[ubuntu/xenial-security] php7.0 7.0.33-0ubuntu0.16.04.11 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Mon Feb 17 18:25:33 UTC 2020

php7.0 (7.0.33-0ubuntu0.16.04.11) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2015-9253.patch: directly listen
      on socket, instead duping it to STDIN in
      sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm_stdio.c,
      and added tests to sapi/fpm/tests/bug73342-nonblocking-stdio.phpt.
    - CVE-2015-9253
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-7059.patch: fix OOB read in
      php_strip_tags_ex in ext/standard/string.c and added test
    - CVE-2020-7059
  * SECURITY UPDATE: Buffer-overflow
    - debian/patches/CVE-2020-7060.patch: fix adding a check function
      is_in_cp950_pua in  ext/mbstring/libmbfl/filters/mbfilter_big5.c
      and added test ext/mbstring/tests/bug79037.phpt.
    - CVE-2020-7060

Date: 2020-02-17 11:49:14.937603+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list