Package "php8.3-mbstring"

Name:	php8.3-mbstring
Description:	MBSTRING module for PHP
Latest version:	8.3.11-0ubuntu0.24.10.5
Release:	oracular (24.10)
Level:	updates
Repository:	main
Head package:	php8.3
Homepage:	http://www.php.net/

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Download "php8.3-mbstring"

32-bit deb package

64-bit deb package

APT INSTALL

Other versions of "php8.3-mbstring" in Oracular

Repository	Area	Version
base	main	8.3.11-0ubuntu0.24.10.2
security	main	8.3.11-0ubuntu0.24.10.5

Changelog

Version: 8.3.11-0ubuntu0.24.10.5 2025-04-01 04:07:18 UTC

php8.3 (8.3.11-0ubuntu0.24.10.5) oracular-security; urgency=medium * SECURITY UPDATE: Use after free - debian/patches/CVE-2024-11235.patch: fix incorrect live-range calculation in Zend/zend_opcode.c and add tests in Zend/tests/ghsa-rwp7-7vc6-8477_001.phpti, Zend/tests/ghsa-rwp7-7vc6-8477_002.phpt, Zend/tests/ghsa-rwp7-7vc6-8477_003.phpt. - CVE-2024-11235 * SECURITY UPDATE: Incorrect MIME type - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/http_fopen_wrapper.c and add tests in ests/http/ghsa-v8xr-gpvj-cx9g-001.phpt, tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt, tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt, tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt, tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt, tests/http/http_response_header_05.phpt. - CVE-2025-1217 * SECURITY UPDATE: Wrong content-type requesting a redirected resource - debian/patches/CVE-2025-1219.patch: fix in ext/libxml/mime_sniff.c. - CVE-2025-1219 * SECURITY UPDATE: Invalid header - debian/patches/CVE-2025-1734.patch: fix in ext/standard/http_fopen_wrapper.c and add tests in ext/standard/tests/http/bug47021.phpt, ext/standard/tests/http/bug75535.phpt, tests/http/ghsa-pcmh-g36c-qc44-001.phpt, tests/http/ghsa-pcmh-g36c-qc44-002.phpt. - CVE-2025-1734 * SECURITY UPDATE: Denial of service - debian/patches/CVE-2025-1736.patch: httu user header check of crlf in ext/standard/http_fopen_wrapper.c and add tests in tests/http/ghsa-hgf5-96fm-v528-001.phpt, tests/http/ghsa-hgf5-96fm-v528-002.phpt, tests/http/ghsa-hgf5-96fm-v528-003.phpt. - CVE-2025-1736 * SECURITY UPDATE: Location truncation - debian/patches/CVE-2025-1861.patch: converts the allocation of location to be on heap instead of stack in ext/standard/http_fopen_wrapper.c and add tests in tests/http/ghsa-52jp-hrpf-2jff-001.phpt, tests/http/ghsa-52jp-hrpf-2jff-002.phpt. - CVE-2025-1861 * debian/patches/0001-Fix-GH-16955-Use-empheral-ports-for-OpenSSL-server-c.patch added in order to fix all the tests added in the CVE above. -- Leonidas Da Silva Barbosa <email address hidden> Tue, 18 Mar 2025 16:13:26 -0300

Source diff to previous version

CVE-2025-1217	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP re
CVE-2025-1219	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using t
CVE-2025-1734	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server
CVE-2025-1736	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, th
CVE-2025-1861	In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the respo

Version: 8.3.11-0ubuntu0.24.10.4 2024-12-13 20:07:06 UTC

php8.3 (8.3.11-0ubuntu0.24.10.4) oracular-security; urgency=medium * SECURITY UPDATE: Buffer over read - debian/patches/CVE-2024-11233.patch: re arrange bound check code in ext/standard/filters.c, ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt. - CVE-2024-11233 * SECURITY UPDATE: HTTP request smuggling - debian/patches/CVE-2024-11234.patch: avoiding fulluri CRLF injection in ext/standard/http_fopen_wrapper.c. .../tests/http/ghsa-c5f2-jwm7-mmq2.phpt. - CVE-2024-11234 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2024-11236-1.patch: adding an extralen check to avoid integer overflow in ext/pdo_dblib/dblib_driver.c, ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt. - debian/patches/CVE-2024-11236-2.patch: change qcount to size_t in order to avoid integer overflow and adding checks in ext/pdo_firebird/firebird_driver.c. - CVE-2024-11236 * SECURITY UPDATE: Heap buffer over-reads - debian/patches/CVE-2024-8929.patch: fix buffer over-reads in ext/mysqlnd/mysqlnd_ps_codec.c, ext/mysqlnd/mysqlnd_wireprotocol.c, and create some phpt tests. - CVE-2024-8929 * SECURITY UPDATE: Integer overflow - debian/patches/CVE-2024-8932.patch: fix OOB in access in ldap_escape in ext/ldap/ldap.c, ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt, ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt. - CVE-2024-8932 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 02 Dec 2024 13:10:33 -0300

CVE-2024-11233	In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data
CVE-2024-11234	In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option,
CVE-2024-11236	In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit sy
CVE-2024-8929	In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of
CVE-2024-8932	In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit sy

About - Send Feedback to @ubuntu_updates

Package "php8.3-mbstring"

Links

Download "php8.3-mbstring"

Other versions of "php8.3-mbstring" in Oracular

Changelog

Share this page

Bookmarks

Latest updates

proposed

PPA updates