Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 850772 (CVE-2022-31625, CVE-2022-31626) - <dev-lang/php-{7.4.30,8.1.7,8.0.20}: multiple vulnerabilities
Summary: <dev-lang/php-{7.4.30,8.1.7,8.0.20}: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2022-31625, CVE-2022-31626
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://www.php.net/ChangeLog-8.php#8...
Whiteboard: B3 [glsa+]
Keywords:
Depends on: 853196
Blocks:
  Show dependency tree
 
Reported: 2022-06-09 16:26 UTC by John Helmert III
Modified: 2022-09-29 14:51 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-09 16:26:39 UTC
PHP-8.1.7 has been released with security fixes:

Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
Comment 1 Daniel Hiepler 2022-06-11 16:50:36 UTC
7.4.30 and 8.0.20 were released with security fixes aswell.
Comment 2 Larry the Git Cow gentoo-dev 2022-06-17 15:33:11 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4fcb3c9c1056d5cfbffe79808ecf7a7df85f4627

commit 4fcb3c9c1056d5cfbffe79808ecf7a7df85f4627
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2022-06-17 15:30:33 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2022-06-17 15:33:08 +0000

    dev-lang/php: Version bump for 8.1.7
    
    Bug: https://bugs.gentoo.org/850772
    Signed-off-by: Brian Evans <grknight@gentoo.org>

 dev-lang/php/Manifest         |   1 +
 dev-lang/php/php-8.1.7.ebuild | 759 ++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 760 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1051285f2c6040d26cf195813fc95eb5655d065

commit d1051285f2c6040d26cf195813fc95eb5655d065
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2022-06-17 13:39:26 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2022-06-17 15:33:08 +0000

    dev-lang/php: Version bump for 8.0.20
    
    Bug: https://bugs.gentoo.org/850772
    Signed-off-by: Brian Evans <grknight@gentoo.org>

 dev-lang/php/Manifest          |   1 +
 dev-lang/php/php-8.0.20.ebuild | 758 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 759 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=76a85812becbd12f300ee619fa78e0973c3e2cdf

commit 76a85812becbd12f300ee619fa78e0973c3e2cdf
Author:     Brian Evans <grknight@gentoo.org>
AuthorDate: 2022-06-17 13:20:01 +0000
Commit:     Brian Evans <grknight@gentoo.org>
CommitDate: 2022-06-17 15:33:07 +0000

    dev-lang/php: Version bump for 7.4.30
    
    Bug: https://bugs.gentoo.org/850772
    Signed-off-by: Brian Evans <grknight@gentoo.org>

 dev-lang/php/Manifest          |   1 +
 dev-lang/php/php-7.4.30.ebuild | 746 +++++++++++++++++++++++++++++++++++++++++
 2 files changed, 747 insertions(+)
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-18 13:43:48 UTC
Thanks! Please stabilize when ready.
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-26 14:23:35 UTC
GLSA request filed
Comment 5 Larry the Git Cow gentoo-dev 2022-09-29 14:48:26 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=4447c90f117a8f0928cc5e880f3cfc9fde7ee918

commit 4447c90f117a8f0928cc5e880f3cfc9fde7ee918
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2022-09-29 14:23:13 +0000
Commit:     John Helmert III <ajak@gentoo.org>
CommitDate: 2022-09-29 14:48:00 +0000

    [ GLSA 202209-20 ] PHP: Multiple Vulnerabilities
    
    Bug: https://bugs.gentoo.org/799776
    Bug: https://bugs.gentoo.org/810526
    Bug: https://bugs.gentoo.org/819510
    Bug: https://bugs.gentoo.org/833585
    Bug: https://bugs.gentoo.org/850772
    Bug: https://bugs.gentoo.org/857054
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: John Helmert III <ajak@gentoo.org>

 glsa-202209-20.xml | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 71 insertions(+)
Comment 6 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-09-29 14:51:50 UTC
GLSA released, all done!