Package "php8.1-interbase"

Name:	php8.1-interbase
Description:	Interbase module for PHP
Latest version:	8.1.2-1ubuntu2.24
Release:	jammy (22.04)
Level:	security
Repository:	universe
Head package:	php8.1
Homepage:	http://www.php.net/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "php8.1-interbase"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "php8.1-interbase" in Jammy

Repository	Area	Version
base	universe	8.1.2-1ubuntu2
updates	universe	8.1.2-1ubuntu2.24

Changelog

Version: 8.1.2-1ubuntu2.24 2026-05-28 15:07:37 UTC

php8.1 (8.1.2-1ubuntu2.24) jammy-security; urgency=medium * SECURITY UPDATE: SQL injection in PDO Firebird driver - debian/patches/CVE-2025-14179.patch: GHSA-w476-322c-wpvm: [pdo_firebird] Fix SQL injection via NUL bytes in quoted strings in ext/pdo_firebird/firebird_driver.c, ext/pdo_firebird/tests/ghsa-w476-322c-wpvm.phpt. - CVE-2025-14179 * SECURITY UPDATE: use-after-free in SOAP extension - debian/patches/CVE-2026-6722.patch: GHSA-85c2-q967-79q5: [soap] Fix stale SOAP_GLOBAL(ref_map) pointer with Apache Map in ext/soap/php_encoding.c, ext/soap/tests/GHSA-85c2-q967-79q5.phpt. - CVE-2026-6722 * SECURITY UPDATE: XSS via incorrect sanitizationc - debian/patches/CVE-2026-6735-pre1.patch: Expose JSON internal function to escape string in ext/json/json.c, ext/json/json_encoder.c, ext/json/php_json.h, ext/json/php_json_encoder.h. - debian/patches/CVE-2026-6735-pre2.patch: Fix bug #64539: FPM status - query_string not properly JSON encoded in sapi/fpm/fpm/fpm_status.c, sapi/fpm/tests/bug64539-status-json-encoding.phpt, sapi/fpm/tests/response.inc, sapi/fpm/tests/tester.inc. - debian/patches/CVE-2026-6735.patch: GHSA-7qg2-v9fj-4mwv: [fpm] XSS within status endpoint in sapi/fpm/fpm/fpm_status.c, sapi/fpm/tests/ghsa-7qg2-v9fj-4mwv-status-xss.phpt. - CVE-2026-6735 * SECURITY UPDATE: null pointer dereference via encoding lists mismatch - debian/patches/CVE-2026-7259.patch: GHSA-wm6j-2649-pv75: [mbstring] Fix null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() in Zend/tests/GHSA-wm6j-2649-pv75.phpt, ext/mbstring/php_mbregex.c. - CVE-2026-7259 * SECURITY UPDATE: use-after-free in SOAP persistance handling - debian/patches/CVE-2026-7261.patch: GHSA-m33r-qmcv-p97q: [soap] Fix use- after-free after header parsing failure with SOAP_PERSISTENCE_SESSION in ext/soap/soap.c, ext/soap/tests/GHSA-m33r-qmcv-p97q.phpt. - CVE-2026-7261 * SECURITY UPDATE: null pointer dereference in SOAP decoding process - debian/patches/CVE-2026-7262.patch: GHSA-hmxp-6pc4-f3vv: [soap] Fix broken Apache map value NULL check in ext/soap/php_encoding.c, ext/soap/tests/GHSA-hmxp-6pc4-f3vv.phpt. - CVE-2026-7262 * SECURITY UPDATE: integer overflow in metaphone - debian/patches/CVE-2026-7568.patch: GHSA-96wq-48vp-hh57: [metaphone] Fix signed integer overflow of char array offset in ext/standard/metaphone.c, ext/standard/tests/GHSA-96wq-48vp-hh57.phpt. - CVE-2026-7568 -- Marc Deslauriers <email address hidden> Mon, 25 May 2026 11:08:06 -0400

Source diff to previous version

CVE-2025-14179	In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL
CVE-2026-6722	In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mech
CVE-2026-6735	In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows
CVE-2026-7259	In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma
CVE-2026-7261	In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAP_PERSIS
CVE-2026-7262	In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, t
CVE-2026-7568	In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metap

Version: 8.1.2-1ubuntu2.23 2026-01-12 09:07:45 UTC

php8.1 (8.1.2-1ubuntu2.23) jammy-security; urgency=medium * SECURITY UPDATE: Heap buffer overflow in array_merge() - debian/patches/CVE-2025-14178.patch: check number of elements in ext/standard/array.c - CVE-2025-14178 * SECURITY UPDATE: NULL pointer dereference in PDO quoting - debian/patches/CVE-2025-14180.patch: fix null pointer dereference in ext/pdo/pdo_sql_parser.re - CVE-2025-14180 -- Nishit Majithia <email address hidden> Wed, 07 Jan 2026 14:07:41 +0530

Source diff to previous version

CVE-2025-14178	In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs
CVE-2025-14180	In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL

