Context Navigation

← Previous Ticket
Next Ticket →

#17654 closed enhancement (fixed)

php-8.2.3

Reported by:	Douglas R. Reno	Owned by:	Douglas R. Reno
Priority:	high	Milestone:	11.3
Component:	BOOK	Version:	git
Severity:	normal	Keywords:
Cc:

Description ¶

New point version

Change History (3)

comment:1 by Douglas R. Reno, 2 years ago

Priority:	normal → high

There appear to be three security fixes in this version:

Core:

Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567) Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)

SAPI:

Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)

Because of the password_verify vulnerabilty, I'm going to mark this as highest priority

comment:2 by Douglas R. Reno, 2 years ago

Owner:	changed from blfs-book to Douglas R. Reno
Status:	new → assigned

I'll take this, but I won't be able to get to it until tomorrow because there are a lot of other dependencies that will need to be installed (such as MariaDB, PostgreSQL, etc.)

comment:3 by Douglas R. Reno, 2 years ago

Resolution:	→ fixed
Status:	assigned → closed

Fixed at 3c8c8b2a935391c1a2068b2af626c309f8650585

Note: See TracTickets for help on using tickets.

Download in other formats: