UbuntuUpdates.org

Package "php8.3"

Name: php8.3

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • HTML-embedded scripting language (Embedded SAPI library)
  • Bcmath module for PHP
  • bzip2 module for PHP
  • DBA module for PHP
Latest version: 8.3.6-0ubuntu0.24.04.2
Release: noble (24.04)
Level: security
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "php8.3" in Noble

Repository Area Version
base universe 8.3.6-0maysync1
base main 8.3.6-0maysync1
security main 8.3.6-0ubuntu0.24.04.2
updates main 8.3.6-0ubuntu0.24.04.2
updates universe 8.3.6-0ubuntu0.24.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.3.6-0ubuntu0.24.04.2 2024-10-01 15:07:01 UTC

  php8.3 (8.3.6-0ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: Erroneous parsing of multipart form data
    - debian/patches/CVE-2024-8925.patch: limit bounday size in
      main/rfc1867.c, tests/basic/*.
    - CVE-2024-8925
  * SECURITY UPDATE: cgi.force_redirect configuration can be bypassed due
    to environment variable collision
    - debian/patches/CVE-2024-8927.patch: check for REDIRECT_STATUS in
      sapi/cgi/cgi_main.c.
    - CVE-2024-8927
  * SECURITY UPDATE: Logs from childrens may be altered
    - debian/patches/CVE-2024-9026.patch: properly calculate size in
      sapi/fpm/fpm/fpm_stdio.c, sapi/fpm/tests/*.
    - CVE-2024-9026

 -- Marc Deslauriers <email address hidden> Mon, 30 Sep 2024 11:17:17 -0400
Source diff to previous version
CVE-2024-8925 Erroneous parsing of multipart form data
CVE-2024-8927 cgi.force_redirect configuration is byppassible due to the environment variable collision
CVE-2024-9026 Logs from childrens may be altered

Version: 8.3.6-0ubuntu0.24.04.1 2024-06-19 13:07:15 UTC

  php8.3 (8.3.6-0ubuntu0.24.04.1) noble-security; urgency=medium

  * SECURITY UPDATE: Invalid user information
    - debian/patches/CVE-2024-5458.patch: improves filters validation
      in ext/filter/logical_filters.c and adds test
      in ext/filter/tests/ghsa-w8qr-v226-r27w.phpt.
    - CVE-2024-5458

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 13 Jun 2024 12:23:20 -0300
CVE-2024-5458 In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when


About   -   Send Feedback to @ubuntu_updates