#16136 closed enhancement (fixed)
php-8.1.3
| Reported by: | Douglas R. Reno | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.1 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
Not tagged yet (that I can see), and even if it was, security fix for CVE-2021-21708 in the "Filter" component
Change History (4)
comment:1 by , 2 years ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 2 years ago
comment:3 by , 2 years ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:4 by , 2 years ago
I'll do the SA for this with the others I have once I'm done with Thunderbird and WebKit.
Note:
See TracTickets
for help on using tickets.
Version 8.1.3 17 Feb 2022 Core: Fixed bug #81430 (Attribute instantiation leaves dangling pointer). Fixed bug #7896 (Environment vars may be mangled on Windows). Fixed bug #7883 (Segfault when INI file is not readable). FFI: Fixed bug #7867 (FFI::cast() from pointer to array is broken). Filter: Fix #81708: UAF due to php_filter_float() failing for ints. (CVE-2021-21708) FPM: Fixed memory leak on invalid port. Fixed bug #7842 (Invalid OpenMetrics response format returned by FPM status page. MBString: Fixed bug #7902 (mb_send_mail may delimit headers with LF only). MySQLnd: Fixed bug #7972 (MariaDB version prefix 5.5.5- is not stripped). pcntl: Fixed pcntl_rfork build for DragonFlyBSD. Sockets: Fixed bug #7978 (sockets extension compilation errors). Standard: Fixed bug #7899 (Regression in unpack for negative int value). Fixed bug #7875 (mails are sent even if failure to log throws exception).CVE-2021-21708 has an article by Sophos here: https://nakedsecurity.sophos.com/2022/02/18/irony-alert-php-fixes-security-flaw-in-input-validation-code/