Univention Bugzilla – Bug 50867
php7.0: Multiple issues (4.4)
Last modified: 2020-03-11 14:41:57 CET
New Debian php7.0 7.0.33-0+deb9u7 fixes: This update addresses the following issues: * PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045) * OOB read in bc_shift_addsub (CVE-2019-11046) * information disclosure in exif_read_data() (CVE-2019-11047) * out-of-bounds read when parsing EXIF information (CVE-2019-11050) * Out of bounds read in php_strip_tags_ex (CVE-2020-7059) * Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060)
--- mirror/ftp/4.4/unmaintained/4.4-3/source/php7.0_7.0.33-0+deb9u6.dsc +++ apt/ucs_4.4-0-errata4.4-3/source/php7.0_7.0.33-0+deb9u7.dsc @@ -1,3 +1,28 @@ +7.0.33-0+deb9u7 [Sun, 16 Feb 2020 16:11:40 +0100] Ondřej Surý <ondrej@debian.org>: + + * Use mysqld --initialize-insecure for MySQL 8.0 (for Ubuntu 19.10) + * Disable MySQL X Plugin in the tests + * Remove --skip-grant-tables to fix FTBFS with MySQL 8.0 + * Remove --without-mysqlx from MySQL 5.7 + * Backported from 7.2.27 + - Mbstring: + . Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). + (CVE-2020-7060) + - Standard: + . Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059). + * Backported from 7.2.26 + - Bcmath: + . Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046). + - Core: + . Fixed bug #78862 (link() silently truncates after a null byte on Windows). + (CVE-2019-11044). + . Fixed bug #78863 (DirectoryIterator class silently truncates after a null + byte). (CVE-2019-11045). + - EXIF: + . Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). + (CVE-2019-11050). + . Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047). + 7.0.33-0+deb9u6 [Thu, 24 Oct 2019 20:50:20 +0200] Ondřej Surý <ondrej@debian.org>: * Backported from 7.1.33 <http://10.200.17.11/4.4-3/#1523152681872242618>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-3] 776999f366 Bug #50867: php7.0 7.0.33-0+deb9u7 doc/errata/staging/php7.0.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) [4.4-3] 9ad5248aca Bug #50867: php7.0 7.0.33-0+deb9u7 doc/errata/staging/php7.0.yaml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+)
<http://errata.software-univention.de/ucs/4.4/466.html>