Package "php7.2"
| Name: |
php7.2
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- HTML-embedded scripting language (Embedded SAPI library)
- Bcmath module for PHP
- bzip2 module for PHP
- DBA module for PHP
|
| Latest version: |
7.2.24-0ubuntu0.18.04.3 |
| Release: |
bionic (18.04) |
| Level: |
security |
| Repository: |
universe |
Links
Save this URL for the latest version of "php7.2":
https://www.ubuntuupdates.org/php7.2
Other versions of "php7.2" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
|
php7.2 (7.2.24-0ubuntu0.18.04.3) bionic-security; urgency=medium
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2020-7059.patch: fix OOB read in
php_strip_tags_ex in ext/standard/string.c and added test
ext/standard/tests/file/bug79099.phpt.
- CVE-2020-7059
* SECURITY UPDATE: Buffer-overflow
- debian/patches/CVE-2020-7060.patch: fix adding a check function
is_in_cp950_pua in ext/mbstring/libmbfl/filters/mbfilter_big5.c
and added test ext/mbstring/tests/bug79037.phpt.
- CVE-2020-7060
-- <email address hidden> (Leonidas S. Barbosa) Tue, 11 Feb 2020 12:55:52 -0300
|
| Source diff to previous version |
| CVE-2020-7059 |
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is pos |
| CVE-2020-7060 |
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it |
|
|
php7.2 (7.2.24-0ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: silently truncates
a class after a null byte
- debian/patches/CVE-2019-11045.patch: not accept
arbitrary strings in ext/spl/spl_directory.c,
ext/spl/tests/bug78863.phpt.
- CVE-2019-11045
* SECURITY UPDATE: Buffer underflow
- debian/patches/CVE-2019-11046.patch: not rely on `isdigit()`
to detect digits in ext/bcmath/libbcmath/src/str2num.c,
ext/bcmath/tests/bug78878.phpt.
- CVE-2019-11046
* SECURITY UPDATE: Heap-buffer-overflow
- debian/patches/CVE-2019-11047.patch: fix in ext/exif/exif.c,
ext/exif/tests/bug78910.phpt.
- CVE-2019-11047
* SECURITY UPDATE: Use-after-free
- debian/patches/CVE-2019-11050.patch: fix in
ext/exif/exif.c, ext/exif/tests/bug78793.phpt.
- CVE-2019-11050
-- <email address hidden> (Leonidas S. Barbosa) Mon, 13 Jan 2020 15:39:59 -0300
|
| Source diff to previous version |
| CVE-2019-11045 |
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them |
| CVE-2019-11046 |
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked i |
| CVE-2019-11047 |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x belo |
| CVE-2019-11050 |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x belo |
|
|
php7.2 (7.2.24-0ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: updated to 7.2.24 to fix security issue
- CVE-2019-11043
* Rebased patches:
- debian/patches/0022-lp564920-fix-big-files.patch
* Removed patches no longer required:
- debian/patches/CVE-2019-11041.patch
- debian/patches/CVE-2019-11042.patch
-- Marc Deslauriers <email address hidden> Mon, 28 Oct 2019 08:07:07 -0400
|
| Source diff to previous version |
| CVE-2019-11041 |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x belo |
| CVE-2019-11042 |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x belo |
|
|
php7.2 (7.2.19-0ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: Heap-buffer-overflow
- debian/patches/CVE-2019-11041.patch: check Thumbnail.size in order
to avoid an overflow in ext/exif.exif.c and adding test to
ext/exif/tests/bug78222.phpt.
- CVE-2019-11041
* SECURITY UPDATE: Heap-buffer-overflow
- debian/patches/CVE-2019-11042.patch: check ByteCount in order to
avoid an overflow in ext/exif/exif.c and adding tests to
ext/exif/tests/bug78256.phpt.
- CVE-2019-11042
-- <email address hidden> (Leonidas S. Barbosa) Mon, 12 Aug 2019 16:34:28 -0300
|
| Source diff to previous version |
| CVE-2019-11041 |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x belo |
| CVE-2019-11042 |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x belo |
|
|
php7.2 (7.2.19-0ubuntu0.18.04.1) bionic-security; urgency=medium
* Updated to 7.2.19 to fix multiple security issues.
- CVE-2019-11036
- CVE-2019-11039
- CVE-2019-11040
* Refreshed patches:
- debian/patches/0039-hack-phpdbg-to-explicitly-link-with-libedit.patch
-- Marc Deslauriers <email address hidden> Tue, 04 Jun 2019 10:48:12 -0400
|
| CVE-2019-11036 |
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.29, 7.2.x below 7.2.18 and 7.3.x below 7.3.5 can be caused to read past |
| CVE-2019-11039 |
Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow |
| CVE-2019-11040 |
heap-buffer-overflow on php_jpg_get16 |
|
About
-
Send Feedback to @ubuntu_updates
