[ubuntu/kinetic-proposed] php8.1 8.1.5-1ubuntu2 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Jun 21 17:42:15 UTC 2022 

php8.1 (8.1.5-1ubuntu2) kinetic; urgency=medium

  * SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
    - debian/patches/CVE-2022-31625.patch: don't free parameters which
      haven't initialized yet in ext/pgsql/pgsql.c,
      ext/pgsql/tests/bug81720.phpt.
    - CVE-2022-31625
  * SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
    - debian/patches/CVE-20022-31626.patch: properly calculate size in
      ext/mysqlnd/mysqlnd_wireprotocol.c.
    - CVE-2022-31626

Date: Tue, 21 Jun 2022 12:32:04 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/php8.1/8.1.5-1ubuntu2
-------------- next part --------------
Format: 1.8
Date: Tue, 21 Jun 2022 12:32:04 -0400
Source: php8.1
Built-For-Profiles: noudeb
Architecture: source
Version: 8.1.5-1ubuntu2
Distribution: kinetic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 php8.1 (8.1.5-1ubuntu2) kinetic; urgency=medium
 .
   * SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
     - debian/patches/CVE-2022-31625.patch: don't free parameters which
       haven't initialized yet in ext/pgsql/pgsql.c,
       ext/pgsql/tests/bug81720.phpt.
     - CVE-2022-31625
   * SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
     - debian/patches/CVE-20022-31626.patch: properly calculate size in
       ext/mysqlnd/mysqlnd_wireprotocol.c.
     - CVE-2022-31626
Checksums-Sha1:
 2905c77c7cdc6b7ca6f8e9c82cbaf677bce5e7d0 5809 php8.1_8.1.5-1ubuntu2.dsc
 a49feb8d9cced9fe2455c66c3753f95898e1281f 69596 php8.1_8.1.5-1ubuntu2.debian.tar.xz
 faa85d82b41b400bcbfffaf4b9b7c8e4f793c13a 14028 php8.1_8.1.5-1ubuntu2_source.buildinfo
Checksums-Sha256:
 649a2520248178560a33e749326da5b07edee47a6ced880a975a1af0410c6d89 5809 php8.1_8.1.5-1ubuntu2.dsc
 f6d17b0e1375e5a30c9058065903784e07849b245906f834900dffe568b2dd42 69596 php8.1_8.1.5-1ubuntu2.debian.tar.xz
 1cb56fe7d0cb518515266b08f74d0a8d02b1f1b8dbece91ccd38bd152337a0c6 14028 php8.1_8.1.5-1ubuntu2_source.buildinfo
Files:
 ca8230f9a42b30b58b5e1e0820258697 5809 php optional php8.1_8.1.5-1ubuntu2.dsc
 0627c785e8f83acd6e8e068b56d386ab 69596 php optional php8.1_8.1.5-1ubuntu2.debian.tar.xz
 65d3479011297aaae480f33fe49f9bfe 14028 php optional php8.1_8.1.5-1ubuntu2_source.buildinfo
Original-Maintainer: Debian PHP Maintainers <team+pkg-php at tracker.debian.org>

More information about the kinetic-changes mailing list