Package "php8.3-interbase"
Name: |
php8.3-interbase
|
Description: |
Interbase module for PHP
|
Latest version: |
8.3.6-0ubuntu0.24.04.3 |
Release: |
noble (24.04) |
Level: |
security |
Repository: |
universe |
Head package: |
php8.3 |
Homepage: |
http://www.php.net/ |
Links
Download "php8.3-interbase"
Other versions of "php8.3-interbase" in Noble
Changelog
php8.3 (8.3.6-0ubuntu0.24.04.3) noble-security; urgency=medium
* SECURITY UPDATE: Buffer over read
- debian/patches/CVE-2024-11233.patch: re arrange
bound check code in ext/standard/filters.c,
ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt.
- CVE-2024-11233
* SECURITY UPDATE: HTTP request smuggling
- debian/patches/CVE-2024-11234.patch: avoiding
fulluri CRLF injection in ext/standard/http_fopen_wrapper.c.
.../tests/http/ghsa-c5f2-jwm7-mmq2.phpt.
- CVE-2024-11234
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2024-11236-1.patch: adding an extralen check
to avoid integer overflow in ext/pdo_dblib/dblib_driver.c,
ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt.
- debian/patches/CVE-2024-11236-2.patch: change qcount to size_t in
order to avoid integer overflow and adding checks in
ext/pdo_firebird/firebird_driver.c.
- CVE-2024-11236
* SECURITY UPDATE: Heap buffer over-reads
- debian/patches/CVE-2024-8929.patch: fix buffer over-reads in
ext/mysqlnd/mysqlnd_ps_codec.c,
ext/mysqlnd/mysqlnd_wireprotocol.c, and create some phpt tests.
- CVE-2024-8929
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2024-8932.patch: fix OOB in access in
ldap_escape in ext/ldap/ldap.c,
ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt,
ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt.
- CVE-2024-8932
-- Leonidas Da Silva Barbosa <email address hidden> Mon, 02 Dec 2024 09:36:18 -0300
|
Source diff to previous version |
CVE-2024-11233 |
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data |
CVE-2024-11234 |
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, |
CVE-2024-11236 |
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit sy |
CVE-2024-8929 |
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of |
CVE-2024-8932 |
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit sy |
|
php8.3 (8.3.6-0ubuntu0.24.04.2) noble-security; urgency=medium
* SECURITY UPDATE: Erroneous parsing of multipart form data
- debian/patches/CVE-2024-8925.patch: limit bounday size in
main/rfc1867.c, tests/basic/*.
- CVE-2024-8925
* SECURITY UPDATE: cgi.force_redirect configuration can be bypassed due
to environment variable collision
- debian/patches/CVE-2024-8927.patch: check for REDIRECT_STATUS in
sapi/cgi/cgi_main.c.
- CVE-2024-8927
* SECURITY UPDATE: Logs from childrens may be altered
- debian/patches/CVE-2024-9026.patch: properly calculate size in
sapi/fpm/fpm/fpm_stdio.c, sapi/fpm/tests/*.
- CVE-2024-9026
-- Marc Deslauriers <email address hidden> Mon, 30 Sep 2024 11:17:17 -0400
|
Source diff to previous version |
CVE-2024-8925 |
Erroneous parsing of multipart form data |
CVE-2024-8927 |
cgi.force_redirect configuration is byppassible due to the environment variable collision |
CVE-2024-9026 |
Logs from childrens may be altered |
|
php8.3 (8.3.6-0ubuntu0.24.04.1) noble-security; urgency=medium
* SECURITY UPDATE: Invalid user information
- debian/patches/CVE-2024-5458.patch: improves filters validation
in ext/filter/logical_filters.c and adds test
in ext/filter/tests/ghsa-w8qr-v226-r27w.phpt.
- CVE-2024-5458
-- Leonidas Da Silva Barbosa <email address hidden> Thu, 13 Jun 2024 12:23:20 -0300
|
CVE-2024-5458 |
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when |
|
About
-
Send Feedback to @ubuntu_updates