UbuntuUpdates.org

Package "php7.0-gmp"

Name: php7.0-gmp

Description:

GMP module for PHP

Latest version: 7.0.33-0ubuntu0.16.04.16
Release: xenial (16.04)
Level: updates
Repository: main
Head package: php7.0
Homepage: http://www.php.net/

Links


Download "php7.0-gmp"


Other versions of "php7.0-gmp" in Xenial

Repository Area Version
base main 7.0.4-7ubuntu2
security main 7.0.33-0ubuntu0.16.04.16

Changelog

Version: 7.0.33-0ubuntu0.16.04.16 2020-10-14 20:07:04 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.16) xenial-security; urgency=medium

  * SECURITY UPDATE: Possibly forge cookie
    - debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore
      in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt,
      tests/basic/bug79699.phpt.
    - CVE-2020-7070

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 07 Oct 2020 14:47:16 -0300

Source diff to previous version
CVE-2020-7070 In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names a

Version: 7.0.33-0ubuntu0.16.04.15 2020-05-27 20:06:36 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.15) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service through oversized memory allocated
    - debian/patches/CVE-2019-11048.patch: changes types int to size_t
      in main/rfc1867.c.
    - CVE-2019-11048

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 26 May 2020 10:52:55 -0300

Source diff to previous version
CVE-2019-11048 In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or

Version: 7.0.33-0ubuntu0.16.04.14 2020-04-15 16:06:58 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.14) xenial-security; urgency=medium

  * SECURITY UDPATE: Null dereference pointer
    - debian/patches/CVE-2020-7062.patch: avoid null dereference in
      ext/session/session.c, ext/session/tests/bug79221.phpt.
    - CVE-2020-7062
  * SECURITY UPDATE: Lax permissions on files added to tar with Phar
    - debian/patches/CVE-2020-7063.patch: enforce correct permissions
      for files add to tar with Phar in ext/phar/phar_object.c,
      ext/phar/tests/bug79082.phpt, ext/phar/tests/test79082*.
    - CVE-2020-7063
  * SECURITY UPDATE: Read one byte of uninitialized memory
    - debian/patches/CVE-2020-7064.patch: check length in
      exif_process_TIFF_in_JPEG to avoid read uninitialized memory
      ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
    - debian/patches/0001-Fix-test-bug79282.patch: fix test in
      ext/exif/tests/bug79282.phpt.
    - CVE-2020-7064
  * SECURITY UPDATE: Truncated url due \0
    - debian/patches/CVE-2020-7066.patch: check for get_headers
      not accepting \0 in ext/standard/url.c.
    - CVE-2020-7066

 -- <email address hidden> (Leonidas S. Barbosa) Thu, 09 Apr 2020 11:27:04 -0300

Source diff to previous version
CVE-2020-7062 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is en
CVE-2020-7063 In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function
CVE-2020-7064 In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible
CVE-2020-7066 In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user-supplied URL, if the URL contains z

Version: 7.0.33-0ubuntu0.16.04.12 2020-02-19 19:06:27 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.12) xenial-security; urgency=medium

  * SECURITY REGRESSION: fpm patch for CVE-2015-9253
    caused a regression OOM
    - removing CVE-2015-9253.patch.

 -- <email address hidden> (Leonidas S. Barbosa) Wed, 19 Feb 2020 10:47:31 -0300

Source diff to previous version
CVE-2015-9253 An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process i

Version: 7.0.33-0ubuntu0.16.04.11 2020-02-17 21:06:25 UTC

  php7.0 (7.0.33-0ubuntu0.16.04.11) xenial-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2015-9253.patch: directly listen
      on socket, instead duping it to STDIN in
      sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm_stdio.c,
      and added tests to sapi/fpm/tests/bug73342-nonblocking-stdio.phpt.
    - CVE-2015-9253
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-7059.patch: fix OOB read in
      php_strip_tags_ex in ext/standard/string.c and added test
      ext/standard/tests/file/bug79099.phpt.
    - CVE-2020-7059
  * SECURITY UPDATE: Buffer-overflow
    - debian/patches/CVE-2020-7060.patch: fix adding a check function
      is_in_cp950_pua in ext/mbstring/libmbfl/filters/mbfilter_big5.c
      and added test ext/mbstring/tests/bug79037.phpt.
    - CVE-2020-7060

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 11 Feb 2020 12:42:36 -0300

CVE-2015-9253 An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process i
CVE-2020-7059 When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is pos
CVE-2020-7060 When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it



About   -   Send Feedback to @ubuntu_updates