[ubuntu/mantic-security] php8.2 8.2.10-2ubuntu2.1 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Thu May 2 16:24:35 UTC 2024
php8.2 (8.2.10-2ubuntu2.1) mantic-security; urgency=medium
* SECURITY UPDATE: Cookie by pass
- debian/patches/CVE-2024-2756.patch: adds more mangling rules
in main/php_variable.c.
- CVE-2024-2756
* SECURITY UPDATE: Account take over risk
- debian/patches/CVE-2024-3096.patch: disallow null character in bcrypt
password in ext/standard/password.c,
ext/standard/tests/password_bcrypt_errors.phpt.
- CVE-2024-3096
Date: 2024-05-01 14:47:09.817407+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/php8.2/8.2.10-2ubuntu2.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the mantic-changes
mailing list