Bug 50431

Summary: php7.0: Multiple issues (4.3)
Product: UCS Reporter: Quality Assurance <qa>
Component: Security updatesAssignee: Quality Assurance <qa>
Status: CLOSED FIXED QA Contact: Philipp Hahn <hahn>
Severity: normal    
Priority: P5    
Version: UCS 4.3   
Target Milestone: UCS 4.3-5-errata   
Hardware: All   
OS: Linux   
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional):
Max CVSS v3 score: 0.0 () NVD

Description Quality Assurance univentionstaff 2019-10-29 12:00:48 CET 
New Debian php7.0 7.0.33-0+deb9u6 fixes:
This update addresses the following issue:
* php7.0 (CVE-2019-11043)
Comment 1 Quality Assurance univentionstaff 2019-10-29 12:33:02 CET 
--- mirror/ftp/4.3/unmaintained/4.3-5/source/php7.0_7.0.33-0+deb9u5.dsc
+++ apt/ucs_4.3-0-errata4.3-5/source/php7.0_7.0.33-0+deb9u6.dsc
@@ -1,3 +1,10 @@
+7.0.33-0+deb9u6 [Thu, 24 Oct 2019 20:50:20 +0200] Ondřej Surý <ondrej@debian.org>:
+
+  * Backported from 7.1.33
+   - FPM:
+    . Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to
+    RCE). (CVE-2019-11043)
+
 7.0.33-0+deb9u5 [Wed, 18 Sep 2019 11:55:34 +0200] Ondřej Surý <ondrej@sury.org>:
 
   * Backported security fixes from PHP 7.1.29:

<http://10.200.17.11/4.3-5/#1523152681871160093>
Comment 2 Philipp Hahn univentionstaff 2019-10-29 13:56:04 CET 
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[4.3-5] bcdc809a29 Bug #50431: php7.0 7.0.33-0+deb9u6
 doc/errata/staging/php7.0.yaml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

[4.3-5] 18ef94ad06 Bug #50431: php7.0 7.0.33-0+deb9u6
 doc/errata/staging/php7.0.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
Comment 3 Erik Damrose univentionstaff 2019-10-30 12:31:37 CET 
<http://errata.software-univention.de/ucs/4.3/608.html>