#20449 closed enhancement (fixed)
php-8.3.12
| Reported by: | Bruce Dubbs | Owned by: | Bruce Dubbs |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New point version.
Change History (7)
comment:1 by , 6 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 6 months ago
comment:3 by , 6 months ago
- Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)
- Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)
comment:4 by , 6 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at commits
253ae3ffd8 Update to LibRaw-0.21.3. a67b4d72a3 Update to bluefish-2.2.16. e25267094d Update to git-2.46.2. dabc860d61 Update to fribidi-1.0.16. ac4cf9a4eb Update to glslang-15.0.0. 3a910c72d2 Update to php-8.3.12. 84e1f8f4da Update to qt6 and QtWebEngine-6.7.3
comment:5 by , 6 months ago
We've also got two more security fixes here beyond the CGI fixes:
FPM:
- Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)
SAPI:
- Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)
comment:6 by , 6 months ago
| Priority: | normal → elevated |
|---|
CVE-2024-9026 and CVE-2024-8925 are rated Low
CVE-2024-8927 is rated Moderate
CVE-2024-8926 is Windows specific
Note:
See TracTickets
for help on using tickets.
Release notes are at https://www.php.net/ChangeLog-8.php