0c408cd8050ac573931 commit af490b398669857e7fcba0c408cd8050ac573931 Author: Thomas Deutschmann <whissi@gentoo.org> AuthorDate: 2020-12-16 18:48:07 +0000 Commit: Thomas Deutschmann <whissi@gentoo.org> CommitDate: 2020-12-16 18:48:18 +0000 dev-lang/php: security cleanup (bug #756775) Bug: https://bugs.gentoo.org/756775 Package-Manager: Portage-3.0.12, Repoman-3.0.2 Signed-off-by: Thomas Deutschmann <whissi@gentoo.org> dev-lang/php/Manifest | 9 - dev-lang/php/php-7.2.33.ebuild | 759 ---------------------------------------- dev-lang/php/php-7.3.21.ebuild | 760 ----------------------------------------- dev-lang/php/php-7.3.22.ebuild | 760 ----------------------------------------- dev-lang/php/php-7.3.23.ebuild | 760 ----------------------------------------- dev-lang/php/php-7.3.24.ebuild | 760 ----------------------------------------- dev-lang/php/php-7.4.10.ebuild | 750 ---------------------------------------- dev-lang/php/php-7.4.11.ebuild | 750 ---------------------------------------- dev-lang/php/php-7.4.12.ebuild | 750 ---------------------------------------- dev-lang/php/php-7.4.9.ebuild | 750 ---------------------------------------- 10 files changed, 6808 deletions(-) Added to an existing GLSA request. This issue was resolved and addressed in GLSA 202012-16 at https://security.gentoo.org/glsa/202012-16 by GLSA coordinator Thomas Deutschmann (whissi). |