Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823) Phar: Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). (CVE-2023-3824)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78205d9878dfc9826ce1d7046d2f7c2b3dd5d073 commit 78205d9878dfc9826ce1d7046d2f7c2b3dd5d073 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2023-08-15 23:51:49 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2023-08-15 23:55:23 +0000 dev-lang/php: add 8.0.30 Fixes CVE-2023-3823 and CVE-2023-3824. Bug: https://bugs.gentoo.org/912331 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-lang/php/Manifest | 1 + dev-lang/php/php-8.0.30.ebuild | 757 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 758 insertions(+)
Also fixed in 8.1.22, 8.2.9. First fixed 8.1 in Gentoo was 8.1.23.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=30ce731e4321742de9b62d58a1f60dbe0cb57e0d commit 30ce731e4321742de9b62d58a1f60dbe0cb57e0d Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-08-12 07:39:21 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-08-12 07:43:34 +0000 [ GLSA 202408-32 ] PHP: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/889882 Bug: https://bugs.gentoo.org/895416 Bug: https://bugs.gentoo.org/908259 Bug: https://bugs.gentoo.org/912331 Bug: https://bugs.gentoo.org/929929 Bug: https://bugs.gentoo.org/933752 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202408-32.xml | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 71 insertions(+)
