rpms/scl-php71/php.git, branch master The master git repository for php RPM Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface 2024-11-26T11:04:31+00:00 Remi Collet remi@remirepo.net 2024-11-26T11:04:31+00:00 e78fd22632c92dbb1c01dc16797eead09f2affd9 GHSA-4w77-75f9-2c8w Fix OOB access in ldap_escape CVE-2024-8932 Fix Integer overflow in the dblib/firebird quoter causing OOB writes CVE-2024-11236 Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 
  GHSA-4w77-75f9-2c8w
Fix OOB access in ldap_escape
  CVE-2024-8932
Fix Integer overflow in the dblib/firebird quoter causing OOB writes
  CVE-2024-11236
Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
  CVE-2024-11234
Fix Single byte overread with convert.quoted-printable-decode filter
  CVE-2024-11233
Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI 2024-09-27T07:16:21+00:00 Remi Collet remi@remirepo.net 2024-09-27T07:16:21+00:00 0a7d8ea9433e5dfe45c285961e3780de7a5625b2 CVE-2024-4577 Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability CVE-2024-8926 Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 Fix Erroneous parsing of multipart form data CVE-2024-8925 
  CVE-2024-4577
Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
  CVE-2024-8926
Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
  CVE-2024-8927
Fix Erroneous parsing of multipart form data
  CVE-2024-8925
use oracle client library version 23.5 on x86_64 2024-07-31T09:10:16+00:00 Remi Collet remi@remirepo.net 2024-07-31T09:10:16+00:00 7ed85155fa41ddaeaea2ce2d7fa3125be6dc5e66 






Fix filter bypass in filter_var FILTER_VALIDATE_URL
2024-06-05T07:29:51+00:00

Remi Collet
remi@remirepo.net

2024-06-05T07:29:51+00:00

9b00dbce376f61fb3c4851d3c003c3345023da23

  CVE-2024-5458





  CVE-2024-5458







use oracle client library version 21.13 on x86_64, 19.19 on aarch64
2024-04-10T12:33:08+00:00

Remi Collet
remi@remirepo.net

2024-04-10T12:33:08+00:00

7d6d185e42d3bdeeffbc8d5b6837ef3b1459beef

Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096





Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096







use official Oracle Instant Client RPM
2023-09-22T08:26:21+00:00

Remi Collet
remi@remirepo.net

2023-09-22T08:26:21+00:00

0d1c7585332c58bde922f257b952283aabca1e9d












Fix Security issue with external entity loading in XML without enabling it
2023-08-01T14:31:52+00:00

Remi Collet
remi@remirepo.net

2023-08-01T14:31:52+00:00

c262fe02b6293bdce558e1b07f94973fad80c2a6

  GHSA-3qrf-m4j2-pcrr CVE-2023-3823
Fix Buffer mismanagement in phar_dir_read()
  GHSA-jqcx-ccgc-xwhv CVE-2023-3824
move httpd/nginx wants directive to config files in /etc





  GHSA-3qrf-m4j2-pcrr CVE-2023-3823
Fix Buffer mismanagement in phar_dir_read()
  GHSA-jqcx-ccgc-xwhv CVE-2023-3824
move httpd/nginx wants directive to config files in /etc







fix possible buffer overflow in date
2023-06-21T08:35:54+00:00

Remi Collet
remi@remirepo.net

2023-06-21T08:35:54+00:00

9cce51403ccd8617d6348a15ca8642bcd76cc6ce

define %php71___phpize and %php71___phpconfig





define %php71___phpize and %php71___phpconfig







Fix Missing error check and insufficient random bytes in HTTP Digest
2023-06-07T10:00:02+00:00

Remi Collet
remi@remirepo.net

2023-06-07T10:00:02+00:00

f4871e69a193dd95dc9814dd01a82f433e8eead0

  authentication for SOAP
  GHSA-76gg-c692-v2mw
use oracle client library version 21.10





  authentication for SOAP
  GHSA-76gg-c692-v2mw
use oracle client library version 21.10







fix #81744: Password_verify() always return true with some hash
2023-02-15T09:38:19+00:00

Remi Collet
remi@remirepo.net

2023-02-15T09:38:19+00:00

a3a86755b6862c0d12ffde785217e0840ba14e4d

  CVE-2023-0567
fix #81746: 1-byte array overrun in common path resolve code
  CVE-2023-0568
fix DOS vulnerability when parsing multipart request body
  CVE-2023-0662





  CVE-2023-0567
fix #81746: 1-byte array overrun in common path resolve code
  CVE-2023-0568
fix DOS vulnerability when parsing multipart request body
  CVE-2023-0662