[ubuntu/oracular-proposed] php8.3 8.3.11-0ubuntu0.24.10.2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Mon Sep 30 17:00:38 UTC 2024
php8.3 (8.3.11-0ubuntu0.24.10.2) oracular; urgency=medium
* SECURITY UPDATE: Erroneous parsing of multipart form data
- debian/patches/CVE-2024-8925.patch: limit bounday size in
main/rfc1867.c, tests/basic/*.
- CVE-2024-8925
* SECURITY UPDATE: Parameter Injection Vulnerability
- debian/patches/CVE-2024-8926.patch: always skip the argument parsing
in CGI or FastCGI mode in sapi/cgi/cgi_main.c.
- CVE-2024-8926
* SECURITY UPDATE: cgi.force_redirect configuration can be bypassed due
to environment variable collision
- debian/patches/CVE-2024-8927.patch: check for REDIRECT_STATUS in
sapi/cgi/cgi_main.c.
- CVE-2024-8927
* SECURITY UPDATE: Logs from childrens may be altered
- debian/patches/CVE-2024-9026.patch: properly calculate size in
sapi/fpm/fpm/fpm_stdio.c, sapi/fpm/tests/*.
- CVE-2024-9026
Date: Mon, 30 Sep 2024 08:07:44 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/php8.3/8.3.11-0ubuntu0.24.10.2
-------------- next part --------------
Format: 1.8
Date: Mon, 30 Sep 2024 08:07:44 -0400
Source: php8.3
Built-For-Profiles: noudeb
Architecture: source
Version: 8.3.11-0ubuntu0.24.10.2
Distribution: oracular
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
php8.3 (8.3.11-0ubuntu0.24.10.2) oracular; urgency=medium
.
* SECURITY UPDATE: Erroneous parsing of multipart form data
- debian/patches/CVE-2024-8925.patch: limit bounday size in
main/rfc1867.c, tests/basic/*.
- CVE-2024-8925
* SECURITY UPDATE: Parameter Injection Vulnerability
- debian/patches/CVE-2024-8926.patch: always skip the argument parsing
in CGI or FastCGI mode in sapi/cgi/cgi_main.c.
- CVE-2024-8926
* SECURITY UPDATE: cgi.force_redirect configuration can be bypassed due
to environment variable collision
- debian/patches/CVE-2024-8927.patch: check for REDIRECT_STATUS in
sapi/cgi/cgi_main.c.
- CVE-2024-8927
* SECURITY UPDATE: Logs from childrens may be altered
- debian/patches/CVE-2024-9026.patch: properly calculate size in
sapi/fpm/fpm/fpm_stdio.c, sapi/fpm/tests/*.
- CVE-2024-9026
Checksums-Sha1:
7b221d758612f82c0e9d5e40acb0c382d57cf194 5665 php8.3_8.3.11-0ubuntu0.24.10.2.dsc
03138bed484e5342f82e740383e512a40ed50d11 78536 php8.3_8.3.11-0ubuntu0.24.10.2.debian.tar.xz
ec534c981633aa298f37e16663e51905ff155342 16246 php8.3_8.3.11-0ubuntu0.24.10.2_source.buildinfo
Checksums-Sha256:
4e773ea658ef7da9b5ae1c760cc7d3248b15aae5aff23b6ca778f047028fe990 5665 php8.3_8.3.11-0ubuntu0.24.10.2.dsc
3cd5bd9e017ef3871a564a5a919606c9432b263a52d7289d77a1f0c807b5dbd6 78536 php8.3_8.3.11-0ubuntu0.24.10.2.debian.tar.xz
73ac9275774c609390c580fd5786fbcb75be9f68a89a5465238fec94fe6b8857 16246 php8.3_8.3.11-0ubuntu0.24.10.2_source.buildinfo
Files:
4e4ee13bc089548382dd61120b3aa3ae 5665 php optional php8.3_8.3.11-0ubuntu0.24.10.2.dsc
df43232b6e6fd9e73dc8e892999e05f9 78536 php optional php8.3_8.3.11-0ubuntu0.24.10.2.debian.tar.xz
d07a5a9e86bf63bfb9896d62f283b4af 16246 php optional php8.3_8.3.11-0ubuntu0.24.10.2_source.buildinfo
Original-Maintainer: Debian PHP Maintainers <team+pkg-php at tracker.debian.org>
More information about the oracular-changes
mailing list