Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 929929 (CVE-2024-2756, CVE-2024-2757, CVE-2024-3096) - <dev-lang/php-{8.1.28,8.2.18,8.3.6}: multiple vulnerabilities
Summary: <dev-lang/php-{8.1.28,8.2.18,8.3.6}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2024-2756, CVE-2024-2757, CVE-2024-3096
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://www.php.net/ChangeLog-8.php
Whiteboard: A3 [glsa+]
Keywords:
: 929930 (view as bug list)
Depends on: 929928
Blocks:
  Show dependency tree
 
Reported: 2024-04-13 16:22 UTC by Michael Orlitzky
Modified: 2024-08-12 07:45 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Orlitzky gentoo-dev 2024-04-13 16:22:08 UTC
Announcements:

 * https://news-web.php.net/php.announce/423
 * https://news-web.php.net/php.announce/424
 * https://news-web.php.net/php.announce/425

CVEs:

 * CVE-2024-1874
 * CVE-2024-2756
 * CVE-2024-2757
 * CVE-2024-3096

Fixed versions are 8.1.28 (stable), 8.2.18 (stable), and 8.3.6 (unstable). Sorry in advance for not knowing how to express this in the summary :)
Comment 1 Christopher Fore 2024-04-13 16:32:12 UTC
*** Bug 929930 has been marked as a duplicate of this bug. ***
Comment 2 Christopher Fore 2024-04-13 16:34:45 UTC
No worries! In the future could you put the CVEs in the alias too? :)
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2024-04-13 16:36:20 UTC
Also, if possible, please consider committing each new version in a separate commit (ditto cleanups).
Comment 4 Larry the Git Cow gentoo-dev 2024-08-12 07:43:49 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=30ce731e4321742de9b62d58a1f60dbe0cb57e0d

commit 30ce731e4321742de9b62d58a1f60dbe0cb57e0d
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-08-12 07:39:21 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-08-12 07:43:34 +0000

    [ GLSA 202408-32 ] PHP: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/889882
    Bug: https://bugs.gentoo.org/895416
    Bug: https://bugs.gentoo.org/908259
    Bug: https://bugs.gentoo.org/912331
    Bug: https://bugs.gentoo.org/929929
    Bug: https://bugs.gentoo.org/933752
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202408-32.xml | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)