Univention Bugzilla – Bug 57270
php7.3: Multiple issues (5.0)
Last modified: 2024-05-15 12:32:15 CEST
New Debian php7.3 7.3.31-1~deb10u6 fixes: This update addresses the following issues: 7.3.31-1~deb10u6 (Tue, 07 May 2024 02:47:26 +0200) * Non-maintainer upload by the LTS Security Team. * Fix CVE-2024-2756: Due to an incomplete fix to CVE-2022-31629, network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. * Fix CVE-2024-3096: If a password stored with password_hash starts with a null byte (\x00), testing a blank string as the password via password_verify() will incorrectly return true. * d/p/CVE-2023-3823.patch: Also backport upstream commit 62228a25685 (a no-op on Linux.)
--- mirror/ftp/pool/main/p/php7.3/php7.3_7.3.31-1~deb10u5.dsc +++ apt/ucs_5.0-0-errata5.0-7/source/php7.3_7.3.31-1~deb10u6.dsc @@ -1,3 +1,16 @@ +7.3.31-1~deb10u6 [Tue, 07 May 2024 02:47:26 +0200] Guilhem Moulin <guilhem@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + * Fix CVE-2024-2756: Due to an incomplete fix to CVE-2022-31629, network and + same-site attackers can set a standard insecure cookie in the victim's + browser which is treated as a __Host- or __Secure- cookie by PHP + applications. + * Fix CVE-2024-3096: If a password stored with password_hash starts with a + null byte (\x00), testing a blank string as the password via + password_verify() will incorrectly return true. + * d/p/CVE-2023-3823.patch: Also backport upstream commit 62228a25685 (a + no-op on Linux.) + 7.3.31-1~deb10u5 [Mon, 04 Sep 2023 23:49:25 +0200] Guilhem Moulin <guilhem@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/5.0-7/#5206778524850699013>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-7] bfe6c0fd06 Bug #57270: php7.3 7.3.31-1~deb10u6 doc/errata/staging/php7.3.yaml | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) [5.0-7] aaa935b280 Bug #57270: php7.3 7.3.31-1~deb10u6 doc/errata/staging/php7.3.yaml | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1045>