UbuntuUpdates.org

Package "php7.4-imap"

Name: php7.4-imap

Description:

IMAP module for PHP
Latest version: 7.4.3-4ubuntu2.22
Release: focal (20.04)
Level: updates
Repository: universe
Head package: php7.4
Homepage: http://www.php.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "php7.4-imap"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "php7.4-imap" in Focal

Repository Area Version
base universe 7.4.3-4ubuntu1
security universe 7.4.3-4ubuntu2.22
proposed universe 7.4.3-4ubuntu2.21

Changelog

Version: 7.4.3-4ubuntu2.16 2023-01-16 19:07:29 UTC

  php7.4 (7.4.3-4ubuntu2.16) focal; urgency=medium

  [ Athos Ribeiro ]
  * d/rules: fix PHP_EXTRA_VERSION setting. (LP: #1989196)
  * Test PHP_EXTRA_VERSION setting with autopkgtest.

  [ Matthew Ruffell ]
  * No longer throw an error when serializing uninitialized typed
    properties with __sleep(), which makes serializing objects with
    __sleep() behave the same as serializing objects without
    __sleep(). (LP: #1999598)
    - d/p/lp-1999598-Fix-bug-79447.patch

 -- Athos Ribeiro <email address hidden> Thu, 15 Sep 2022 19:53:21 -0300
Source diff to previous version
1989196 Fix PHP_EXTRA_VERSION setting
1999598 Don't throw an error when serializing uninitialized typed properties with __sleep()

Version: 7.4.3-4ubuntu2.15 2022-11-08 18:06:27 UTC

  php7.4 (7.4.3-4ubuntu2.15) focal-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-31628-1.patch: adding a recursion limit
      in ext/phar/phar.c, ext/phar/tests/bug81726.phpt.
    - debian/source/include-binaries: add ext/phar/tests/bug81726.gz.
    - debian/patches/CVE-2022-31628-2.patch: avoid a second check in
      ext/phar/phar.c.
    - CVE-2022-31628
  * SECURITY UPDATE: Cookie injection
    - debian/patches/CVE-2022-31629.patch: don't mangle HTTP
      variable names that clash with ones that have a specific semantic
      meaning in ext/standard/test/bug81727.phpt,
      main/php_variables.c.
    - CVE-2022-31629
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2022-31630.patch: adds validation in
      imageloadfont() for OOB in ext/gd/gd.c, ext/gd/tests/bug81739.phpt.
    - CVE-2022-31630
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2022-37454.patch: fixes buffer overflow in
      hash_update() on long parameter in
      ext/hash/sha3/generic32lc/KeccakSponge.inc,
      ext/hash/sha3/generic64lc/KeccakSponge.inc.
    - CVE-2022-37454

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 02 Nov 2022 06:53:44 -0300
Source diff to previous version
CVE-2022-31628 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infini
CVE-2022-31629 In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the
CVE-2022-37454 The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute

Version: 7.4.3-4ubuntu2.13 2022-09-05 11:07:16 UTC

  php7.4 (7.4.3-4ubuntu2.13) focal; urgency=medium

  * d/p/0047-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc
    function attributes. (LP: #1882279)

 -- Athos Ribeiro <email address hidden> Wed, 17 Aug 2022 10:29:56 -0300
Source diff to previous version
1882279 PHP built from source performs much better than the Ubuntu packaged version

Version: 7.4.3-4ubuntu2.12 2022-06-15 14:06:25 UTC

  php7.4 (7.4.3-4ubuntu2.12) focal-security; urgency=medium

  * SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
    - debian/patches/CVE-2022-31625.patch: don't free parameters which
      haven't initialized yet in ext/pgsql/pgsql.c,
      ext/pgsql/tests/bug81720.phpt.
    - CVE-2022-31625
  * SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
    - debian/patches/CVE-20022-31626.patch: properly calculate size in
      ext/mysqlnd/mysqlnd_wireprotocol.c.
    - CVE-2022-31626

 -- Marc Deslauriers <email address hidden> Mon, 13 Jun 2022 09:43:30 -0400
Source diff to previous version

Version: 7.4.3-4ubuntu2.11 2022-06-14 23:06:19 UTC

  php7.4 (7.4.3-4ubuntu2.11) focal; urgency=medium

  * d/p/0048-Fix-bug-79603-by-retrying-on-RTD-key-collision.patch: retry on RTD
    key collision. (LP: #1968228)

 -- Athos Ribeiro <email address hidden> Thu, 05 May 2022 21:16:42 -0300
1968228 RTD collision with opcache


About   -   Send Feedback to @ubuntu_updates