[ubuntu/focal-security] php7.4 7.4.3-4ubuntu2.29 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Mon Mar 31 20:34:50 UTC 2025
php7.4 (7.4.3-4ubuntu2.29) focal-security; urgency=medium
* SECURITY UPDATE: Use after free
- debian/patches/CVE-2024-11235.patch: fix incorrect live-range
calculation in Zend/zend_opcode.c and add tests in
Zend/tests/ghsa-rwp7-7vc6-8477_001.phpt,
Zend/tests/ghsa-rwp7-7vc6-8477_002.phpt,
Zend/tests/ghsa-rwp7-7vc6-8477_003.phpt.
- CVE-2024-11235
* SECURITY UPDATE: Incorrect MIME type
- debian/patches/CVE-2025-1217-*.patch: adds HTTP header folding
support for HTTP wrapper response headers in
ext/standard/http_fopen_wrapper.c and add tests in
ests/http/ghsa-v8xr-gpvj-cx9g-001.phpt,
tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt,
tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt,
tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt,
tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt,
tests/http/http_response_header_05.phpt.
- debian/patches/openssl-server-8.1.patch: Use empheral ports
for OpenSSL server client tests in
ext/openssl/tests/ServerClientTestCase-8.1.inc.
- CVE-2025-1217
* SECURITY UPDATE: Invalid header
- debian/patches/CVE-2025-1734.patch: fix in ext/standard/http_fopen_wrapper.c
and add tests in
ext/standard/tests/http/bug47021.phpt,
ext/standard/tests/http/bug75535.phpt,
tests/http/ghsa-pcmh-g36c-qc44-001.phpt,
tests/http/ghsa-pcmh-g36c-qc44-002.phpt.
- CVE-2025-1734
* SECURITY UPDATE: Location truncation
- debian/patches/CVE-2025-1861.patch: converts the
allocation of location to be on heap instead of stack
in ext/standard/http_fopen_wrapper.c and add tests in
tests/http/ghsa-52jp-hrpf-2jff-001.phpt,
tests/http/ghsa-52jp-hrpf-2jff-002.phpt.
- CVE-2025-1861
Date: 2025-03-27 01:30:12.363793+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/php7.4/7.4.3-4ubuntu2.29
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list