diff options
author | Remi Collet <remi@remirepo.net> | 2024-09-26 16:59:43 +0200 |
---|---|---|
committer | Remi Collet <remi@php.net> | 2024-09-26 16:59:43 +0200 |
commit | 56699414f3808502aa299e7f8c78015c801455fa (patch) | |
tree | aa47fee35c58dbd55f48202f05643dd45d271dd0 /php74.spec | |
parent | 11cdddba8b85449e00369f581a9d535bd42b3fe2 (diff) |
Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI
CVE-2024-4577
Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
CVE-2024-8926
Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
CVE-2024-8927
Fix Logs from childrens may be altered
CVE-2024-9026
Fix Erroneous parsing of multipart form data
CVE-2024-8925
use ICU 74.2
Diffstat (limited to 'php74.spec')
-rw-r--r-- | php74.spec | 29 |
1 files changed, 25 insertions, 4 deletions
@@ -111,7 +111,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 17%{?dist} +Release: 18%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -188,6 +188,10 @@ Patch206: php-cve-2023-3824.patch Patch207: php-cve-2024-2756.patch Patch208: php-cve-2024-3096.patch Patch209: php-cve-2024-5458.patch +Patch210: php-cve-2024-8925.patch +Patch211: php-cve-2024-8926.patch +Patch212: php-cve-2024-8927.patch +Patch213: php-cve-2024-9026.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -1038,9 +1042,9 @@ Group: System Environment/Libraries # All files licensed under PHP version 3.01 License: PHP Requires: php-common%{?_isa} = %{version}-%{release} -BuildRequires: pkgconfig(icu-i18n) >= 73 -BuildRequires: pkgconfig(icu-io) >= 73 -BuildRequires: pkgconfig(icu-uc) >= 73 +BuildRequires: pkgconfig(icu-i18n) >= 74 +BuildRequires: pkgconfig(icu-io) >= 74 +BuildRequires: pkgconfig(icu-uc) >= 74 %if 0%{?rhel} == 7 Obsoletes: php53-intl, php53u-intl, php54-intl, php54w-intl, php55u-intl, php55w-intl, php56u-intl, php56w-intl Obsoletes: php70u-intl, php70w-intl, php71u-intl, php71w-intl, php72u-intl, php72w-intl @@ -1209,6 +1213,10 @@ rm ext/openssl/tests/p12_with_extra_certs.p12 %patch -P207 -p1 -b .cve2756 %patch -P208 -p1 -b .cve3096 %patch -P209 -p1 -b .cve5458 +%patch -P210 -p1 -b .cve8925 +%patch -P211 -p1 -b .cve8926 +%patch -P212 -p1 -b .cve8927 +%patch -P213 -p1 -b .cve9026 # Fixes for tests related to tzdata %patch -P300 -p1 -b .datetests @@ -2228,6 +2236,19 @@ EOF %changelog +* Thu Sep 26 2024 Remi Collet <remi@remirepo.net> - 7.4.33-18 +- Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI + CVE-2024-4577 +- Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability + CVE-2024-8926 +- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision + CVE-2024-8927 +- Fix Logs from childrens may be altered + CVE-2024-9026 +- Fix Erroneous parsing of multipart form data + CVE-2024-8925 +- use ICU 74.2 + * Mon Aug 26 2024 Remi Collet <remi@remirepo.net> - 7.4.33-17 - add backport for https://bugs.php.net/79589 error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading |