[ubuntu/focal-security] php7.4 7.4.3-4ubuntu2.2 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed May 27 18:08:25 UTC 2020
php7.4 (7.4.3-4ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service through oversized memory allocated
- debian/patches/CVE-2019-11048.patch: changes types int to size_t
in main/rfc1867.c.
- CVE-2019-11048
php7.4 (7.4.3-4ubuntu2.1) focal; urgency=medium
* libapache2-mod-php.postinst.extra: Disable other mod-php versions.
Fixes failure when upgrading from previous versions of mod-php.
(LP: #1865218)
php7.4 (7.4.3-4ubuntu2) focal; urgency=medium
* SECURITY UPDATE: Read one byte of uninitialized memory
- debian/patches/CVE-2020-7064.patch: check length in
exif_process_TIFF_in_JPEG to avoid read uninitialized memory
ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
- CVE-2020-7064
* SECURITY UPDATE: Memory corruption, crash and potentially code execution
- debian/patches/CVE-2020-7065.patch: make sure that negative values are
properly compared in ext/mbstring/php_unicode.c,
ext/mbstring/tests/bug70371.phpt.
- CVE-2020-7065
* SECURITY UPDATE: Truncated url due \0
- debian/patches/CVE-2020-7066.patch: check for get_headers
not accepting \0 in ext/standard/url.c.
- CVE-2020-7066
Date: 2020-05-26 20:20:34.600242+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list