[ubuntu/noble-updates] php8.3 8.3.6-0ubuntu0.24.04.5 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Thu Jul 17 15:59:03 UTC 2025
php8.3 (8.3.6-0ubuntu0.24.04.5) noble-security; urgency=medium
* SECURITY UPDATE: Null byte termination in hostnames
- debian/patches/CVE-2025-1220.patch: check hostnames in
ext/standard/fsock.c,
ext/standard/tests/network/ghsa-3cr5-j632-f35r.phpt,
ext/standard/tests/streams/ghsa-3cr5-j632-f35r.phpt,
main/streams/xp_socket.c.
- CVE-2025-1220
* SECURITY UPDATE: pgsql extension does not check for errors during
escaping
- debian/patches/CVE-2025-1735.patch: add error checks in
ext/pdo_pgsql/pgsql_driver.c,
ext/pdo_pgsql/tests/ghsa-hrwm-9436-5mv3.phpt,
ext/pgsql/pgsql.c, ext/pgsql/tests/ghsa-hrwm-9436-5mv3.phpt.
- CVE-2025-1735
* SECURITY UPDATE: NULL Pointer Dereference in PHP SOAP Extension via
Large XML Namespace Prefix
- debian/patches/CVE-2025-6491.patch: handle large names in
ext/soap/soap.c, ext/soap/tests/soap_qname_crash.phpt.
- CVE-2025-6491
Date: 2025-07-15 13:27:10.602341+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list