Package "php8.1-cli"

  php8.1 (8.1.2-1ubuntu2.21) jammy-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2024-11235.patch: fix incorrect live-range
      calculation in Zend/zend_opcode.c and add tests in
      Zend/tests/ghsa-rwp7-7vc6-8477_001.phpt,
      Zend/tests/ghsa-rwp7-7vc6-8477_002.phpt,
      Zend/tests/ghsa-rwp7-7vc6-8477_003.phpt.
    - CVE-2024-11235
  * SECURITY UPDATE: Incorrect MIME type
    - debian/patches/CVE-2025-1217.patch: adds HTTP header folding
      support for HTTP wrapper response headers in
      ext/standard/http_fopen_wrapper.c and add tests in
      ests/http/ghsa-v8xr-gpvj-cx9g-001.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt,
      tests/http/http_response_header_05.phpt.
    - CVE-2025-1217
  * SECURITY UPDATE: Wrong content-type requesting a redirected resource
    - debian/patches/CVE-2025-1219.patch: fix in ext/libxml/mime_sniff.c.
    - CVE-2025-1219
  * SECURITY UPDATE: Invalid header
    - debian/patches/CVE-2025-1734.patch: fix in ext/standard/http_fopen_wrapper.c
      and add tests in
      ext/standard/tests/http/bug47021.phpt,
      ext/standard/tests/http/bug75535.phpt,
      tests/http/ghsa-pcmh-g36c-qc44-001.phpt,
      tests/http/ghsa-pcmh-g36c-qc44-002.phpt.
    - CVE-2025-1734
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2025-1736.patch: httu user header check
      of crlf in ext/standard/http_fopen_wrapper.c and add tests
      in tests/http/ghsa-hgf5-96fm-v528-001.phpt,
      tests/http/ghsa-hgf5-96fm-v528-002.phpt,
      tests/http/ghsa-hgf5-96fm-v528-003.phpt.
    - CVE-2025-1736
  * SECURITY UPDATE: Location truncation
    - debian/patches/CVE-2025-1861.patch: converts the
      allocation of location to be on heap instead of stack
      in ext/standard/http_fopen_wrapper.c and add tests in
      tests/http/ghsa-52jp-hrpf-2jff-001.phpt,
      tests/http/ghsa-52jp-hrpf-2jff-002.phpt.
    - CVE-2025-1861
  * debian/patches/0001-Fix-GH-16955-Use-empheral-ports-for-OpenSSL-server-c.patch
    added in order to fix all the tests added in the CVE above.

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 Mar 2025 16:04:23 -0300

  php8.1 (8.1.2-1ubuntu2.20) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer over read
    - debian/patches/CVE-2024-11233.patch: re arrange
      bound check code in ext/standard/filters.c,
      ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt.
    - CVE-2024-11233
  * SECURITY UPDATE: HTTP request smuggling
    - debian/patches/CVE-2024-11234.patch: avoiding
      fulluri CRLF injection in ext/standard/http_fopen_wrapper.c.
      .../tests/http/ghsa-c5f2-jwm7-mmq2.phpt.
    - CVE-2024-11234
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2024-11236-1.patch: adding an extralen check
      to avoid integer overflow in ext/pdo_dblib/dblib_driver.c,
      ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt.
    - debian/patches/CVE-2024-11236-2.patch: change qcount to size_t in
      order to avoid integer overflow and adding checks in
      ext/pdo_firebird/firebird_driver.c.
    - CVE-2024-11236
  * SECURITY UPDATE: Heap buffer over-reads
    - debian/patches/CVE-2024-8929.patch: fix buffer over-reads in
      ext/mysqlnd/mysqlnd_ps_codec.c,
      ext/mysqlnd/mysqlnd_wireprotocol.c, and create some phpt tests.
    - CVE-2024-8929
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2024-8932.patch: fix OOB in access in
      ldap_escape in ext/ldap/ldap.c,
      ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt,
      ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt.
    - CVE-2024-8932

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 03 Dec 2024 17:14:35 -0300

  php8.1 (8.1.2-1ubuntu2.19) jammy-security; urgency=medium

  * SECURITY UPDATE: Erroneous parsing of multipart form data
    - debian/patches/CVE-2024-8925.patch: limit bounday size in
      main/rfc1867.c, tests/basic/*.
    - CVE-2024-8925
  * SECURITY UPDATE: cgi.force_redirect configuration can be bypassed due
    to environment variable collision
    - debian/patches/CVE-2024-8927.patch: check for REDIRECT_STATUS in
      sapi/cgi/cgi_main.c.
    - CVE-2024-8927
  * SECURITY UPDATE: Logs from childrens may be altered
    - debian/patches/CVE-2024-9026.patch: properly calculate size in
      sapi/fpm/fpm/fpm_stdio.c, sapi/fpm/tests/*.
    - CVE-2024-9026

 -- Marc Deslauriers <email address hidden> Mon, 30 Sep 2024 12:25:25 -0400

  php8.1 (8.1.2-1ubuntu2.18) jammy-security; urgency=medium

  * SECURITY UPDATE: Invalid user information
    - debian/patches/CVE-2024-5458.patch: improves filters validation
      in ext/filter/logical_filters.c and adds test
      in ext/filter/tests/ghsa-w8qr-v226-r27w.phpt.
    - CVE-2024-5458

 -- Leonidas Da Silva Barbosa <email address hidden> Fri, 14 Jun 2024 12:52:55 -0300

  php8.1 (8.1.2-1ubuntu2.17) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap buffer-overflow
    - debian/patches/CVE-2022-4900.patch: prevent potential buffer
      overflow for large valye of php_cli_server_workers_max in
      sapi/cli/php_cli_server.c.
    - CVE-2022-4900
  * SECURITY UPDATE: Cookie by pass
    - debian/patches/CVE-2024-2756.patch: adds more mangling rules
      in main/php_variable.c.
    - CVE-2024-2756
  * SECURITY UPDATE: Account take over risk
    - debian/patches/CVE-2024-3096.patch: disallow null character in bcrypt
      password in ext/standard/password.c,
      ext/standard/tests/password_bcrypt_errors.phpt.
    - CVE-2024-3096

 -- Leonidas Da Silva Barbosa <email address hidden> Wed, 01 May 2024 07:10:07 -0300