[ubuntu/bionic-security] php7.2 7.2.24-0ubuntu0.18.04.15 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Nov 8 14:54:11 UTC 2022
php7.2 (7.2.24-0ubuntu0.18.04.15) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2022-31628-1.patch: adding a recursion limit
in ext/phar/phar.c, ext/phar/tests/bug81726.phpt.
- debian/source/include-binaries: add ext/phar/tests/bug81726.gz.
- debian/patches/CVE-2022-31628-2.patch: avoid a second check in
ext/phar/phar.c.
- CVE-2022-31628
* SECURITY UPDATE: Cookie injection
- debian/patches/CVE-2022-31629.patch: don't mangle HTTP
variable names that clash with ones that have a specific semantic
meaning in ext/standard/test/bug81727.phpt,
main/php_variables.c.
- CVE-2022-31629
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2022-37454.patch: fixes buffer overflow in
hash_update() on long parameter in
ext/hash/sha3/generic32lc/KeccakSponge.inc,
ext/hash/sha3/generic64lc/KeccakSponge.inc.
- CVE-2022-37454
Date: 2022-11-02 13:41:13.352313+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/php7.2/7.2.24-0ubuntu0.18.04.15
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list