Package "php7.0-mysql"
Name: |
php7.0-mysql
|
Description: |
MySQL module for PHP
|
Latest version: |
7.0.33-0ubuntu0.16.04.16 |
Release: |
xenial (16.04) |
Level: |
security |
Repository: |
main |
Head package: |
php7.0 |
Homepage: |
http://www.php.net/ |
Links
Download "php7.0-mysql"
Other versions of "php7.0-mysql" in Xenial
Changelog
php7.0 (7.0.33-0ubuntu0.16.04.16) xenial-security; urgency=medium
* SECURITY UPDATE: Possibly forge cookie
- debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore
in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt,
tests/basic/bug79699.phpt.
- CVE-2020-7070
-- <email address hidden> (Leonidas S. Barbosa) Wed, 07 Oct 2020 14:47:16 -0300
|
Source diff to previous version |
CVE-2020-7070 |
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names a |
|
php7.0 (7.0.33-0ubuntu0.16.04.15) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service through oversized memory allocated
- debian/patches/CVE-2019-11048.patch: changes types int to size_t
in main/rfc1867.c.
- CVE-2019-11048
-- <email address hidden> (Leonidas S. Barbosa) Tue, 26 May 2020 10:52:55 -0300
|
Source diff to previous version |
CVE-2019-11048 |
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or |
|
php7.0 (7.0.33-0ubuntu0.16.04.14) xenial-security; urgency=medium
* SECURITY UDPATE: Null dereference pointer
- debian/patches/CVE-2020-7062.patch: avoid null dereference in
ext/session/session.c, ext/session/tests/bug79221.phpt.
- CVE-2020-7062
* SECURITY UPDATE: Lax permissions on files added to tar with Phar
- debian/patches/CVE-2020-7063.patch: enforce correct permissions
for files add to tar with Phar in ext/phar/phar_object.c,
ext/phar/tests/bug79082.phpt, ext/phar/tests/test79082*.
- CVE-2020-7063
* SECURITY UPDATE: Read one byte of uninitialized memory
- debian/patches/CVE-2020-7064.patch: check length in
exif_process_TIFF_in_JPEG to avoid read uninitialized memory
ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
- debian/patches/0001-Fix-test-bug79282.patch: fix test in
ext/exif/tests/bug79282.phpt.
- CVE-2020-7064
* SECURITY UPDATE: Truncated url due \0
- debian/patches/CVE-2020-7066.patch: check for get_headers
not accepting \0 in ext/standard/url.c.
- CVE-2020-7066
-- <email address hidden> (Leonidas S. Barbosa) Thu, 09 Apr 2020 11:27:04 -0300
|
Source diff to previous version |
CVE-2020-7062 |
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is en |
CVE-2020-7063 |
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function |
CVE-2020-7064 |
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible |
CVE-2020-7066 |
In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user-supplied URL, if the URL contains z |
|
php7.0 (7.0.33-0ubuntu0.16.04.12) xenial-security; urgency=medium
* SECURITY REGRESSION: fpm patch for CVE-2015-9253
caused a regression OOM
- removing CVE-2015-9253.patch.
-- <email address hidden> (Leonidas S. Barbosa) Wed, 19 Feb 2020 10:47:31 -0300
|
Source diff to previous version |
CVE-2015-9253 |
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process i |
|
php7.0 (7.0.33-0ubuntu0.16.04.11) xenial-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2015-9253.patch: directly listen
on socket, instead duping it to STDIN in
sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm_stdio.c,
and added tests to sapi/fpm/tests/bug73342-nonblocking-stdio.phpt.
- CVE-2015-9253
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2020-7059.patch: fix OOB read in
php_strip_tags_ex in ext/standard/string.c and added test
ext/standard/tests/file/bug79099.phpt.
- CVE-2020-7059
* SECURITY UPDATE: Buffer-overflow
- debian/patches/CVE-2020-7060.patch: fix adding a check function
is_in_cp950_pua in ext/mbstring/libmbfl/filters/mbfilter_big5.c
and added test ext/mbstring/tests/bug79037.phpt.
- CVE-2020-7060
-- <email address hidden> (Leonidas S. Barbosa) Tue, 11 Feb 2020 12:42:36 -0300
|
CVE-2015-9253 |
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process i |
CVE-2020-7059 |
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is pos |
CVE-2020-7060 |
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it |
|
About
-
Send Feedback to @ubuntu_updates