Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 703326 (CVE-2019-11045, CVE-2019-11046, CVE-2019-11047, CVE-2019-11049, CVE-2019-11050) - <dev-lang/php-{7.2.26,7.3.13,7.4.1}: multiple vulnerabilities (CVE-2019-{11045,11046,11047,11049,11050})
Summary: <dev-lang/php-{7.2.26,7.3.13,7.4.1}: multiple vulnerabilities (CVE-2019-{1104...
Status: RESOLVED FIXED
Alias: CVE-2019-11045, CVE-2019-11046, CVE-2019-11047, CVE-2019-11049, CVE-2019-11050
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-12-19 02:53 UTC by GLSAMaker/CVETool Bot
Modified: 2020-01-17 20:15 UTC (History)
1 user (show)

See Also:
Package list:
dev-lang/php-7.2.26 dev-lang/php-7.3.13
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2019-12-19 02:53:05 UTC 
Incoming details.
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2019-12-19 02:57:05 UTC 
Bcmath:
Fixed bug https://bugs.php.net/bug.php?id=78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)

Core:
Fixed bug https://bugs.php.net/bug.php?id=78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
Fixed bug https://bugs.php.net/bug.php?id=78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049).


EXIF:
Fixed bug https://bugs.php.net/bug.php?id=78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
Fixed bug https://bugs.php.net/bug.php?id=78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047)
Comment 2 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-12-23 09:22:06 UTC 
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2019-12-24 08:09:15 UTC 
x86 stable
Comment 4 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-12-24 14:02:14 UTC 
arm stable
Comment 5 Aaron Bauman (RETIRED) gentoo-dev 2019-12-25 20:05:05 UTC 
arm64 stable
Comment 6 Sergei Trofimovich (RETIRED) gentoo-dev 2019-12-25 21:02:34 UTC 
hppa/ia64 stable
Comment 7 Agostino Sarubbo gentoo-dev 2019-12-30 15:54:26 UTC 
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2019-12-31 08:18:29 UTC 
ppc64 stable
Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev 2020-01-17 20:15:36 UTC 
GLSA Vote: No!

Repository is clean, all done!