[ubuntu/jammy-security] php8.1 8.1.2-1ubuntu2.14 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Aug 23 17:02:49 UTC 2023
php8.1 (8.1.2-1ubuntu2.14) jammy-security; urgency=medium
* SECURITY UPDATE: Disclosure sensitive information
- debian/patches/CVE-2023-3823.patch: sanitieze libxml2 globals
before parsing in ext/dom/document.c, ext/dom/documentfragment.c,
xml_global_state_entity_loader_bypass.phpt, ext/libxml/php_libxml.h,
ext/simplexml/simplexml.c, xml_global_state_entity_loader_bypass.phpt,
ext/soap/php_xml.c, ext/xml/compat.c, ext/xmlreader/php_xmlreader.c,
xml_global_state_entity_loader_bypass.phpt, ext/xsl/xsltprocessor.c,
ext/zend_test/test.c, ext/zend_test/test.stub.php.
- CVE-2023-3823
* SECURITY UPDATE: Stack buffer overflow
- debian/patches/CVE-2023-3824.patch: fix buffer mismanagement in
phar_dir_read(), and in files ext/phar/dirstream.c,
ext/phar/tests/GHSA-jqcx-ccgx-xwhv.phpt.
- CVE-2023-3824
Date: 2023-08-21 09:28:11.991990+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.14
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list