| Summary: | <dev-lang/php-{7.4.28,8.0.16,8.1.3}: UAF due to php_filter_float() failing for ints | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | mjo, php-bugs |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | B3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 831740, 833608 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2022-02-18 03:44:29 UTC
Yes, all slots are affected. Also fixed by 7.4.28 and 8.0.16. 7.3 is EOL and will be masked once Bug 831740 is solved The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c5b63f32bdd78573e4006d9179ef6e30b608d289 commit c5b63f32bdd78573e4006d9179ef6e30b608d289 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2022-02-18 14:34:19 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2022-02-18 14:39:21 +0000 dev-lang/php: Version bump for 7.4.28 Bug: https://bugs.gentoo.org/833585 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-7.4.28.ebuild | 746 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 747 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f4127bf953dcaa01d9e1d09b90b0864083065b0d commit f4127bf953dcaa01d9e1d09b90b0864083065b0d Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2022-02-18 14:12:20 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2022-02-18 14:39:21 +0000 dev-lang/php: Version bump for 8.0.16 Bug: https://bugs.gentoo.org/833585 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-8.0.16.ebuild | 758 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 759 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b7b79a987ad5132b791bcfc9badad6df0e3c3fe1 commit b7b79a987ad5132b791bcfc9badad6df0e3c3fe1 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2022-02-18 13:53:31 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2022-02-18 14:39:21 +0000 dev-lang/php: Version bump for 8.1.3 Bug: https://bugs.gentoo.org/833585 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-8.1.3.ebuild | 759 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 760 insertions(+) Please cleanup Affected builds are cleaned up or masked. Wrong bug in commit message or it would have appeared here. GLSA request filed The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=4447c90f117a8f0928cc5e880f3cfc9fde7ee918 commit 4447c90f117a8f0928cc5e880f3cfc9fde7ee918 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-29 14:23:13 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-29 14:48:00 +0000 [ GLSA 202209-20 ] PHP: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/799776 Bug: https://bugs.gentoo.org/810526 Bug: https://bugs.gentoo.org/819510 Bug: https://bugs.gentoo.org/833585 Bug: https://bugs.gentoo.org/850772 Bug: https://bugs.gentoo.org/857054 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-20.xml | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) GLSA released, all done! |