Univention Bugzilla – Bug 51919
php7.0: Multiple issues (4.4)
Last modified: 2020-09-02 11:40:00 CEST
New Debian php7.0 7.0.33-0+deb9u9 fixes: This update addresses the following issue: * Use of freed hash key in the phar_parse_zipfile function (CVE-2020-7068)
--- mirror/ftp/4.4/unmaintained/4.4-5/source/php7.0_7.0.33-0+deb9u8.dsc +++ apt/ucs_4.4-0-errata4.4-5/source/php7.0_7.0.33-0+deb9u9.dsc @@ -1,3 +1,8 @@ +7.0.33-0+deb9u9 [Mon, 24 Aug 2020 12:14:22 +0100] Chris Lamb <lamby@debian.org>: + + * CVE-2020-7068: Prevent a use-after-free vulnerability when parsing PHAR + files, a method of putting entire PHP applications into a single file. + 7.0.33-0+deb9u8 [Sun, 05 Jul 2020 08:34:50 +0200] Ondřej Surý <ondrej@debian.org>: * Backported from 7.2.28 <http://10.200.17.11/4.4-5/#1523152681865747468>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-5] 543d2c1e60 Bug #51919: php7.0 7.0.33-0+deb9u9 doc/errata/staging/php7.0.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-5] 2eff39b4a4 Bug #51919: php7.0 7.0.33-0+deb9u9 doc/errata/staging/php7.0.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x732>