Univention Bugzilla – Bug 57400
php7.3: Multiple issues (5.0)
Last modified: 2024-06-26 13:03:36 CEST
New Debian php7.3 7.3.31-1~deb10u7 fixes: This update addresses the following issues: 7.3.31-1~deb10u7 (Mon, 17 Jun 2024 23:48:38 +0200) * Non-maintainer upload by the LTS team. * Fix CVE-2024-5458: Due to a code logic error, filtering functions such as filter_var when validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the function will result in invalid user information (username + password part of URLs) being treated as valid user information. This may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. The problem is related to CVE-2020-7071, but affects IPv6 host parts.
--- mirror/ftp/pool/main/p/php7.3/php7.3_7.3.31-1~deb10u6.dsc +++ apt/ucs_5.0-0-errata5.0-8/source/php7.3_7.3.31-1~deb10u7.dsc @@ -1,3 +1,15 @@ +7.3.31-1~deb10u7 [Mon, 17 Jun 2024 23:48:38 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2024-5458: + Due to a code logic error, filtering functions such as filter_var when + validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the + function will result in invalid user information (username + password part + of URLs) being treated as valid user information. This may lead to the + downstream code accepting invalid URLs as valid and parsing them + incorrectly. The problem is related to CVE-2020-7071, but affects IPv6 host + parts. + 7.3.31-1~deb10u6 [Tue, 07 May 2024 02:47:26 +0200] Guilhem Moulin <guilhem@debian.org>: * Non-maintainer upload by the LTS Security Team. <http://piuparts.knut.univention.de/5.0-8/#3825118531509681023>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-8] ac9a3dc748 Bug #57400: php7.3 7.3.31-1~deb10u7 doc/errata/staging/php7.3.yaml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) [5.0-8] d27887bb4e Bug #57400: php7.3 7.3.31-1~deb10u7 doc/errata/staging/php7.3.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x1070>