URL says 8.0.23 is a security release, but no CVEs in changelog. There are a few crashes and such, but I'm not sure I understand how they're security-relevant when PHP code executed is generally trusted. 8.1.10 was also released today and that's not labeled as a security bump, despite seemingly fixing some of the same issues. Please bump to 8.0.23.
Please stabilize. commit a07b974ba46558e71c4d89286c6a6c4fb023b1b8 Author: Brian Evans <grknight@gentoo.org> Date: Sat Sep 10 20:56:39 2022 -0400 dev-lang/php: Version bump for 8.0.23 Signed-off-by: Brian Evans <grknight@gentoo.org> commit 5994eccf962086fb2d6b323ae88f04dacf797e89 Author: Brian Evans <grknight@gentoo.org> Date: Sat Sep 10 20:10:59 2022 -0400 dev-lang/php: Version bump for 8.1.10 Signed-off-by: Brian Evans <grknight@gentoo.org>
GLSA request filed
(In reply to John Helmert III from comment #2) > GLSA request filed Whoops, didn't add actually add this bug to the GLSA properly. I suppose we'll throw it in the next one.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a1c6623b6eaf15e917c58aa4f27b51911625e28f commit a1c6623b6eaf15e917c58aa4f27b51911625e28f Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-11-19 03:32:18 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-11-22 03:59:39 +0000 [ GLSA 202211-03 ] PHP: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/867913 Bug: https://bugs.gentoo.org/873376 Bug: https://bugs.gentoo.org/877853 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202211-03.xml | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+)
GLSA released, all done!
