Opened 3 years ago

Closed 3 years ago

Last modified 3 years ago

#15232 closed enhancement (fixed)

php-8.0.8

Reported by: Douglas R. Reno Owned by: Douglas R. Reno
Priority: elevated Milestone: 11.0
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version, described as a "security release"

Change History (4)

comment:1 by Douglas R. Reno, 3 years ago

Owner: changed from blfs-book to Douglas R. Reno
Status: newassigned

comment:2 by Douglas R. Reno, 3 years ago 

Version 8.0.8
01 Jul 2021

    Core:
        Fixed bug #81076 (incorrect debug info on Closures with implicit binds).
        Fixed bug #81068 (Double free in realpath_cache_clean()).
        Fixed bug #76359 (open_basedir bypass through adding "..").
        Fixed bug #81090 (Typed property performance degradation with .= operator).
        Fixed bug #81070 (Integer underflow in memory limit comparison).
        Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)
    Bzip2:
        Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).
    Fileinfo:
        Fixed bug #80197 (implicit declaration of function 'magic_stream' is invalid).
    GMP:
        Fixed bug #81119 (GMP operators throw errors with wrong parameter names).
    OCI8:
        Fixed bug #81088 (error in regression test for oci_fetch_object() and oci_fetch_array()).
    Opcache:
        Fixed bug #81051 (Broken property type handling after incrementing reference).
        Fixed bug #80968 (JIT segfault with return from required file).
    OpenSSL:
        Fixed bug #76694 (native Windows cert verification uses CN as sever name).
    MySQLnd:
        Fixed bug #80761 (PDO uses too much memory).
    PDO_Firebird:
        Fixed bug #76448 (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)
        Fixed bug #76449 (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)
        Fixed bug #76450 (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)
        Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)
    readline:
        Fixed bug #72998 (invalid read in readline completion).
    Standard:
        Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
        Fixed bug #77627 (method_exists on Closure::__invoke inconsistency).
    Windows:
        Fixed bug #81120 (PGO data for main PHP DLL are not used).

The security fixes include CVE-2021-21704 and CVE-2021-21705

comment:3 by Douglas R. Reno, 3 years ago

Resolution: fixed
Status: assignedclosed

Fixed at df1672cda27e8bc33a78f687c1eec360fe7cb26b

comment:4 by Bruce Dubbs, 3 years ago

Milestone: 10.211.0

Milestone renamed

Note: See TracTickets for help on using tickets.