Package "php7.4-pgsql"
Name: |
php7.4-pgsql
|
Description: |
PostgreSQL module for PHP
|
Latest version: |
7.4.3-4ubuntu2.10 |
Release: |
focal (20.04) |
Level: |
updates |
Repository: |
main |
Head package: |
php7.4 |
Homepage: |
http://www.php.net/ |
Links
Download "php7.4-pgsql"
Other versions of "php7.4-pgsql" in Focal
Changelog
php7.4 (7.4.3-4ubuntu2.5) focal-security; urgency=medium
* SECURITY UPDATE: crash or info disclosure via PHAR zip file
- debian/patches/CVE-2020-7068.patch: fix use after free in
ext/phar/zip.c.
- CVE-2020-7068
* SECURITY UPDATE: incorrect URL validation
- debian/patches/CVE-2020-7071-1.patch: make sure userinfo is valid
according to RFC 3986 in ext/filter/tests/bug77423.phpt,
ext/standard/url.c.
- debian/patches/CVE-2020-7071-2.patch: revert previous fix and use a
better one in ext/filter/logical_filters.c,
ext/filter/tests/bug77423.phpt, ext/standard/url.c.
- debian/patches/CVE-2020-7071-3.patch: remove unneeded function in
ext/standard/url.c.
- CVE-2020-7071
* SECURITY UPDATE: crash via malformed XML data in SOAP extension
- debian/patches/CVE-2021-21702-1.patch: check strings in
ext/soap/php_sdl.c, ext/soap/php_xml.c, ext/soap/tests/bug80672.phpt,
ext/soap/tests/bug80672.xml.
- debian/patches/CVE-2021-21702-2.patch: fix compiler warning in
ext/soap/php_sdl.c.
- CVE-2021-21702
* SECURITY UPDATE: multiple issues in the pdo_firebase module
- debian/patches/CVE-2021-21704-1.patch: prevent overflow in
ext/pdo_firebird/firebird_statement.c.
- debian/patches/CVE-2021-21704-2.patch: verify result_size in
ext/pdo_firebird/firebird_statement.c.
- debian/patches/CVE-2021-21704-3.patch: verify result_size in
ext/pdo_firebird/firebird_driver.c.
- debian/patches/CVE-2021-21704-4.patch: don't overflow stack in
ext/pdo_firebird/firebird_driver.c.
- CVE-2021-21704
* SECURITY UPDATE: SSRF bypass
- debian/patches/CVE-2021-21705.patch: check password in
ext/filter/logical_filters.c, ext/filter/tests/bug81122.phpt.
- debian/patches/CVE-2021-21705-2.patch: fix compiler warning in
ext/filter/logical_filters.c.
- CVE-2021-21705
-- Marc Deslauriers <email address hidden> Mon, 05 Jul 2021 11:13:35 -0400
|
Source diff to previous version |
CVE-2020-7068 |
In PHP versions 7.2.x below 7.2.33, 7.3.x below 7.3.21 and 7.4.x below 7.4.9, while processing PHAR files using phar extension, phar_parse_zipfile co |
CVE-2020-7071 |
In PHP versions 7.3.x below 7.3.26, 7.4.x below 7.4.14 and 8.0.0, when validating URL with functions like filter_var($url, FILTER_VALIDATE_URL), PHP |
CVE-2021-21702 |
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP |
CVE-2021-21704 |
PHP: firebird issues |
CVE-2021-21705 |
PHP: SSRF bypass in FILTER_VALIDATE_URL |
|
php7.4 (7.4.3-4ubuntu2.4) focal-security; urgency=medium
* SECURITY UPDATE: Incorrect encryption data
- debian/patches/CVE-2020-7069.patch: fix wrong ciphertext/tag
in AES-CCM encryption for a 12 bytes IV in ext/openssl/openssl.c,
ext/openssl/tests/cipher_tests.inc, ext/openssl/openssl_*_ccm.phpt.
- CVE-2020-7069
* SECURITY UPDATE: Possibly forge cookie
- debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore
in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt,
tests/basic/bug79699.phpt.
- CVE-2020-7070
-- <email address hidden> (Leonidas S. Barbosa) Tue, 06 Oct 2020 12:47:56 -0300
|
Source diff to previous version |
CVE-2020-7069 |
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 byte |
CVE-2020-7070 |
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names a |
|
php7.4 (7.4.3-4ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service through oversized memory allocated
- debian/patches/CVE-2019-11048.patch: changes types int to size_t
in main/rfc1867.c.
- CVE-2019-11048
-- <email address hidden> (Leonidas S. Barbosa) Tue, 26 May 2020 09:24:22 -0300
|
Source diff to previous version |
CVE-2019-11048 |
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or |
|
php7.4 (7.4.3-4ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: Read one byte of uninitialized memory
- debian/patches/CVE-2020-7064.patch: check length in
exif_process_TIFF_in_JPEG to avoid read uninitialized memory
ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
- CVE-2020-7064
* SECURITY UPDATE: Memory corruption, crash and potentially code execution
- debian/patches/CVE-2020-7065.patch: make sure that negative values are
properly compared in ext/mbstring/php_unicode.c,
ext/mbstring/tests/bug70371.phpt.
- CVE-2020-7065
* SECURITY UPDATE: Truncated url due \0
- debian/patches/CVE-2020-7066.patch: check for get_headers
not accepting \0 in ext/standard/url.c.
- CVE-2020-7066
-- <email address hidden> (Leonidas S. Barbosa) Tue, 05 May 2020 09:14:27 -0300
|
CVE-2020-7064 |
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible |
CVE-2020-7065 |
In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could |
CVE-2020-7066 |
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user-supplied URL, if the URL contains z |
|
About
-
Send Feedback to @ubuntu_updates