[ubuntu/focal-updates] php7.4 7.4.3-4ubuntu2.22 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Fri May 3 02:28:33 UTC 2024
php7.4 (7.4.3-4ubuntu2.22) focal-security; urgency=medium
* SECURITY UPDATE: Heap buffer-overflow
- debian/patches/CVE-2022-4900.patch: prevent potential buffer
overflow for large valye of php_cli_server_workers_max in
sapi/cli/php_cli_server.c.
- CVE-2022-4900
* SECURITY UPDATE: Cookie by pass
- debian/patches/CVE-2024-2756.patch: adds more mangling rules
in main/php_variable.c.
- CVE-2024-2756
* SECURITY UPDATE: Account take over risk
- debian/patches/CVE-2024-3096.patch: disallow null character in bcrypt
password in ext/standard/password.c,
ext/standard/tests/password_bcrypt_errors.phpt.
- CVE-2024-3096
php7.4 (7.4.3-4ubuntu2.21) focal; urgency=medium
* d/p/fix-segfault-in-fpm_status_export_to_zval.patch: fix segmentation
fault in fpm_status_export_to_zval. (LP: #2057576)
Date: 2024-05-01 13:52:10.146690+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.22
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list