Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 929929 (CVE-2024-2756, CVE-2024-2757, CVE-2024-3096)

Summary: <dev-lang/php-{8.1.28,8.2.18,8.3.6}: multiple vulnerabilities
Product: Gentoo Security Reporter: Michael Orlitzky <mjo>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: csfore, mjo, php-bugs
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.php.net/ChangeLog-8.php
Whiteboard: A3 [stable]
Package list:
Runtime testing required: ---
Bug Depends on: 929928    
Bug Blocks:    

Description Michael Orlitzky gentoo-dev 2024-04-13 16:22:08 UTC 
Announcements:

 * https://news-web.php.net/php.announce/423
 * https://news-web.php.net/php.announce/424
 * https://news-web.php.net/php.announce/425

CVEs:

 * CVE-2024-1874
 * CVE-2024-2756
 * CVE-2024-2757
 * CVE-2024-3096

Fixed versions are 8.1.28 (stable), 8.2.18 (stable), and 8.3.6 (unstable). Sorry in advance for not knowing how to express this in the summary :)
Comment 1 Christopher Fore 2024-04-13 16:32:12 UTC 
*** Bug 929930 has been marked as a duplicate of this bug. ***
Comment 2 Christopher Fore 2024-04-13 16:34:45 UTC 
No worries! In the future could you put the CVEs in the alias too? :)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-04-13 16:36:20 UTC 
Also, if possible, please consider committing each new version in a separate commit (ditto cleanups).