Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 788892 - <dev-lang/php-{7.3.28,7.4.19,8.0.6}: multiple vulnerabilities
Summary: <dev-lang/php-{7.3.28,7.4.19,8.0.6}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2021-05-08 12:16 UTC by Thomas Deutschmann (RETIRED)
Modified: 2021-05-26 09:50 UTC (History)
2 users (show)

See Also:
Package list:
dev-lang/php-7.3.28 dev-lang/php-7.4.19
Runtime testing required: ---
nattka: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-08 12:16:56 UTC 
7.3:
    Fixed bug http://bugs.php.net/80710 (imap_mail_compose() header injection).


7.4/8.0: 
    Fixed bug https://bugs.php.net/bug.php?id=66783 (UAF when appending DOMDocument to element).
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-08 18:45:07 UTC 
x86 done
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-09 02:09:06 UTC 
arm done
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-05-09 02:09:12 UTC 
arm64 done
Comment 4 Rolf Eike Beer archtester 2021-05-10 13:53:45 UTC 
sparc stable
Comment 5 Agostino Sarubbo gentoo-dev 2021-05-11 10:02:18 UTC 
amd64 stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2021-05-11 20:52:32 UTC 
ppc/ppc64 stable
Comment 7 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-05-13 14:25:32 UTC 
Please cleanup.
Comment 8 Thomas Deutschmann (RETIRED) gentoo-dev 2021-05-25 13:44:04 UTC 
New GLSA request filed.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2021-05-26 09:48:46 UTC 
This issue was resolved and addressed in
 GLSA 202105-23 at https://security.gentoo.org/glsa/202105-23
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 10 Larry the Git Cow gentoo-dev 2021-05-26 09:50:36 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1d329eaf47fc8fd13e8077b4032de290600f6219

commit 1d329eaf47fc8fd13e8077b4032de290600f6219
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2021-05-26 09:50:30 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2021-05-26 09:50:30 +0000

    dev-lang/php: security cleanup
    
    Bug: https://bugs.gentoo.org/788892
    Package-Manager: Portage-3.0.18, Repoman-3.0.3
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 dev-lang/php/Manifest             |   4 -
 dev-lang/php/php-7.3.27-r1.ebuild | 760 -------------------------------------
 dev-lang/php/php-7.3.27.ebuild    | 761 --------------------------------------
 dev-lang/php/php-7.4.15.ebuild    | 753 -------------------------------------
 dev-lang/php/php-7.4.16.ebuild    | 752 -------------------------------------
 dev-lang/php/php-8.0.3.ebuild     | 750 -------------------------------------
 6 files changed, 3780 deletions(-)