Summary: | <dev-lang/php-{7.3.31-r1,7.4.25,8.0.12}: Privilege escalation via fpm | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mjo, php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugs.php.net/bug.php?id=81026 | ||
Whiteboard: | B1 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 820221 | ||
Bug Blocks: |
Description
Hanno Böck
2021-10-22 16:23:10 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=59978b5ae90bdad9d705ece171cd0d92e676e913 commit 59978b5ae90bdad9d705ece171cd0d92e676e913 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2021-10-22 16:57:17 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2021-10-22 16:57:17 +0000 dev-lang/php: Version bump for 7.4.25 Bug: https://bugs.gentoo.org/819510 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-7.4.25.ebuild | 745 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 746 insertions(+) Please file a stablereq when ready. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6fb720cfe0c62387092106e1ec5c494ad82cc07f commit 6fb720cfe0c62387092106e1ec5c494ad82cc07f Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2021-10-25 14:41:47 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2021-10-25 14:41:47 +0000 dev-lang/php: Revbump 7.3.31 for CVE-2021-21703 security patch Bug: https://bugs.gentoo.org/819510 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/files/php73-CVE2021-21703.patch | 397 ++++++++++++++ dev-lang/php/php-7.3.31-r1.ebuild | 754 +++++++++++++++++++++++++++ 2 files changed, 1151 insertions(+) Please cleanup The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=73896251628db98d15c64aa65aac004c24b0e38a commit 73896251628db98d15c64aa65aac004c24b0e38a Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2021-11-07 13:03:02 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2021-11-07 13:03:02 +0000 dev-lang/php: Clean up vunlernable versions Bug: https://bugs.gentoo.org/819510 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/Manifest | 4 - dev-lang/php/php-7.3.31-r1.ebuild | 754 ------------------------------------- dev-lang/php/php-7.3.31.ebuild | 758 -------------------------------------- dev-lang/php/php-7.4.24.ebuild | 750 ------------------------------------- dev-lang/php/php-8.0.11.ebuild | 749 ------------------------------------- dev-lang/php/php-8.1.0_rc2.ebuild | 749 ------------------------------------- 6 files changed, 3764 deletions(-) GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4447c90f117a8f0928cc5e880f3cfc9fde7ee918 commit 4447c90f117a8f0928cc5e880f3cfc9fde7ee918 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-29 14:23:13 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-29 14:48:00 +0000 [ GLSA 202209-20 ] PHP: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/799776 Bug: https://bugs.gentoo.org/810526 Bug: https://bugs.gentoo.org/819510 Bug: https://bugs.gentoo.org/833585 Bug: https://bugs.gentoo.org/850772 Bug: https://bugs.gentoo.org/857054 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-20.xml | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) GLSA released, all done! |