Package "php8.4"
| Name: |
php8.4
|
Description: |
This package is just an umbrella for a group of other packages,
it has no description.
Description samples from packages in group:
- HTML-embedded scripting language (Embedded SAPI library)
- Bcmath module for PHP
- bzip2 module for PHP
- DBA module for PHP
|
| Latest version: |
8.4.5-1ubuntu1.1 |
| Release: |
plucky (25.04) |
| Level: |
security |
| Repository: |
universe |
Links
Other versions of "php8.4" in Plucky
Packages in group
Deleted packages are displayed in grey.
Changelog
|
php8.4 (8.4.5-1ubuntu1.1) plucky-security; urgency=medium
* SECURITY UPDATE: Null byte termination in hostnames
- debian/patches/CVE-2025-1220.patch: check hostnames in
ext/standard/fsock.c,
ext/standard/tests/network/ghsa-3cr5-j632-f35r.phpt,
ext/standard/tests/streams/ghsa-3cr5-j632-f35r.phpt,
main/streams/xp_socket.c.
- CVE-2025-1220
* SECURITY UPDATE: pgsql extension does not check for errors during
escaping
- debian/patches/CVE-2025-1735.patch: add error checks in
ext/pdo_pgsql/pgsql_driver.c,
ext/pdo_pgsql/tests/ghsa-hrwm-9436-5mv3.phpt,
ext/pgsql/pgsql.c, ext/pgsql/tests/ghsa-hrwm-9436-5mv3.phpt.
- CVE-2025-1735
* SECURITY UPDATE: NULL Pointer Dereference in PHP SOAP Extension via
Large XML Namespace Prefix
- debian/patches/CVE-2025-6491.patch: handle large names in
ext/soap/soap.c, ext/soap/tests/soap_qname_crash.phpt.
- CVE-2025-6491
-- Marc Deslauriers <email address hidden> Mon, 14 Jul 2025 14:20:32 -0400
|
| CVE-2025-1220 |
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation th |
| CVE-2025-1735 |
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the under |
| CVE-2025-6491 |
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly l |
|
About
-
Send Feedback to @ubuntu_updates
