Ubuntu
php7.2 package

[MRE] Please update to latest upstream release 7.2.17 & 7.3.4

Bug #1823386 reported by Simon Déziel on 2019-04-05

258

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	php7.2 (Ubuntu)	Fix Released	Medium	Marc Deslauriers
	Bionic	Fix Released	Medium	Marc Deslauriers
	Cosmic	Invalid	Medium	Marc Deslauriers
	Disco	Fix Released	Medium	Marc Deslauriers
	php7.3 (Ubuntu)	Fix Released	Undecided	Unassigned

Bug Description

Upstream has released microversions addressing security issues (pending CVE attribution) and other bug fixes.

PHP 7.2.16 / 7.3.3 (07 Mar 2019):

* The CVEs addressed were backported by the security team already

PHP 7.2.17 / 7.3.4 (04 Apr 2019):

* https://bugs.php.net/bug.php?id=77753 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11034
* https://bugs.php.net/bug.php?id=77831 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11035
Changelog: https://secure.php.net/ChangeLog-7.php

See original description

CVE References

Simon Déziel (sdeziel) on 2019-04-05

information type:

Private Security → Public Security

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2019-04-08:

#1

@security (now subscribed) are you on that already?

Simon Déziel (sdeziel) on 2019-04-17

description:

updated

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2019-04-17:

#2

CVE-2019-11034
CVE-2019-11035

Changed in php7.2 (Ubuntu Bionic):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in php7.2 (Ubuntu Cosmic):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in php7.2 (Ubuntu Disco):
assignee:	nobody → Marc Deslauriers (mdeslaur)
Changed in php7.2 (Ubuntu Bionic):
status:	New → Confirmed
Changed in php7.2 (Ubuntu Cosmic):
status:	New → Confirmed
Changed in php7.2 (Ubuntu Disco):
status:	New → Confirmed
Changed in php7.2 (Ubuntu Bionic):
importance:	Undecided → Medium
Changed in php7.2 (Ubuntu Cosmic):
importance:	Undecided → Medium
Changed in php7.2 (Ubuntu Disco):
importance:	Undecided → Medium

Revision history for this message

Bryce Harrington (bryce) wrote on 2019-09-12:

#3

Ubuntu eoan (19.10) now carries php 7.3.8

no longer affects:	php7.3 (Ubuntu Bionic)
no longer affects:	php7.3 (Ubuntu Cosmic)
no longer affects:	php7.3 (Ubuntu Disco)
Changed in php7.3 (Ubuntu):
status:	New → Fix Released

Revision history for this message

Bryce Harrington (bryce) wrote on 2019-09-12:

#4

Disco carries:

php7.2 | 7.2.19-0ubuntu0.19.04.2 | disco-security | source, all

Changed in php7.2 (Ubuntu Disco):
status:	Confirmed → Fix Released

Revision history for this message

Bryce Harrington (bryce) wrote on 2019-09-12:

#5

Cosmic is past EOL

Changed in php7.2 (Ubuntu Cosmic):
status:	Confirmed → Invalid

Revision history for this message

Bryce Harrington (bryce) wrote on 2019-09-12:

#6

Bionic has:

php7.2 | 7.2.19-0ubuntu0.18.04.2 | bionic-security | source, all

Changed in php7.2 (Ubuntu Bionic):
status:	Confirmed → Fix Released

Revision history for this message

Bryce Harrington (bryce) wrote on 2019-09-12:

#7

Ubuntu Eoan (19.10) has moved to php7.3, however it had a sufficiently updated php7.2 already:

php7.2 | 7.2.19-0ubuntu1 | eoan | source, all

Changed in php7.2 (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.