Package "php7.2"
| Name: |
php7.2
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- HTML-embedded scripting language (Embedded SAPI library)
- Bcmath module for PHP
- bzip2 module for PHP
- DBA module for PHP
|
| Latest version: |
7.2.24-0ubuntu0.18.04.6 |
| Release: |
bionic (18.04) |
| Level: |
security |
| Repository: |
universe |
Links
Other versions of "php7.2" in Bionic
Packages in group
Deleted packages are displayed in grey.
Changelog
|
php7.2 (7.2.24-0ubuntu0.18.04.6) bionic-security; urgency=medium
* SECURITY UPDATE: Denial of service through oversized memory allocated
- debian/patches/CVE-2019-11048.patch: changes types int to size_t
in main/rfc1867.c.
- CVE-2019-11048
-- <email address hidden> (Leonidas S. Barbosa) Tue, 26 May 2020 10:09:11 -0300
|
| Source diff to previous version |
| CVE-2019-11048 |
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or |
|
|
php7.2 (7.2.24-0ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UDPATE: Null dereference pointer
- debian/patches/CVE-2020-7062.patch: avoid null dereference in
ext/session/session.c.
- CVE-2020-7062
* SECURITY UPDATE: Lax permissions on files added to tar with Phar
- debian/patches/CVE-2020-7063.patch: enforce correct permissions
for files add to tar with Phar in ext/phar/phar_object.c,
ext/phar/tests/bug79082.phpt, ext/phar/tests/test79082*.
- CVE-2020-7063
* SECURITY UPDATE: Read one byte of uninitialized memory
- debian/patches/CVE-2020-7064.patch: check length in
exif_process_TIFF_in_JPEG to avoid read uninitialized memory
ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
- debian/patches/Fix_test_bug79282.patch: fix test in
ext/exif/tests/bug79282.phpt.
- CVE-2020-7064
* SECURITY UPDATE: Truncated url due \0
- debian/patches/CVE-2020-7066.patch: check for get_headers
not accepting \0 in ext/standard/url.c.
- CVE-2020-7066
-- <email address hidden> (Leonidas S. Barbosa) Wed, 08 Apr 2020 12:45:57 -0300
|
| Source diff to previous version |
| CVE-2020-7062 |
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is en |
| CVE-2020-7063 |
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function |
| CVE-2020-7064 |
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible |
| CVE-2020-7066 |
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user-supplied URL, if the URL contains z |
|
|
php7.2 (7.2.24-0ubuntu0.18.04.3) bionic-security; urgency=medium
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2020-7059.patch: fix OOB read in
php_strip_tags_ex in ext/standard/string.c and added test
ext/standard/tests/file/bug79099.phpt.
- CVE-2020-7059
* SECURITY UPDATE: Buffer-overflow
- debian/patches/CVE-2020-7060.patch: fix adding a check function
is_in_cp950_pua in ext/mbstring/libmbfl/filters/mbfilter_big5.c
and added test ext/mbstring/tests/bug79037.phpt.
- CVE-2020-7060
-- <email address hidden> (Leonidas S. Barbosa) Tue, 11 Feb 2020 12:55:52 -0300
|
| Source diff to previous version |
| CVE-2020-7059 |
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is pos |
| CVE-2020-7060 |
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it |
|
|
php7.2 (7.2.24-0ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: silently truncates
a class after a null byte
- debian/patches/CVE-2019-11045.patch: not accept
arbitrary strings in ext/spl/spl_directory.c,
ext/spl/tests/bug78863.phpt.
- CVE-2019-11045
* SECURITY UPDATE: Buffer underflow
- debian/patches/CVE-2019-11046.patch: not rely on `isdigit()`
to detect digits in ext/bcmath/libbcmath/src/str2num.c,
ext/bcmath/tests/bug78878.phpt.
- CVE-2019-11046
* SECURITY UPDATE: Heap-buffer-overflow
- debian/patches/CVE-2019-11047.patch: fix in ext/exif/exif.c,
ext/exif/tests/bug78910.phpt.
- CVE-2019-11047
* SECURITY UPDATE: Use-after-free
- debian/patches/CVE-2019-11050.patch: fix in
ext/exif/exif.c, ext/exif/tests/bug78793.phpt.
- CVE-2019-11050
-- <email address hidden> (Leonidas S. Barbosa) Mon, 13 Jan 2020 15:39:59 -0300
|
| Source diff to previous version |
| CVE-2019-11045 |
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them |
| CVE-2019-11046 |
In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP bcmath extension functions on some systems, including Windows, can be tricked i |
| CVE-2019-11047 |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x belo |
| CVE-2019-11050 |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.2.x below 7.2.26, 7.3.x belo |
|
|
php7.2 (7.2.24-0ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: updated to 7.2.24 to fix security issue
- CVE-2019-11043
* Rebased patches:
- debian/patches/0022-lp564920-fix-big-files.patch
* Removed patches no longer required:
- debian/patches/CVE-2019-11041.patch
- debian/patches/CVE-2019-11042.patch
-- Marc Deslauriers <email address hidden> Mon, 28 Oct 2019 08:07:07 -0400
|
| CVE-2019-11041 |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x belo |
| CVE-2019-11042 |
When PHP EXIF extension is parsing EXIF information from an image, e.g. via exif_read_data() function, in PHP versions 7.1.x below 7.1.31, 7.2.x belo |
|
About
-
Send Feedback to @ubuntu_updates
