[ubuntu/plucky-security] php8.4 8.4.5-1ubuntu1.1 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Jul 17 15:13:56 UTC 2025
php8.4 (8.4.5-1ubuntu1.1) plucky-security; urgency=medium
* SECURITY UPDATE: Null byte termination in hostnames
- debian/patches/CVE-2025-1220.patch: check hostnames in
ext/standard/fsock.c,
ext/standard/tests/network/ghsa-3cr5-j632-f35r.phpt,
ext/standard/tests/streams/ghsa-3cr5-j632-f35r.phpt,
main/streams/xp_socket.c.
- CVE-2025-1220
* SECURITY UPDATE: pgsql extension does not check for errors during
escaping
- debian/patches/CVE-2025-1735.patch: add error checks in
ext/pdo_pgsql/pgsql_driver.c,
ext/pdo_pgsql/tests/ghsa-hrwm-9436-5mv3.phpt,
ext/pgsql/pgsql.c, ext/pgsql/tests/ghsa-hrwm-9436-5mv3.phpt.
- CVE-2025-1735
* SECURITY UPDATE: NULL Pointer Dereference in PHP SOAP Extension via
Large XML Namespace Prefix
- debian/patches/CVE-2025-6491.patch: handle large names in
ext/soap/soap.c, ext/soap/tests/soap_qname_crash.phpt.
- CVE-2025-6491
Date: 2025-07-15 12:08:10.882540+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/php8.4/8.4.5-1ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the plucky-changes
mailing list