[ubuntu/kinetic-proposed] php8.1 8.1.7-1ubuntu1 (Accepted)

Athos Ribeiro athos.ribeiro at canonical.com
Wed Aug 3 14:22:22 UTC 2022 

php8.1 (8.1.7-1ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable (LP: #1983285, #1983205). Remaining changes:
    - Force upgrade from earlier mod-php's to version 8.1 (LP #1890263):
      + d/control: add transitional packages and Breaks/Replaces.
      + d/rules: exclude transitional packages in dh_install.
    - d/rules: Don't fill up build log with pedantic warnings.
    - d/rules: document garbage collection in ini files. (LP #1772915)
    - SECURITY UPDATE: Memory corruption in libmagic
      + debian/patches/CVE-2022-31627.patch: use the same memory allocator in
        ext/fileinfo/libmagic.patch, ext/fileinfo/libmagic/softmagic.c,
        ext/fileinfo/tests/bug81723.phpt.
      + CVE-2022-31627
  * Dropped changes:
    - d/p/0046-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc
      function attributes. (LP #1882279)
      [ Fixed in 8.1.7-1 ]
    - d/p/0047-Fix-ssl3-unexpected-eof.patch: fix OpenSSL3 related
      unexpected EOF failure. (LP #1975626)
      [ Fixed in 8.1.7-1 ]
    - SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
      + debian/patches/CVE-2022-31625.patch: don't free parameters which
        haven't initialized yet in ext/pgsql/pgsql.c,
        ext/pgsql/tests/bug81720.phpt.
      + CVE-2022-31625
      [ Fixed in 8.1.7-1 ]
    - SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
      + debian/patches/CVE-20022-31626.patch: properly calculate size in
        ext/mysqlnd/mysqlnd_wireprotocol.c.
      + CVE-2022-31626
      [ Fixed in 8.1.7-1 ]

Date: Mon, 01 Aug 2022 17:04:27 -0300
Changed-By: Athos Ribeiro <athos.ribeiro at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/php8.1/8.1.7-1ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 01 Aug 2022 17:04:27 -0300
Source: php8.1
Built-For-Profiles: noudeb
Architecture: source
Version: 8.1.7-1ubuntu1
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Athos Ribeiro <athos.ribeiro at canonical.com>
Launchpad-Bugs-Fixed: 1983205 1983285
Changes:
 php8.1 (8.1.7-1ubuntu1) kinetic; urgency=medium
 .
   * Merge with Debian unstable (LP: #1983285, #1983205). Remaining changes:
     - Force upgrade from earlier mod-php's to version 8.1 (LP #1890263):
       + d/control: add transitional packages and Breaks/Replaces.
       + d/rules: exclude transitional packages in dh_install.
     - d/rules: Don't fill up build log with pedantic warnings.
     - d/rules: document garbage collection in ini files. (LP #1772915)
     - SECURITY UPDATE: Memory corruption in libmagic
       + debian/patches/CVE-2022-31627.patch: use the same memory allocator in
         ext/fileinfo/libmagic.patch, ext/fileinfo/libmagic/softmagic.c,
         ext/fileinfo/tests/bug81723.phpt.
       + CVE-2022-31627
   * Dropped changes:
     - d/p/0046-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc
       function attributes. (LP #1882279)
       [ Fixed in 8.1.7-1 ]
     - d/p/0047-Fix-ssl3-unexpected-eof.patch: fix OpenSSL3 related
       unexpected EOF failure. (LP #1975626)
       [ Fixed in 8.1.7-1 ]
     - SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
       + debian/patches/CVE-2022-31625.patch: don't free parameters which
         haven't initialized yet in ext/pgsql/pgsql.c,
         ext/pgsql/tests/bug81720.phpt.
       + CVE-2022-31625
       [ Fixed in 8.1.7-1 ]
     - SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
       + debian/patches/CVE-20022-31626.patch: properly calculate size in
         ext/mysqlnd/mysqlnd_wireprotocol.c.
       + CVE-2022-31626
       [ Fixed in 8.1.7-1 ]
Checksums-Sha1:
 33f53b3238a9a1f811ef5231877733dd413b816f 5609 php8.1_8.1.7-1ubuntu1.dsc
 bc3536a5c4ef92043db0735c87fdfe5b375ca533 11718520 php8.1_8.1.7.orig.tar.xz
 ae7c05d0d952662c79394e1cc28fc4aab27f4645 70716 php8.1_8.1.7-1ubuntu1.debian.tar.xz
 9fa7a4214de8f67bd79fb2a048d69d8ef3626511 8925 php8.1_8.1.7-1ubuntu1_source.buildinfo
Checksums-Sha256:
 a5cf67c316028d8df088980ba29f79149c01a13477c68c49a99928118b0fae95 5609 php8.1_8.1.7-1ubuntu1.dsc
 f042322f1b5a9f7c2decb84b7086ef676896c2f7178739b9672afafa964ed0e5 11718520 php8.1_8.1.7.orig.tar.xz
 05dbcda9549bf2d9107ec8d1005425883725cfa4cfadae642f8358db39d4c3ce 70716 php8.1_8.1.7-1ubuntu1.debian.tar.xz
 a23a2720c0b8a21deb1cd7f796c4c39525b9fd39e286222e6413ac99625ca417 8925 php8.1_8.1.7-1ubuntu1_source.buildinfo
Files:
 a117baac063f9b6f638ae1476e44cccd 5609 php optional php8.1_8.1.7-1ubuntu1.dsc
 f8be7dfca5c241e780f75f3f3ce83b76 11718520 php optional php8.1_8.1.7.orig.tar.xz
 7cfc092b4ca97babece048f0ce338309 70716 php optional php8.1_8.1.7-1ubuntu1.debian.tar.xz
 18059fc189d5c1a05127510dfc5435db 8925 php optional php8.1_8.1.7-1ubuntu1_source.buildinfo
Original-Maintainer: Debian PHP Maintainers <team+pkg-php at tracker.debian.org>
Vcs-Git: https://git.launchpad.net/~athos-ribeiro/ubuntu/+source/php8.1
Vcs-Git-Commit: edf77a25016a13bb34f49bb8e9dce65a6cdfcfde
Vcs-Git-Ref: refs/heads/merge-lp1983285-kinetic

More information about the kinetic-changes mailing list