Univention Bugzilla – Bug 50237
php7.0: Multiple issues (4.3)
Last modified: 2019-09-25 14:18:17 CEST
New Debian php7.0 7.0.33-0+deb9u5 fixes: This update addresses the following issues: * heap buffer overflow in function xif_process_IFD_TAG (CVE-2019-11034) * heap buffer overflow in function exif_iif_add_value (CVE-2019-11035) * buffer over-read in exif_process_IFD_TAG function leading to information disclosure (CVE-2019-11036) * information disclosure in function gdImageCreateFromXbm() (CVE-2019-11038) * out-of-bounds read due to integer overflow in function iconv_mime_decode_headers() (CVE-2019-11039) * information disclosue in function exif_read_data() leads to denial of service (CVE-2019-11040) * heap buffer over-read in exif_scan_thumbnail() (CVE-2019-11041) * heap buffer over-read in exif_process_user_comment() (CVE-2019-11042)
--- mirror/ftp/4.3/unmaintained/4.3-4/source/php7.0_7.0.33-0+deb9u3.dsc +++ apt/ucs_4.3-0-errata4.3-4/source/php7.0_7.0.33-0+deb9u5.dsc @@ -1,3 +1,70 @@ +7.0.33-0+deb9u5 [Wed, 18 Sep 2019 11:55:34 +0200] Ondřej Surý <ondrej@sury.org>: + + * Backported security fixes from PHP 7.1.29: + - EXIF: + . Fixed bug #77950 (Heap-buffer-overflow in _estrndup via + exif_process_IFD_TAG). + - Mail: + . Fixed bug #77821 (Potential heap corruption in TSendMail()). + * Backported from 7.1.30 + - EXIF: + . Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16). + (CVE-2019-11040) + - GD: + . Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm). + (CVE-2019-11038) + - Iconv: + . Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() + due to integer overflow). (CVE-2019-11039). + - SQLite: + . Fixed bug #77967 (Bypassing open_basedir restrictions via file uris). + * Backported from 7.1.31 + - EXIF: + . Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). + (CVE-2019-11042) + . Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). + (CVE-2019-11041) + - Phar: + . Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). + - SQLite: + . Upgraded to SQLite 3.28.0. + * Backported from 7.1.32 + - mbstring: + . Fixed CVE-2019-13224 (don't allow different encodings for onig_new_deluxe) + - pcre: + . Fixed bug #75457 (heap use-after-free in pcrelib) + +7.0.33-0+deb9u4 [Sun, 09 Jun 2019 11:25:27 +0200] Ondřej Surý <ondrej@sury.org>: + + * Update d/watch for new php.net pages + * Backported from 7.1.28 + - EXIF: + . (CVE-2019-11034) Fixed bug #77753 (Heap-buffer-overflow in + php_ifd_get32s). + . (CVE-2019-11035) Fixed bug #77831 (Heap-buffer-overflow in + exif_iif_add_value). + - SQLite3: + . Added sqlite3.defensive INI directive. + * Backported from PHP 7.1.29 + - EXIF: + . (CVE-2019-11036) Fixed bug #77950 (Heap-buffer-overflow in + _estrndup via exif_process_IFD_TAG). + - Mail: + . Fixed bug #77821 (Potential heap corruption in TSendMail()). + * Backported from 7.1.30 + - EXIF: + . (CVE-2019-11040) Fixed bug #77988 (heap-buffer-overflow on + php_jpg_get16). + - GD: + . (CVE-2019-11038) Fixed bug #77973 (Uninitialized read in + gdImageCreateFromXbm). + - Iconv: + . (CVE-2019-11039) Fixed bug #78069 (Out-of-bounds read in + iconv.c:_php_iconv_mime_decode() due to integer overflow). + - SQLite: + . Fixed bug #77967 (Bypassing open_basedir restrictions via file + uris). + 7.0.33-0+deb9u3 [Fri, 08 Mar 2019 10:01:24 +0000] Ondřej Surý <ondrej@debian.org>: * Pull security fixes from https://github.com/Microsoft/php-src, a <http://10.200.17.11/4.3-4/#1523152681870077568>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.3-4] 6ed497546c Bug #50237: php7.0 7.0.33-0+deb9u5 doc/errata/staging/php7.0.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) [4.3-4] fd65baf91d Bug #50237: php7.0 7.0.33-0+deb9u5 doc/errata/staging/php7.0.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+)
<http://errata.software-univention.de/ucs/4.3/592.html>