Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 889882 (CVE-2022-31631) - <dev-lang/php-{7.4.33-r1,8.0.27,8.1.14,8.2.1}: multiple vulnerabilities?
Summary: <dev-lang/php-{7.4.33-r1,8.0.27,8.1.14,8.2.1}: multiple vulnerabilities?
Status: RESOLVED FIXED
Alias: CVE-2022-31631
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL: https://www.php.net/ChangeLog-8.php#8...
Whiteboard: B4 [glsa+]
Keywords:
Depends on: 890367 895624
Blocks:
  Show dependency tree
 
Reported: 2023-01-05 19:01 UTC by John Helmert III
Modified: 2024-08-12 07:44 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-05 19:01:50 UTC
"This is a security release" according to the 8.1.14
release announcement, and I see this in the changelog:

"Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)"

Unsure if there's any other security-relevant changes.
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-05 19:18:07 UTC
8.2.1 is also released.
Comment 2 Larry the Git Cow gentoo-dev 2023-01-05 21:30:17 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ea29351e6d832a664c9205ece3e60ef28ca8917a

commit ea29351e6d832a664c9205ece3e60ef28ca8917a
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2023-01-05 21:29:41 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2023-01-05 21:30:13 +0000

    dev-lang/php: Version bump for 8.1.14
    
    Bug: https://bugs.gentoo.org/889882
    Signed-off-by: Brian Evans <grknight@gentoo.org>

 dev-lang/php/Manifest          |   1 +
 dev-lang/php/php-8.1.14.ebuild | 757 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 758 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=227858dba6257113140653f501de91625567cc5c

commit 227858dba6257113140653f501de91625567cc5c
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2023-01-05 21:11:33 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2023-01-05 21:30:13 +0000

    dev-lang/php: Version bump for 8.0.27
    
    Bug: https://bugs.gentoo.org/889882
    Signed-off-by: Brian Evans <grknight@gentoo.org>

 dev-lang/php/Manifest          |   1 +
 dev-lang/php/php-8.0.27.ebuild | 759 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 760 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7cb74e0dfb7422871ba57d0dc76fc8531576f32e

commit 7cb74e0dfb7422871ba57d0dc76fc8531576f32e
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2023-01-05 20:46:07 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2023-01-05 21:30:13 +0000

    dev-lang/php: Apply CVE-2022-31631 patch to 7.4.33
    
    Bug: https://bugs.gentoo.org/889882
    Signed-off-by: Brian Evans <grknight@gentoo.org>

 dev-lang/php/files/php-7.4.33-CVE-2022-31631.patch |  50 ++
 dev-lang/php/php-7.4.33-r1.ebuild                  | 750 +++++++++++++++++++++
 2 files changed, 800 insertions(+)
Comment 3 Larry the Git Cow gentoo-dev 2023-01-06 00:08:44 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=335f8c2846f9c33f907d5deb92ead13a690f12c7

commit 335f8c2846f9c33f907d5deb92ead13a690f12c7
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2023-01-06 00:08:12 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2023-01-06 00:08:12 +0000

    dev-lang/php: Version bump for 8.2.1
    
    Bug: https://bugs.gentoo.org/889882
    Signed-off-by: Brian Evans <grknight@gentoo.org>

 dev-lang/php/Manifest         |   1 +
 dev-lang/php/php-8.2.1.ebuild | 759 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 760 insertions(+)
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-01-06 04:51:53 UTC
Please stabilize when ready.
Comment 5 Larry the Git Cow gentoo-dev 2024-08-12 07:43:50 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=30ce731e4321742de9b62d58a1f60dbe0cb57e0d

commit 30ce731e4321742de9b62d58a1f60dbe0cb57e0d
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-12 07:39:21 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-12 07:43:34 +0000

    [ GLSA 202408-32 ] PHP: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/889882
    Bug: https://bugs.gentoo.org/895416
    Bug: https://bugs.gentoo.org/908259
    Bug: https://bugs.gentoo.org/912331
    Bug: https://bugs.gentoo.org/929929
    Bug: https://bugs.gentoo.org/933752
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-32.xml | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)