Univention Bugzilla – Full Text Bug Listing |
Summary: | php7.0: Multiple issues (4.3) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.3 | ||
Target Milestone: | UCS 4.3-3-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) Debian RedHat |
Description
Quality Assurance
2018-12-11 08:43:49 CET
--- mirror/ftp/4.3/unmaintained/4.3-2/source/php7.0_7.0.30-0+deb9u1.dsc +++ apt/ucs_4.3-0-errata4.3-3/source/php7.0_7.0.33-0+deb9u1.dsc @@ -1,3 +1,14 @@ +7.0.33-0+deb9u1 [Fri, 07 Dec 2018 11:36:49 +0000] Ondřej Surý <ondrej@debian.org>: + + * New upstream version 7.0.33 + * Fixed security bugs: + + [CVE-2018-19518]: imap_open() function command injection + + [CVE-2018-14851]: heap-buffer-overflow (READ of size 48) while + reading exif data + + [CVE-2018-14883]: Int Overflow lead to Heap OverFlow in + exif_thumbnail_extract of exif.c + + [CVE-2018-17082]: XSS due to the header Transfer-Encoding: chunked + 7.0.30-0+deb9u1 [Thu, 14 Jun 2018 13:50:25 +0000] Ondřej Surý <ondrej@debian.org>: * New upstream version 7.0.30 <http://10.200.17.11/4.3-3/#1523152681874407668> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-3] 2e404c0d93 Bug #48309: php7.0 7.0.33-0+deb9u1 doc/errata/staging/php7.0.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) [4.3-3] ef46a22c9e Bug #48309: php7.0 7.0.33-0+deb9u1 doc/errata/staging/php7.0.yaml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) |