"Phar: Fixed 79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)"
Let us know when ready to stable.
arm64 done
sparc done
amd64 done
arm done
x86 done
hppa stable
ppc done
ppc64 done all arches done
Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7476c2a596118d7287feb80a487f8e204f495334 commit 7476c2a596118d7287feb80a487f8e204f495334 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2020-09-01 11:39:25 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2020-09-01 11:39:25 +0000 dev-lang/php: remove old versions vulnerable to CVE-2020-7068. Bug: https://bugs.gentoo.org/736158 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-lang/php/Manifest | 8 - dev-lang/php/php-7.2.31.ebuild | 759 -------------------------------------- dev-lang/php/php-7.2.32.ebuild | 759 -------------------------------------- dev-lang/php/php-7.3.18.ebuild | 760 --------------------------------------- dev-lang/php/php-7.3.19.ebuild | 760 --------------------------------------- dev-lang/php/php-7.3.20.ebuild | 760 --------------------------------------- dev-lang/php/php-7.4.6.ebuild | 750 -------------------------------------- dev-lang/php/php-7.4.7.ebuild | 750 -------------------------------------- dev-lang/php/php-7.4.8-r1.ebuild | 750 -------------------------------------- 9 files changed, 6056 deletions(-)
New GLSA request filed.
This issue was resolved and addressed in GLSA 202009-10 at https://security.gentoo.org/glsa/202009-10 by GLSA coordinator Thomas Deutschmann (whissi).