-
php7.4 (7.4.9-1ubuntu1.2) groovy-security; urgency=medium
* SECURITY UPDATE: incorrect URL validation
- debian/patches/CVE-2020-7071-1.patch: make sure userinfo is valid
according to RFC 3986 in ext/filter/tests/bug77423.phpt,
ext/standard/url.c.
- debian/patches/CVE-2020-7071-2.patch: revert previous fix and use a
better one in ext/filter/logical_filters.c,
ext/filter/tests/bug77423.phpt, ext/standard/url.c.
- debian/patches/CVE-2020-7071-3.patch: remove unneeded function in
ext/standard/url.c.
- CVE-2020-7071
* SECURITY UPDATE: crash via malformed XML data in SOAP extension
- debian/patches/CVE-2021-21702-1.patch: check strings in
ext/soap/php_sdl.c, ext/soap/php_xml.c, ext/soap/tests/bug80672.phpt,
ext/soap/tests/bug80672.xml.
- debian/patches/CVE-2021-21702-2.patch: fix compiler warning in
ext/soap/php_sdl.c.
- CVE-2021-21702
* SECURITY UPDATE: multiple issues in the pdo_firebase module
- debian/patches/CVE-2021-21704-1.patch: prevent overflow in
ext/pdo_firebird/firebird_statement.c.
- debian/patches/CVE-2021-21704-2.patch: verify result_size in
ext/pdo_firebird/firebird_statement.c.
- debian/patches/CVE-2021-21704-3.patch: verify result_size in
ext/pdo_firebird/firebird_driver.c.
- debian/patches/CVE-2021-21704-4.patch: don't overflow stack in
ext/pdo_firebird/firebird_driver.c.
- CVE-2021-21704
* SECURITY UPDATE: SSRF bypass
- debian/patches/CVE-2021-21705.patch: check password in
ext/filter/logical_filters.c, ext/filter/tests/bug81122.phpt.
- debian/patches/CVE-2021-21705-2.patch: fix compiler warning in
ext/filter/logical_filters.c.
- CVE-2021-21705
-- Marc Deslauriers <email address hidden> Mon, 05 Jul 2021 09:33:00 -0400
-
php7.4 (7.4.9-1ubuntu1.1) groovy-security; urgency=medium
* SECURITY UPDATE: Incorrect encryption data
- debian/patches/CVE-2020-7069.patch: fix wrong ciphertext/tag
in AES-CCM encryption for a 12 bytes IV in ext/openssl/openssl.c,
ext/openssl/tests/cipher_tests.inc, ext/openssl/openssl_*_ccm.phpt.
- CVE-2020-7069
* SECURITY UPDATE: Possibly forge cookie
- debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore
in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt,
tests/basic/bug79699.phpt.
- CVE-2020-7070
-- <email address hidden> (Leonidas S. Barbosa) Mon, 26 Oct 2020 12:17:14 -0300
-
php7.4 (7.4.9-1ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control, d/control.in: Conflict with mod-php from php7.2 and
php7.3 to ensure safe upgrade path for apache2.
(LP #1850933)
- libapache2-mod-php.postinst.extra: Disable other mod-php versions.
Fixes failure when upgrading from previous versions of mod-php.
(LP 1865218)
* Dropped:
- SECURITY UPDATE: Denial of service through oversized memory allocated
+ debian/patches/CVE-2019-11048.patch: changes types int to size_t
in main/rfc1867.c.
+ CVE-2019-11048
[Fixed in 7.4.6]
-- Bryce Harrington <email address hidden> Fri, 21 Aug 2020 16:31:19 -0700
-
php7.4 (7.4.5-1ubuntu3) groovy; urgency=medium
* No change rebuild against new libffi ABI.
-- Dimitri John Ledkov <email address hidden> Thu, 20 Aug 2020 13:42:12 +0100
-
php7.4 (7.4.5-1ubuntu2) groovy; urgency=medium
* No-change rebuild against libicu67
-- Steve Langasek <email address hidden> Tue, 28 Jul 2020 16:14:33 +0000
-
php7.4 (7.4.5-1ubuntu1) groovy; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control, d/control.in: Conflict with mod-php from php7.2 and
php7.3 to ensure safe upgrade path for apache2.
(Fixes LP #1850933)
- libapache2-mod-php.postinst.extra: Disable other mod-php versions.
Fixes failure when upgrading from previous versions of mod-php.
(LP 1865218)
- SECURITY UPDATE: Denial of service through oversized memory allocated
+ debian/patches/CVE-2019-11048.patch: changes types int to size_t
in main/rfc1867.c.
+ CVE-2019-11048
* Fixes from upstream included in merge:
- Content-Length missing when posting a curlFile with curl
(LP: #1887826)
* Dropped:
- SECURITY UPDATE: Read one byte of uninitialized memory
+ debian/patches/CVE-2020-7064.patch: check length in
exif_process_TIFF_in_JPEG to avoid read uninitialized memory
ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
+ CVE-2020-7064
[Fixed in 7.4.5-1]
- SECURITY UPDATE: Memory corruption, crash and potentially code execution
+ debian/patches/CVE-2020-7065.patch: make sure that negative values are
properly compared in ext/mbstring/php_unicode.c,
ext/mbstring/tests/bug70371.phpt.
+ CVE-2020-7065
[Fixed in 7.4.5-1]
- SECURITY UPDATE: Truncated url due \0
+ debian/patches/CVE-2020-7066.patch: check for get_headers
not accepting \0 in ext/standard/url.c.
+ CVE-2020-7066
[Fixed in 7.4.5-1]
-- Bryce Harrington <email address hidden> Thu, 16 Jul 2020 13:20:11 -0700
-
php7.4 (7.4.3-4ubuntu4) groovy; urgency=medium
* SECURITY UPDATE: Denial of service through oversized memory allocated
- debian/patches/CVE-2019-11048.patch: changes types int to size_t
in main/rfc1867.c.
- CVE-2019-11048
-- <email address hidden> (Leonidas S. Barbosa) Mon, 25 May 2020 09:41:37 -0300
-
php7.4 (7.4.3-4ubuntu3) groovy; urgency=medium
* libapache2-mod-php.postinst.extra: Disable other mod-php versions.
Fixes failure when upgrading from previous versions of mod-php.
(LP: #1865218)
-- Bryce Harrington <email address hidden> Tue, 21 Apr 2020 23:04:30 +0000
-
php7.4 (7.4.3-4ubuntu2) focal; urgency=medium
* SECURITY UPDATE: Read one byte of uninitialized memory
- debian/patches/CVE-2020-7064.patch: check length in
exif_process_TIFF_in_JPEG to avoid read uninitialized memory
ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
- CVE-2020-7064
* SECURITY UPDATE: Memory corruption, crash and potentially code execution
- debian/patches/CVE-2020-7065.patch: make sure that negative values are
properly compared in ext/mbstring/php_unicode.c,
ext/mbstring/tests/bug70371.phpt.
- CVE-2020-7065
* SECURITY UPDATE: Truncated url due \0
- debian/patches/CVE-2020-7066.patch: check for get_headers
not accepting \0 in ext/standard/url.c.
- CVE-2020-7066
-- <email address hidden> (Leonidas S. Barbosa) Mon, 13 Apr 2020 09:32:06 -0300
-
php7.4 (7.4.3-4ubuntu1) focal; urgency=medium
* d/control, d/control.in: Conflict with mod-php from php7.2 and
php7.3 to ensure safe upgrade path for apache2.
(Fixes LP: #1850933)
-- Bryce Harrington <email address hidden> Thu, 26 Mar 2020 20:24:23 +0000