Bug 57683 - php7.3: Multiple issues (5.0)
Summary: php7.3: Multiple issues (5.0)
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 5.0
Hardware: All Linux
: P3 normal
Target Milestone: UCS 5.0-9-errata
Assignee: Quality Assurance
QA Contact: Julia Bremer
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-10-21 19:10 CEST by Quality Assurance
Modified: 2024-10-23 14:15 CEST (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score: 5.3 (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2024-10-21 19:10:24 CEST 
New Debian php7.3 7.3.31-1~deb10u8 fixes:
This update addresses the following issues:

Debian update 7.3.31-1~deb10u8
7.3.31-1~deb10u8 (Tue, 15 Oct 2024 18:27:23 +0200)
* Non-maintainer upload by the ELTS Team.
* Fix CVE-2024-8925: Erroneous parsing of multipart form data.
* Fix CVE-2024-8927: `cgi.force_redirect` configuration is bypassable due to  environment variable collision.
Comment 1 Quality Assurance univentionstaff 2024-10-21 20:00:10 CEST 
--- mirror/ftp/pool/main/p/php7.3/php7.3_7.3.31-1~deb10u7.dsc
+++ apt/ucs_5.0-0-errata5.0-9/source/php7.3_7.3.31-1~deb10u8.dsc
@@ -1,3 +1,10 @@
+7.3.31-1~deb10u8 [Tue, 15 Oct 2024 18:27:23 +0200] Guilhem Moulin <guilhem@debian.org>:
+
+  * Non-maintainer upload by the ELTS Team.
+  * Fix CVE-2024-8925: Erroneous parsing of multipart form data.
+  * Fix CVE-2024-8927: `cgi.force_redirect` configuration is bypassable due to
+    environment variable collision.
+
 7.3.31-1~deb10u7 [Mon, 17 Jun 2024 23:48:38 +0200] Markus Koschany <apo@debian.org>:
 
   * Non-maintainer upload by the LTS team.

<http://piuparts.knut.univention.de/5.0-9/#4873521398200873277>
Comment 2 Julia Bremer univentionstaff 2024-10-23 12:04:07 CEST 
OK: Package install
OK: YAML
OK: piuparts
Verifid