929929 – (CVE-2024-2756, CVE-2024-2757, CVE-2024-3096) <dev-lang/php-{8.1.28,8.2.18,8.3.6}: multiple vulnerabilities

Bug 929929 (CVE-2024-2756, CVE-2024-2757, CVE-2024-3096) - <dev-lang/php-{8.1.28,8.2.18,8.3.6}: multiple vulnerabilities

Summary: <dev-lang/php-{8.1.28,8.2.18,8.3.6}: multiple vulnerabilities

Status:	CONFIRMED

Alias:	CVE-2024-2756, CVE-2024-2757, CVE-2024-3096

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.php.net/ChangeLog-8.php
Whiteboard:	A3 [stable]
Keywords:

Duplicates (1):	929930 (view as bug list)
Depends on:	929928
Blocks:
	Show dependency tree

Reported:	2024-04-13 16:22 UTC by Michael Orlitzky
Modified:	2024-04-21 19:21 UTC (History)
CC List:	3 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Orlitzky gentoo-dev

2024-04-13 16:22:08 UTC

Announcements:

 * https://news-web.php.net/php.announce/423
 * https://news-web.php.net/php.announce/424
 * https://news-web.php.net/php.announce/425

CVEs:

 * CVE-2024-1874
 * CVE-2024-2756
 * CVE-2024-2757
 * CVE-2024-3096

Fixed versions are 8.1.28 (stable), 8.2.18 (stable), and 8.3.6 (unstable). Sorry in advance for not knowing how to express this in the summary :)

Comment 1 Christopher Fore 2024-04-13 16:32:12 UTC

*** Bug 929930 has been marked as a duplicate of this bug. ***

Comment 2 Christopher Fore 2024-04-13 16:34:45 UTC

No worries! In the future could you put the CVEs in the alias too? :)

Comment 3 Sam James archtester

2024-04-13 16:36:20 UTC

Also, if possible, please consider committing each new version in a separate commit (ditto cleanups).