Bug 916516

Summary:	<dev-lang/php-8.2.11: security release
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED OBSOLETE
Severity:	minor	CC:	mjo, php-bugs
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://news-web.php.net/php.announce/365
Whiteboard:	B4 [stable?]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2023-10-30 00:01:43 UTC

8.2.11 release announcement calls itself a security
release. Somewhat strangely, the contemporaneous 8.1 release doesn't
call itself a security release. I don't see anything in particular
which jumps out as significantly security-impactful, other than maybe:

- Fixed bug GH-12073 (Segfault when freeing incompletely initialized closures).
- Fixed bug GH-12060 (Internal iterator rewind handler is called twice).
- Fix memory leak when setting an invalid DOMDocument encoding.
- Fixed memory leak with failed SQLPrepare.

Comment 1 Hans de Graaff gentoo-dev

2024-08-12 08:11:19 UTC

Did it ever become clear what the security issues (if any) were? Otherwise I would propose to close this bug.

Comment 2 Michael Orlitzky gentoo-dev

2024-08-13 16:22:53 UTC

Maybe the segfault? But pretty much every release of PHP is a security release & we've stabilized several since this bug was opened. RESOLVED->OBSOLETE is the easy way out.

Comment 3 Hans de Graaff gentoo-dev

2024-08-14 08:11:29 UTC

This is fine with me. @ajak: if you feel differently please re-open the bug.