UbuntuUpdates.org

Package "php8.4-sqlite3"

Name: php8.4-sqlite3

Description:

SQLite3 module for PHP
Latest version: 8.4.5-1ubuntu1.2
Release: plucky (25.04)
Level: updates
Repository: main
Head package: php8.4
Homepage: http://www.php.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "php8.4-sqlite3"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "php8.4-sqlite3" in Plucky

Repository Area Version
security main 8.4.5-1ubuntu1.2

Changelog

Version: 8.4.5-1ubuntu1.2 2026-01-12 21:08:49 UTC

  php8.4 (8.4.5-1ubuntu1.2) plucky-security; urgency=medium

  * SECURITY UPDATE: Information leak of memory in getimagesize
    - debian/patches/CVE-2025-14177.patch: fix php_read_stream_all_chunks()
      in ext/standard/image.c
    - CVE-2025-14177
  * SECURITY UPDATE: Heap buffer overflow in array_merge()
    - debian/patches/CVE-2025-14178.patch: check number of elements in
      ext/standard/array.c
    - CVE-2025-14178
  * SECURITY UPDATE: NULL pointer dereference in PDO quoting
    - debian/patches/CVE-2025-14180.patch: fix null pointer dereference in
      ext/pdo/pdo_sql_parser.re
    - CVE-2025-14180

 -- Nishit Majithia <email address hidden> Wed, 07 Jan 2026 14:13:36 +0530
Source diff to previous version
CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function m
CVE-2025-14178 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs
CVE-2025-14180 In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL

Version: 8.4.5-1ubuntu1.1 2025-07-17 21:28:17 UTC

  php8.4 (8.4.5-1ubuntu1.1) plucky-security; urgency=medium

  * SECURITY UPDATE: Null byte termination in hostnames
    - debian/patches/CVE-2025-1220.patch: check hostnames in
      ext/standard/fsock.c,
      ext/standard/tests/network/ghsa-3cr5-j632-f35r.phpt,
      ext/standard/tests/streams/ghsa-3cr5-j632-f35r.phpt,
      main/streams/xp_socket.c.
    - CVE-2025-1220
  * SECURITY UPDATE: pgsql extension does not check for errors during
    escaping
    - debian/patches/CVE-2025-1735.patch: add error checks in
      ext/pdo_pgsql/pgsql_driver.c,
      ext/pdo_pgsql/tests/ghsa-hrwm-9436-5mv3.phpt,
      ext/pgsql/pgsql.c, ext/pgsql/tests/ghsa-hrwm-9436-5mv3.phpt.
    - CVE-2025-1735
  * SECURITY UPDATE: NULL Pointer Dereference in PHP SOAP Extension via
    Large XML Namespace Prefix
    - debian/patches/CVE-2025-6491.patch: handle large names in
      ext/soap/soap.c, ext/soap/tests/soap_qname_crash.phpt.
    - CVE-2025-6491

 -- Marc Deslauriers <email address hidden> Mon, 14 Jul 2025 14:20:32 -0400
CVE-2025-1220 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation th
CVE-2025-1735 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the under
CVE-2025-6491 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly l


About   -   Send Feedback to @ubuntu_updates