[ubuntu/xenial-security] php7.0 7.0.33-0ubuntu0.16.04.14 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Apr 15 13:40:27 UTC 2020
php7.0 (7.0.33-0ubuntu0.16.04.14) xenial-security; urgency=medium
* SECURITY UDPATE: Null dereference pointer
- debian/patches/CVE-2020-7062.patch: avoid null dereference in
ext/session/session.c, ext/session/tests/bug79221.phpt.
- CVE-2020-7062
* SECURITY UPDATE: Lax permissions on files added to tar with Phar
- debian/patches/CVE-2020-7063.patch: enforce correct permissions
for files add to tar with Phar in ext/phar/phar_object.c,
ext/phar/tests/bug79082.phpt, ext/phar/tests/test79082*.
- CVE-2020-7063
* SECURITY UPDATE: Read one byte of uninitialized memory
- debian/patches/CVE-2020-7064.patch: check length in
exif_process_TIFF_in_JPEG to avoid read uninitialized memory
ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
- debian/patches/0001-Fix-test-bug79282.patch: fix test in
ext/exif/tests/bug79282.phpt.
- CVE-2020-7064
* SECURITY UPDATE: Truncated url due \0
- debian/patches/CVE-2020-7066.patch: check for get_headers
not accepting \0 in ext/standard/url.c.
- CVE-2020-7066
Date: 2020-04-09 15:43:14.331337+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/php7.0/7.0.33-0ubuntu0.16.04.14
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list