Univention Bugzilla – Bug 53563
php7.3: Multiple issues (5.0)
Last modified: 2021-07-14 18:01:28 CEST
New Debian php7.3 7.3.29-1~deb10u1 fixes: This update addresses the following issues: * security issues in pdo_firebase module (CVE-2021-21704) * SSRF bypass in FILTER_VALIDATE_URL (CVE-2021-21705)
--- mirror/ftp/pool/main/p/php7.3/php7.3_7.3.27-1~deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/php7.3_7.3.29-1~deb10u1.dsc @@ -1,3 +1,12 @@ +7.3.29-1~deb10u1 [Fri, 02 Jul 2021 06:04:33 +0200] Ondřej Surý <ondrej@debian.org>: + + * New upstream version 7.3.29 + + CVE-2021-21705: SSRF bypass in FILTER_VALIDATE_URL + + CVE-2021-21704: Stack buffer overflow in firebird_info_cb + + CVE-2021-21704: SIGSEGV in firebird_handle_doer + + CVE-2021-21704: SIGSEGV in firebird_stmt_execute + + CVE-2021-21704: Crash while parsing blob data in firebird_fetch_blob + 7.3.27-1~deb10u1 [Sat, 13 Feb 2021 17:31:40 +0100] Ondřej Surý <ondrej@debian.org>: [ Ondřej Surý ] <http://piuparts.knut.univention.de/5.0-0/#6458986322437108094>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=5.0x46>