| Summary: | <dev-lang/php-{7.4.33-r2,8.0.28,8.1.16,8.2.3}: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | rx80 <rokfaith> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | ajak, mjo, php-bugs, security |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://www.php.net/ChangeLog-8.php#8.2.3 | ||
| Whiteboard: | B3 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 895624 | ||
| Bug Blocks: | |||
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c8a5c3e91728ad636d1e36b7b793d3b7688ca45b commit c8a5c3e91728ad636d1e36b7b793d3b7688ca45b Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2023-02-20 19:41:08 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2023-02-20 19:43:14 +0000 dev-lang/php: Version bump for 8.2.3 Bug: https://bugs.gentoo.org/895416 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-8.2.3.ebuild | 759 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 760 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6cb938cd4f61ab78f72abb7c421e03d6d57499e9 commit 6cb938cd4f61ab78f72abb7c421e03d6d57499e9 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2023-02-20 18:48:48 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2023-02-20 19:43:14 +0000 dev-lang/php: Version bump for 8.1.16 Bug: https://bugs.gentoo.org/895416 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-8.1.16.ebuild | 757 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 758 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5fe23c565f19e1b0af60f3081854aab95f94c903 commit 5fe23c565f19e1b0af60f3081854aab95f94c903 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2023-02-20 18:27:49 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2023-02-20 19:43:13 +0000 dev-lang/php: Version bump for 8.0.28 Bug: https://bugs.gentoo.org/895416 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-8.0.28.ebuild | 759 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 760 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b711589df12322ac7ca3cbe4e5889a623dc81a96 commit b711589df12322ac7ca3cbe4e5889a623dc81a96 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2023-02-20 18:07:03 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2023-02-20 19:43:13 +0000 dev-lang/php: Revbump for backporting CVE patches to 7.4 Bug: https://bugs.gentoo.org/895416 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-lang/php/files/php-7.4.33-CVE-2023-0567.patch | 114 ++++ dev-lang/php/files/php-7.4.33-CVE-2023-0568.patch | 37 ++ dev-lang/php/files/php-7.4.33-CVE-2023-0662.patch | 48 ++ dev-lang/php/php-7.4.33-r2.ebuild | 753 ++++++++++++++++++++++ 4 files changed, 952 insertions(+) Thank you for your quick update. 8.2.3 tested on two amd64 machines, in cli and fpm mode, installs and works as expected. Thanks! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=30ce731e4321742de9b62d58a1f60dbe0cb57e0d commit 30ce731e4321742de9b62d58a1f60dbe0cb57e0d Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-12 07:39:21 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-12 07:43:34 +0000 [ GLSA 202408-32 ] PHP: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/889882 Bug: https://bugs.gentoo.org/895416 Bug: https://bugs.gentoo.org/908259 Bug: https://bugs.gentoo.org/912331 Bug: https://bugs.gentoo.org/929929 Bug: https://bugs.gentoo.org/933752 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-32.xml | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+) |
From changelog for 8.2.3, 8.1.16, 8.0.28 Core: Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567) Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568) SAPI: Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)