[ubuntu/plucky-proposed] php8.3 8.3.11-0ubuntu2 (Accepted)

Leonidas Da Silva Barbosa leo.barbosa at canonical.com
Wed Dec 18 18:03:18 UTC 2024 

php8.3 (8.3.11-0ubuntu2) plucky; urgency=medium

  * SECURITY UPDATE: Buffer over read
    - debian/patches/CVE-2024-11233.patch: re arrange
      bound check code in ext/standard/filters.c,
      ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt.
    - CVE-2024-11233
  * SECURITY UPDATE: HTTP request smuggling
    - debian/patches/CVE-2024-11234.patch: avoiding
      fulluri CRLF injection in ext/standard/http_fopen_wrapper.c.
      .../tests/http/ghsa-c5f2-jwm7-mmq2.phpt.
    - CVE-2024-11234
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2024-11236-1.patch: adding an extralen check
      to avoid integer overflow in ext/pdo_dblib/dblib_driver.c,
      ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt.
    - debian/patches/CVE-2024-11236-2.patch: change qcount to size_t in
      order to avoid integer overflow and adding checks in
      ext/pdo_firebird/firebird_driver.c.
    - CVE-2024-11236
  * SECURITY UPDATE: Heap buffer over-reads
    - debian/patches/CVE-2024-8929.patch: fix buffer over-reads in
      ext/mysqlnd/mysqlnd_ps_codec.c,
      ext/mysqlnd/mysqlnd_wireprotocol.c, and create some phpt tests.
    - CVE-2024-8929
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2024-8932.patch: fix OOB in access in
      ldap_escape in ext/ldap/ldap.c,
      ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt,
      ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt.
    - CVE-2024-8932

Date: Mon, 16 Dec 2024 15:49:52 -0300
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/php8.3/8.3.11-0ubuntu2
-------------- next part --------------
Format: 1.8
Date: Mon, 16 Dec 2024 15:49:52 -0300
Source: php8.3
Built-For-Profiles: noudeb
Architecture: source
Version: 8.3.11-0ubuntu2
Distribution: plucky
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa at canonical.com>
Changes:
 php8.3 (8.3.11-0ubuntu2) plucky; urgency=medium
 .
   * SECURITY UPDATE: Buffer over read
     - debian/patches/CVE-2024-11233.patch: re arrange
       bound check code in ext/standard/filters.c,
       ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt.
     - CVE-2024-11233
   * SECURITY UPDATE: HTTP request smuggling
     - debian/patches/CVE-2024-11234.patch: avoiding
       fulluri CRLF injection in ext/standard/http_fopen_wrapper.c.
       .../tests/http/ghsa-c5f2-jwm7-mmq2.phpt.
     - CVE-2024-11234
   * SECURITY UPDATE: Integer overflow
     - debian/patches/CVE-2024-11236-1.patch: adding an extralen check
       to avoid integer overflow in ext/pdo_dblib/dblib_driver.c,
       ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt.
     - debian/patches/CVE-2024-11236-2.patch: change qcount to size_t in
       order to avoid integer overflow and adding checks in
       ext/pdo_firebird/firebird_driver.c.
     - CVE-2024-11236
   * SECURITY UPDATE: Heap buffer over-reads
     - debian/patches/CVE-2024-8929.patch: fix buffer over-reads in
       ext/mysqlnd/mysqlnd_ps_codec.c,
       ext/mysqlnd/mysqlnd_wireprotocol.c, and create some phpt tests.
     - CVE-2024-8929
   * SECURITY UPDATE: Integer overflow
     - debian/patches/CVE-2024-8932.patch: fix OOB in access in
       ldap_escape in ext/ldap/ldap.c,
       ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt,
       ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt.
     - CVE-2024-8932
Checksums-Sha1:
 bb989f19287cc70b035bb23ef603e8abb3c92ead 5633 php8.3_8.3.11-0ubuntu2.dsc
 19535a36022601ffab0697b403409907ad265330 91156 php8.3_8.3.11-0ubuntu2.debian.tar.xz
 87607b863d8a7dca9aa9fa8df1c1a3319bea02f3 15885 php8.3_8.3.11-0ubuntu2_source.buildinfo
Checksums-Sha256:
 de0526166dab3a59aebdac6c51f5fa687d88ad538a386130a48fe83f5df2049b 5633 php8.3_8.3.11-0ubuntu2.dsc
 d96b259a02e508d0ee7eb2ef086a087b3c16f5278f2cc78a22c10e109872b1a5 91156 php8.3_8.3.11-0ubuntu2.debian.tar.xz
 0fa78e4ba5386584bb5089f1b01937af78298a66dcacf4c43bc74953a023c7cd 15885 php8.3_8.3.11-0ubuntu2_source.buildinfo
Files:
 0de313b0bd7df9208ae438f26f566c51 5633 php optional php8.3_8.3.11-0ubuntu2.dsc
 be71c843f7f26882fc08569ce8bbf169 91156 php optional php8.3_8.3.11-0ubuntu2.debian.tar.xz
 b059a29f2aa57c7c5303ca9365847baa 15885 php optional php8.3_8.3.11-0ubuntu2_source.buildinfo
Original-Maintainer: Debian PHP Maintainers <team+pkg-php at tracker.debian.org>

More information about the plucky-changes mailing list