In PHP 7.4.6: Core: Fixed bug #78875 (Long variables cause OOM and temp files are not cleaned). Fixed bug #78876 (Long variables cause OOM and temp files are not cleaned). In PHP 7.3.18: Core: Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048) Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048) In PHP 7.2.31: Core: Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048) Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
Ebuilds are in the repo
@maintainer(s), let us know when ready for stabilisation/go ahead.
arm stable
ppc stable
amd64 stable
ppc64 stable
x86 stable
sparc stable
hppa stable
arm64 stable ---- @maintainer(s), please cleanup
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=58775a9495ead4d91391bea6edae236068f21721 commit 58775a9495ead4d91391bea6edae236068f21721 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2020-06-10 13:52:37 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2020-06-10 13:52:37 +0000 dev-lang/php: remove old versions vulnerable to CVE-2019-11048. Bug: https://bugs.gentoo.org/722980 Package-Manager: Portage-2.3.99, Repoman-2.3.22 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-lang/php/Manifest | 3 - dev-lang/php/php-7.2.30.ebuild | 755 ---------------------------------------- dev-lang/php/php-7.3.17.ebuild | 756 ----------------------------------------- dev-lang/php/php-7.4.5.ebuild | 746 ---------------------------------------- 4 files changed, 2260 deletions(-)
Thanks mjo!
GLSA vote: no! Closing.