[ubuntu/jammy-security] php8.1 8.1.2-1ubuntu2.8 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Tue Nov 8 14:54:22 UTC 2022 

php8.1 (8.1.2-1ubuntu2.8) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-31628-1.patch: adding a recursion limit
      in ext/phar/phar.c, ext/phar/tests/bug81726.phpt.
    - debian/source/include-binaries: add ext/phar/tests/bug81726.gz.
    - debian/patches/CVE-2022-31628-2.patch: avoid a second check in
      ext/phar/phar.c.
    - CVE-2022-31628
  * SECURITY UPDATE: Cookie injection
    - debian/patches/CVE-2022-31629.patch: don't mangle HTTP
      variable names that clash with ones that have a specific semantic
      meaning in ext/standard/test/bug81727.phpt,
      main/php_variables.c.
    - CVE-2022-31629
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2022-31630.patch: adds validation in
      imageloadfont() for OOB in ext/gd/gd.c, ext/gd/tests/bug81739.phpt.
    - CVE-2022-31630
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2022-37454.patch: fixes buffer overflow in
      hash_update() on long parameter in
      ext/hash/sha3/generic32lc/KeccakSponge.inc,
      ext/hash/sha3/generic64lc/KeccakSponge.inc.
    - CVE-2022-37454

php8.1 (8.1.2-1ubuntu2.6) jammy; urgency=medium

  * d/rules: fix PHP_EXTRA_VERSION setting. (LP: #1989196)
  * Test PHP_EXTRA_VERSION setting with autopkgtest.

php8.1 (8.1.2-1ubuntu2.5) jammy; urgency=medium

  * d/p/0048-Clear-recorded-errors-before-executing-shutdown-func.patch:
    backport OPcache autoloading fix from 8.1.6. (LP: #1983205)

php8.1 (8.1.2-1ubuntu2.4) jammy; urgency=medium

  * d/p/0047-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc
    function attributes. (LP: #1882279)

php8.1 (8.1.2-1ubuntu2.3) jammy; urgency=medium

  * d/p/0046-Fix-ssl3-unexpected-eof.patch: fix OpenSSL3 related unexpected
    EOF failure. This patch was originally introduced in PHP 8.1.7 to maintain
    compatibility with servers that are not yet compatible with new OpenSSL 3
    changes. This lack of compatibility would result in errors like
    "error:0A000126:SSL routines::unexpected eof while reading in LOCATION".
    (LP: #1975626)

Date: 2022-11-03 14:19:19.044105+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.8
-------------- next part --------------
Sorry, changesfile not available.

More information about the jammy-changes mailing list