[ubuntu/impish-security] php8.0 8.0.8-1ubuntu0.3 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon Mar 7 12:33:47 UTC 2022
php8.0 (8.0.8-1ubuntu0.3) impish-security; urgency=medium
* SECURITY UPDATE: DoS in zend_string_extend function
- debian/patches/CVE-2017-8923.patch: fix integer Overflow when
concatenating strings in Zend/zend_vm_def.h, Zend/zend_vm_execute.h.
- CVE-2017-8923
* SECURITY UPDATE: out of bounds access in php_pcre_replace_impl
- debian/patches/CVE-2017-9118-pre1.patch: fix heap buffer overflow via
str_repeat in Zend/zend_operators.c, Zend/zend_string.h.
- debian/patches/CVE-2017-9118-pre3.patch: fix too much memory is
allocated for preg_replace() in ext/pcre/php_pcre.c,
ext/pcre/tests/bug81243.phpt.
- debian/patches/CVE-2017-9118.patch: fix out of bounds in
php_pcre_replace_impl in Zend/zend_string.h, ext/pcre/php_pcre.c.
- CVE-2017-9118
* SECURITY UPDATE: DoS via integer overflow in mysqli_real_escape_string
- debian/patches/CVE-2017-9120.patch: fix overflow in
ext/mysqli/mysqli_api.c.
- CVE-2017-9120
* SECURITY UPDATE: filename truncation issue in XML parsing functions
- debian/patches/CVE-2021-21707.patch: special character is breaking
the path in xml function in ext/dom/domimplementation.c,
ext/dom/tests/bug79971_2.phpt, ext/libxml/libxml.c,
ext/simplexml/tests/bug79971_1.phpt,
ext/simplexml/tests/bug79971_1.xml.
- CVE-2021-21707
Date: 2022-03-03 17:55:09.557856+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/php8.0/8.0.8-1ubuntu0.3
-------------- next part --------------
Sorry, changesfile not available.
More information about the impish-changes
mailing list