Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

php7: security update to ^7.3.6 #1900

Closed
4 tasks done
KexyBiscuit opened this issue Jul 10, 2019 · 2 comments
Closed
4 tasks done

php7: security update to ^7.3.6 #1900

KexyBiscuit opened this issue Jul 10, 2019 · 2 comments
Assignees
@KexyBiscuit
Labels
security Topic/issue involves a security issue/fixed upgrade Topic/issue involves a package upgrade

Comments

@KexyBiscuit
Copy link
Member

KexyBiscuit commented Jul 10, 2019
edited by MingcongBai
Loading

CVE IDs: CVE-2019-11036, CVE-2019-11038, CVE-2019-11039, CVE-2019-11040

Other security advisory IDs: USN-4009-1, openSUSE-SU-2019:1572-1, openSUSE-SU-2019:1778-1

Descriptions:
Version 7.3.5, Version 7.3.6

Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG

Potential heap corruption in TSendMail()

Uninitialized read in gdImageCreateFromXbm

Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow

heap-buffer-overflow on php_jpg_get16

Bypassing open_basedir restrictions via file uris

Patches: N/A

PoC(s): N/A

Architectural progress:

  • AMD64 amd64
  • AArch64 arm64
  • ARMv7 armel
  • PowerPC 64-bit BE ppc64
@KexyBiscuit KexyBiscuit added upgrade Topic/issue involves a package upgrade security Topic/issue involves a security issue/fixed to-stable labels Jul 10, 2019
@KexyBiscuit KexyBiscuit added this to the Summer 2019 milestone Jul 10, 2019
@KexyBiscuit KexyBiscuit self-assigned this Jul 10, 2019
This was referenced Jul 10, 2019
Closed
Closed
MingcongBai added a commit that referenced this issue Jul 13, 2019
@MingcongBai
php7: update to 7.3.6; #1900
24ddd1d
@MingcongBai
Copy link
Member

All done. @l2dy Please assign an AOSA.

@MingcongBai MingcongBai added aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment and removed aosa-pending Pending AOSA (AOSC OS Security Advisory) assignment labels Apr 20, 2020
@MingcongBai
Copy link
Member

@l2dy Please disregard the AOSA request above. This is superseded by #1995.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@KexyBiscuit KexyBiscuit

Labels
security Topic/issue involves a security issue/fixed upgrade Topic/issue involves a package upgrade
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MingcongBai @KexyBiscuit