Version: 8.1.2-1ubuntu2.22 2025-07-17 18:07:10 UTC

php8.1 (8.1.2-1ubuntu2.22) jammy-security; urgency=medium * SECURITY UPDATE: Null byte termination in hostnames - debian/patches/CVE-2025-1220.patch: check hostnames in ext/standard/fsock.c, ext/standard/tests/network/ghsa-3cr5-j632-f35r.phpt, ext/standard/tests/streams/ghsa-3cr5-j632-f35r.phpt, main/streams/xp_socket.c. - CVE-2025-1220 * SECURITY UPDATE: pgsql extension does not check for errors during escaping - debian/patches/CVE-2025-1735.patch: add error checks in ext/pdo_pgsql/pgsql_driver.c, ext/pdo_pgsql/tests/ghsa-hrwm-9436-5mv3.phpt, ext/pgsql/pgsql.c, ext/pgsql/tests/ghsa-hrwm-9436-5mv3.phpt. - CVE-2025-1735 * SECURITY UPDATE: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix - debian/patches/CVE-2025-6491.patch: handle large names in ext/soap/soap.c, ext/soap/tests/soap_qname_crash.phpt. - CVE-2025-6491 -- Marc Deslauriers <email address hidden> Tue, 15 Jul 2025 08:11:22 -0400

Source diff to previous version

CVE-2025-1220	In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation th
CVE-2025-1735	In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the under
CVE-2025-6491	In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly l

Version: 8.1.2-1ubuntu2.21 2025-03-31 23:07:21 UTC

php8.1 (8.1.2-1ubuntu2.21) jammy-security; urgency=medium * SECURITY UPDATE: Use after free - debian/patches/CVE-2024-11235.patch: fix incorrect live-range calculation in Zend/zend_opcode.c and add tests in Zend/tests/ghsa-rwp7-7vc6-8477_001.phpt, Zend/tests/ghsa-rwp7-7vc6-8477_002.phpt, Zend/tests/ghsa-rwp7-7vc6-8477_003.phpt. - CVE-2024-11235 * SECURITY UPDATE: Incorrect MIME type - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/http_fopen_wrapper.c and add tests in ests/http/ghsa-v8xr-gpvj-cx9g-001.phpt, tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt, tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt, tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt, tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt, tests/http/http_response_header_05.phpt. - CVE-2025-1217 * SECURITY UPDATE: Wrong content-type requesting a redirected resource - debian/patches/CVE-2025-1219.patch: fix in ext/libxml/mime_sniff.c. - CVE-2025-1219 * SECURITY UPDATE: Invalid header - debian/patches/CVE-2025-1734.patch: fix in ext/standard/http_fopen_wrapper.c and add tests in ext/standard/tests/http/bug47021.phpt, ext/standard/tests/http/bug75535.phpt, tests/http/ghsa-pcmh-g36c-qc44-001.phpt, tests/http/ghsa-pcmh-g36c-qc44-002.phpt. - CVE-2025-1734 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2025-1736.patch: httu user header check of crlf in ext/standard/http_fopen_wrapper.c and add tests in tests/http/ghsa-hgf5-96fm-v528-001.phpt, tests/http/ghsa-hgf5-96fm-v528-002.phpt, tests/http/ghsa-hgf5-96fm-v528-003.phpt. - CVE-2025-1736 * SECURITY UPDATE: Location truncation - debian/patches/CVE-2025-1861.patch: converts the allocation of location to be on heap instead of stack in ext/standard/http_fopen_wrapper.c and add tests in tests/http/ghsa-52jp-hrpf-2jff-001.phpt, tests/http/ghsa-52jp-hrpf-2jff-002.phpt. - CVE-2025-1861 * debian/patches/0001-Fix-GH-16955-Use-empheral-ports-for-OpenSSL-server-c.patch added in order to fix all the tests added in the CVE above. -- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 Mar 2025 16:04:23 -0300

Source diff to previous version

CVE-2025-1217	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP re
CVE-2025-1219	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using t
CVE-2025-1734	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server
CVE-2025-1736	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, th
CVE-2025-1861	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the respo

Version: 8.1.2-1ubuntu2.20 2024-12-12 23:07:07 UTC

php8.1 (8.1.2-1ubuntu2.20) jammy-security; urgency=medium * SECURITY UPDATE: Buffer over read - debian/patches/CVE-2024-11233.patch: re arrange bound check code in ext/standard/filters.c, ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt. - CVE-2024-11233 * SECURITY UPDATE: HTTP request smuggling - debian/patches/CVE-2024-11234.patch: avoiding fulluri CRLF injection in ext/standard/http_fopen_wrapper.c. .../tests/http/ghsa-c5f2-jwm7-mmq2.phpt. - CVE-2024-11234 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2024-11236-1.patch: adding an extralen check to avoid integer overflow in ext/pdo_dblib/dblib_driver.c, ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt. - debian/patches/CVE-2024-11236-2.patch: change qcount to size_t in order to avoid integer overflow and adding checks in ext/pdo_firebird/firebird_driver.c. - CVE-2024-11236 * SECURITY UPDATE: Heap buffer over-reads - debian/patches/CVE-2024-8929.patch: fix buffer over-reads in ext/mysqlnd/mysqlnd_ps_codec.c, ext/mysqlnd/mysqlnd_wireprotocol.c, and create some phpt tests. - CVE-2024-8929 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2024-8932.patch: fix OOB in access in ldap_escape in ext/ldap/ldap.c, ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt, ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt. - CVE-2024-8932 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 03 Dec 2024 17:14:35 -0300

CVE-2024-11233	In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data
CVE-2024-11234	In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option,
CVE-2024-11236	In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit sy
CVE-2024-8929	In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of
CVE-2024-8932	In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit sy

About - Send Feedback to @ubuntu_updates

Package "php8.1-interbase"

Links

Download "php8.1-interbase"

Other versions of "php8.1-interbase" in Jammy

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates