[ubuntu/lunar-proposed] php8.1 8.1.12-1ubuntu4 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Feb 22 22:50:23 UTC 2023
php8.1 (8.1.12-1ubuntu4) lunar; urgency=medium
* SECURITY UPDATE: password_verify() accepts invalid Blowfish hashes
- debian/patches/CVE-2023-0567-1.patch: fix validation of malformed
BCrypt hashes in ext/standard/crypt_blowfish.c,
ext/standard/tests/crypt/bcrypt_salt_dollar.phpt.
- debian/patches/CVE-2023-0567-2.patch: fix possible buffer overread in
php_crypt() in ext/standard/crypt.c,
ext/standard/tests/password/password_bcrypt_short.phpt.
- CVE-2023-0567
* SECURITY UPDATE: off-by-one in core path resolution function
- debian/patches/CVE-2023-0568.patch: fix array overrun when appending
slash to paths in ext/dom/document.c, ext/xmlreader/php_xmlreader.c,
main/fopen_wrappers.c.
- CVE-2023-0568
* SECURITY UPDATE: DoS via excessive number of parts in HTTP form upload
- debian/patches/CVE-2023-0662-1.patch: introduce
max_multipart_body_parts INI in main/main.c, main/rfc1867.c,
sapi/fpm/tests/*, sapi/fpm/tests/tester.inc.
- debian/patches/CVE-2023-0662-2.patch: fix repeated warning for file
uploads limit exceeding in main/rfc1867.c.
- CVE-2023-0662
Date: Wed, 22 Feb 2023 14:48:21 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/php8.1/8.1.12-1ubuntu4
-------------- next part --------------
Format: 1.8
Date: Wed, 22 Feb 2023 14:48:21 -0500
Source: php8.1
Built-For-Profiles: noudeb
Architecture: source
Version: 8.1.12-1ubuntu4
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
php8.1 (8.1.12-1ubuntu4) lunar; urgency=medium
.
* SECURITY UPDATE: password_verify() accepts invalid Blowfish hashes
- debian/patches/CVE-2023-0567-1.patch: fix validation of malformed
BCrypt hashes in ext/standard/crypt_blowfish.c,
ext/standard/tests/crypt/bcrypt_salt_dollar.phpt.
- debian/patches/CVE-2023-0567-2.patch: fix possible buffer overread in
php_crypt() in ext/standard/crypt.c,
ext/standard/tests/password/password_bcrypt_short.phpt.
- CVE-2023-0567
* SECURITY UPDATE: off-by-one in core path resolution function
- debian/patches/CVE-2023-0568.patch: fix array overrun when appending
slash to paths in ext/dom/document.c, ext/xmlreader/php_xmlreader.c,
main/fopen_wrappers.c.
- CVE-2023-0568
* SECURITY UPDATE: DoS via excessive number of parts in HTTP form upload
- debian/patches/CVE-2023-0662-1.patch: introduce
max_multipart_body_parts INI in main/main.c, main/rfc1867.c,
sapi/fpm/tests/*, sapi/fpm/tests/tester.inc.
- debian/patches/CVE-2023-0662-2.patch: fix repeated warning for file
uploads limit exceeding in main/rfc1867.c.
- CVE-2023-0662
Checksums-Sha1:
8901c0bba70761398f23fedbfcb57925dbd18ef5 5819 php8.1_8.1.12-1ubuntu4.dsc
9fb51e5db5af1bc9e4143eaa536f5797e0bcc03b 75324 php8.1_8.1.12-1ubuntu4.debian.tar.xz
4c736c213cc3ab8cdcf5818dd6108b563e854bf2 13822 php8.1_8.1.12-1ubuntu4_source.buildinfo
Checksums-Sha256:
b181c549cb7d19f9c2944cc135504b520ab6d78e2a7811c1ed67b3cc052934b1 5819 php8.1_8.1.12-1ubuntu4.dsc
30d2d280d6fd74c6d620b8ce61c98fe5a3c6fae5abdee23aa9aa3bc876036647 75324 php8.1_8.1.12-1ubuntu4.debian.tar.xz
9ae86247dd21f1821e59c55cf74887e4e89d60c7ccd77a7b599c77d0490e4808 13822 php8.1_8.1.12-1ubuntu4_source.buildinfo
Files:
e2cfaadf3a6cd6404312b3e06452b2f9 5819 php optional php8.1_8.1.12-1ubuntu4.dsc
c858b6c1a2ffe1491fdddb5a6b7b6b53 75324 php optional php8.1_8.1.12-1ubuntu4.debian.tar.xz
5aab42afa39e8f623db02bf9844f5d3a 13822 php optional php8.1_8.1.12-1ubuntu4_source.buildinfo
Original-Maintainer: Debian PHP Maintainers <team+pkg-php at tracker.debian.org>
More information about the lunar-changes
mailing list