php8.1 (8.1.2-1ubuntu2.20) jammy-security; urgency=medium
* SECURITY UPDATE: Buffer over read
- debian/patches/CVE-2024-11233.patch: re arrange
bound check code in ext/standard/filters.c,
ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt.
- CVE-2024-11233
* SECURITY UPDATE: HTTP request smuggling
- debian/patches/CVE-2024-11234.patch: avoiding
fulluri CRLF injection in ext/standard/http_fopen_wrapper.c.
.../tests/http/ghsa-c5f2-jwm7-mmq2.phpt.
- CVE-2024-11234
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2024-11236-1.patch: adding an extralen check
to avoid integer overflow in ext/pdo_dblib/dblib_driver.c,
ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt.
- debian/patches/CVE-2024-11236-2.patch: change qcount to size_t in
order to avoid integer overflow and adding checks in
ext/pdo_firebird/firebird_driver.c.
- CVE-2024-11236
* SECURITY UPDATE: Heap buffer over-reads
- debian/patches/CVE-2024-8929.patch: fix buffer over-reads in
ext/mysqlnd/mysqlnd_ps_codec.c,
ext/mysqlnd/mysqlnd_wireprotocol.c, and create some phpt tests.
- CVE-2024-8929
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2024-8932.patch: fix OOB in access in
ldap_escape in ext/ldap/ldap.c,
ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt,
ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt.
- CVE-2024-8932
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Tue, 03 Dec 2024 17:14:35 -0300
php8.1 (8.1.2-1ubuntu2.19) jammy-security; urgency=medium
* SECURITY UPDATE: Erroneous parsing of multipart form data
- debian/patches/CVE-2024-8925.patch: limit bounday size in
main/rfc1867.c, tests/basic/*.
- CVE-2024-8925
* SECURITY UPDATE: cgi.force_redirect configuration can be bypassed due
to environment variable collision
- debian/patches/CVE-2024-8927.patch: check for REDIRECT_STATUS in
sapi/cgi/cgi_main.c.
- CVE-2024-8927
* SECURITY UPDATE: Logs from childrens may be altered
- debian/patches/CVE-2024-9026.patch: properly calculate size in
sapi/fpm/fpm/fpm_stdio.c, sapi/fpm/tests/*.
- CVE-2024-9026
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 30 Sep 2024 12:25:25 -0400
php8.1 (8.1.2-1ubuntu2.18) jammy-security; urgency=medium
* SECURITY UPDATE: Invalid user information
- debian/patches/CVE-2024-5458.patch: improves filters validation
in ext/filter/logical_filters.c and adds test
in ext/filter/tests/ghsa-w8qr-v226-r27w.phpt.
- CVE-2024-5458
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Fri, 14 Jun 2024 12:52:55 -0300
php8.1 (8.1.2-1ubuntu2.17) jammy-security; urgency=medium
* SECURITY UPDATE: Heap buffer-overflow
- debian/patches/CVE-2022-4900.patch: prevent potential buffer
overflow for large valye of php_cli_server_workers_max in
sapi/cli/php_cli_server.c.
- CVE-2022-4900
* SECURITY UPDATE: Cookie by pass
- debian/patches/CVE-2024-2756.patch: adds more mangling rules
in main/php_variable.c.
- CVE-2024-2756
* SECURITY UPDATE: Account take over risk
- debian/patches/CVE-2024-3096.patch: disallow null character in bcrypt
password in ext/standard/password.c,
ext/standard/tests/password_bcrypt_errors.phpt.
- CVE-2024-3096
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Wed, 01 May 2024 07:10:07 -0300
php8.1 (8.1.2-1ubuntu2.16) jammy; urgency=medium
* d/p/fix-segfault-in-fpm_status_export_to_zval.patch: fix
segmentation fault in fpm_status_export_to_zval. (LP: #2057576)
-- Athos Ribeiro <athos.ribeiro@canonical.com> Wed, 10 Apr 2024 08:54:30 -0300
php8.1 (8.1.2-1ubuntu2.15) jammy; urgency=medium
* d/p/fix-attribute-instantion-dangling-pointer.patch: Fix sigsegv from
dangling pointer on attribute observer. (LP: #2054621)
* d/p/fix-attribute-instantion-memory-overflow-recovery.patch: Fix sigsegv
during memory overflow recovery on attribute observer.
