* https://www.php.net/ChangeLog-8.php#8.1.30 * https://www.php.net/ChangeLog-8.php#8.2.24 * https://www.php.net/ChangeLog-8.php#8.3.12 Only 8.1 and 8.2 are stable, the vulnerable 8.3 ebuild is gone already.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=681de9cd0cd49ec8f318f71af0c5917f69f302d8 commit 681de9cd0cd49ec8f318f71af0c5917f69f302d8 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2025-01-23 07:26:35 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2025-01-23 07:27:18 +0000 [ GLSA 202501-11 ] PHP: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/941598 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202501-11.xml | 54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+)
As noted in the original description on this bug, PHP 8.1.30 is not affected. However, the GLSA entry lists only >=8.2.24 and >=8.3.12 as unaffected versions, which leads to an issue with at least Tenable developing a plugin that does not recognize 8.1.30 as being an acceptable/patched version for this advisory. Can the advisory be updated to add >=8.1.30 to the unaffected versions?
