Opened 3 months ago

Closed 3 months ago

#20683 closed enhancement (fixed)

php-8.4.1

Reported by: Bruce Dubbs Owned by: Bruce Dubbs
Priority: high Milestone: 12.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New minor version.

Change History (4)

comment:1 by Bruce Dubbs, 3 months ago

Owner: changed from blfs-book to Bruce Dubbs
Status: newassigned

comment:2 by Douglas R. Reno, 3 months ago

Priority: normalhigh

This contains the same security fixes for PHP that were included in 8.3.14 (which also came out yesterday).

These fixes are:

  • Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).
  • Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
  • Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
  • Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
  • Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
  • Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
  • Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)

comment:3 by Bruce Dubbs, 3 months ago

Fixed at commit 3e9719cc5e. Holding open for security advisory.

comment:4 by Douglas R. Reno, 3 months ago

Resolution: fixed
Status: assignedclosed

SA-12.2-045 issued

Note: See TracTickets for help on using tickets.