[ubuntu/focal-security] php7.4 7.4.3-4ubuntu2.20 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Feb 27 10:42:48 UTC 2024
php7.4 (7.4.3-4ubuntu2.20) focal-security; urgency=medium
* SECURITY UPDATE: Disclosure sensitive information
- debian/patches/CVE-2023-3823.patch: sanitieze libxml2 globals
before parsing in ext/dom/document.c, ext/dom/documentfragment.c,
xml_global_state_entity_loader_bypass.phpt, ext/libxml/php_libxml.h,
ext/simplexml/simplexml.c, xml_global_state_entity_loader_bypass.phpt,
ext/soap/php_xml.c, ext/xml/compat.c, ext/xmlreader/php_xmlreader.c,
xml_global_state_entity_loader_bypass.phpt, ext/xsl/xsltprocessor.c,
ext/zend_test/test.c.
- CVE-2023-3823
* SECURITY UPDATE: Stack buffer overflow
- debian/patches/CVE-2023-3824.patch: fix buffer mismanagement in
phar_dir_read(), and in files ext/phar/dirstream.c,
ext/phar/tests/GHSA-jqcx-ccgx-xwhv.phpt.
- CVE-2023-3824
Date: 2024-02-22 13:59:09.573739+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.20
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list