-- Brian Morton <rokclimb15@gmail.com> Fri, 23 Feb 2024 12:26:53 -0500
php8.1 (8.1.2-1ubuntu2.14) jammy-security; urgency=medium
* SECURITY UPDATE: Disclosure sensitive information
- debian/patches/CVE-2023-3823.patch: sanitieze libxml2 globals
before parsing in ext/dom/document.c, ext/dom/documentfragment.c,
xml_global_state_entity_loader_bypass.phpt, ext/libxml/php_libxml.h,
ext/simplexml/simplexml.c, xml_global_state_entity_loader_bypass.phpt,
ext/soap/php_xml.c, ext/xml/compat.c, ext/xmlreader/php_xmlreader.c,
xml_global_state_entity_loader_bypass.phpt, ext/xsl/xsltprocessor.c,
ext/zend_test/test.c, ext/zend_test/test.stub.php.
- CVE-2023-3823
* SECURITY UPDATE: Stack buffer overflow
- debian/patches/CVE-2023-3824.patch: fix buffer mismanagement in
phar_dir_read(), and in files ext/phar/dirstream.c,
ext/phar/tests/GHSA-jqcx-ccgx-xwhv.phpt.
- CVE-2023-3824
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Fri, 18 Aug 2023 08:41:11 -0300
php8.1 (8.1.2-1ubuntu2.13) jammy-security; urgency=medium
* SECURITY UPDATE: Missing error check and insufficient random
bytes
- debian/patches/CVE-2023-3247-1.patch: fixes missing randomness
check and insufficient random byes for SOAP HTTP digest
in ext/soap/php_http.c.
- debian/patches/CVE-2023-3247-2.patch: fix wrong backporting of previous
soap patch.
- CVE-2023-3247
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Wed, 28 Jun 2023 11:01:49 -0300
php8.1 (8.1.2-1ubuntu2.12) jammy; urgency=medium
* d/p/fix-map-ptr-mem-leak.patch: Fix map_ptr opcache-less fpm memory leak.
(LP: #2017207)
-- Athos Ribeiro <athos.ribeiro@canonical.com> Wed, 14 Jun 2023 19:57:19 -0300
php8.1 (8.1.2-1ubuntu2.11) jammy-security; urgency=medium
* SECURITY UPDATE: password_verify() accepts invalid Blowfish hashes
- debian/patches/CVE-2023-0567-1.patch: fix validation of malformed
BCrypt hashes in ext/standard/crypt_blowfish.c,
ext/standard/tests/crypt/bcrypt_salt_dollar.phpt.
- debian/patches/CVE-2023-0567-2.patch: fix possible buffer overread in
php_crypt() in ext/standard/crypt.c,
ext/standard/tests/password/password_bcrypt_short.phpt.
- CVE-2023-0567
* SECURITY UPDATE: off-by-one in core path resolution function
- debian/patches/CVE-2023-0568.patch: fix array overrun when appending
slash to paths in ext/dom/document.c, ext/xmlreader/php_xmlreader.c,
main/fopen_wrappers.c.
- CVE-2023-0568
* SECURITY UPDATE: DoS via excessive number of parts in HTTP form upload
- debian/patches/CVE-2023-0662-1.patch: introduce
max_multipart_body_parts INI in main/main.c, main/rfc1867.c,
sapi/fpm/tests/*, sapi/fpm/tests/tester.inc.
- debian/patches/CVE-2023-0662-2.patch: fix repeated warning for file
uploads limit exceeding in main/rfc1867.c.
- CVE-2023-0662
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 22 Feb 2023 17:56:18 -0500
# For older changelog entries, run 'apt-get changelog php8.1-common'
Generated by dwww version 1.14 on Thu Jan 23 03:27:29 CET 2025.