916516 – <dev-lang/php-8.2.11: security release

Bug 916516 - <dev-lang/php-8.2.11: security release

Summary: <dev-lang/php-8.2.11: security release

Status:	RESOLVED OBSOLETE

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor
Assignee:	Gentoo Security

URL:	https://news-web.php.net/php.announce...
Whiteboard:	B4 [stable?]
Keywords:

Depends on:
Blocks:

Reported:	2023-10-30 00:01 UTC by John Helmert III
Modified:	2024-08-14 08:11 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description John Helmert III archtester

2023-10-30 00:01:43 UTC

8.2.11 release announcement calls itself a security
release. Somewhat strangely, the contemporaneous 8.1 release doesn't
call itself a security release. I don't see anything in particular
which jumps out as significantly security-impactful, other than maybe:

- Fixed bug GH-12073 (Segfault when freeing incompletely initialized closures).
- Fixed bug GH-12060 (Internal iterator rewind handler is called twice).
- Fix memory leak when setting an invalid DOMDocument encoding.
- Fixed memory leak with failed SQLPrepare.

Comment 1 Hans de Graaff gentoo-dev

2024-08-12 08:11:19 UTC

Did it ever become clear what the security issues (if any) were? Otherwise I would propose to close this bug.

Comment 2 Michael Orlitzky gentoo-dev

2024-08-13 16:22:53 UTC

Maybe the segfault? But pretty much every release of PHP is a security release & we've stabilized several since this bug was opened. RESOLVED->OBSOLETE is the easy way out.

Comment 3 Hans de Graaff gentoo-dev

2024-08-14 08:11:29 UTC

This is fine with me. @ajak: if you feel differently please re-open the bug.