[ubuntu/eoan-security] php7.3 7.3.11-0ubuntu0.19.10.4 (Accepted)

[Leonidas S. Barbosa]

php7.3 (7.3.11-0ubuntu0.19.10.4) eoan-security; urgency=medium

  * SECURITY UDPATE: Null dereference pointer
    - debian/patches/CVE-2020-7062.patch: avoid null dereference in
      ext/session/session.c.
    - CVE-2020-7062
  * SECURITY UPDATE: Lax permissions on files added to tar with Phar
    - debian/patches/CVE-2020-7063.patch: enforce correct permissions
      for files add to tar with Phar in ext/phar/phar_object.c,
      ext/phar/tests/bug79082.phpt, ext/phar/tests/test79082*.
    - CVE-2020-7063
  * SECURITY UPDATE: Read one byte of uninitialized memory
    - debian/patches/CVE-2020-7064.patch: check length in
      exif_process_TIFF_in_JPEG to avoid read uninitialized memory
      ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
    - CVE-2020-7064
  * SECURITY UPDATE: Memory corruption, crash and potentially code execution
    - debian/patches/CVE-2020-7065.patch: make sure that negative values are
      properly compared in ext/mbstring/php_unicode.c,
      ext/mbstring/tests/bug70371.phpt.
    - CVE-2020-7065
  * SECURITY UPDATE: Truncated url due \0
    - debian/patches/CVE-2020-7066.patch: check for get_headers
      not accepting \0 in ext/standard/url.c.
    - CVE-2020-7066

Date: 2020-04-09 12:42:16.845233+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/php7.3/7.3.11-0ubuntu0.19.10.4
-------------- next part --------------
Sorry, changesfile not available.