diff options
| author | Remi Collet <remi@remirepo.net> | 2026-05-13 13:19:04 +0200 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2026-05-13 13:19:04 +0200 |
| commit | 49e30ac8f208b89b4131e537f8afe6f2114f5da1 (patch) | |
| tree | bce26ce39655cb77bdbc5407c7e05673e699ae90 /php.spec | |
| parent | df9a0dfee3c4e5f4b1fb8aed3e22455c4cb7a548 (diff) | |
CVE-2026-6735
Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map
CVE-2026-6722
Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION
CVE-2026-7261
Fix Broken Apache map value NULL check
CVE-2026-7262
Fix Signed integer overflow of char array offset
CVE-2026-7568
Diffstat (limited to 'php.spec')
| -rw-r--r-- | php.spec | 24 |
1 files changed, 23 insertions, 1 deletions
@@ -128,7 +128,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 26%{?dist} +Release: 27%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -226,6 +226,11 @@ Patch228: php-cve-2024-8932.patch Patch229: php-cve-2024-11233.patch Patch230: php-ghsa-4w77-75f9-2c8w.patch Patch231: php-cve-2025-14178.patch +Patch232: php-cve-2026-6722.patch +Patch233: php-cve-2026-7261.patch +Patch234: php-cve-2026-7262.patch +Patch235: php-cve-2026-6735.patch +Patch236: php-cve-2026-7568.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -1015,6 +1020,11 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in %patch -P229 -p1 -b .cve11233 %patch -P230 -p1 -b .ghsa4w77 %patch -P231 -p1 -b .cve14178 +%patch -P232 -p1 -b .cve6722 +%patch -P233 -p1 -b .cve7261 +%patch -P234 -p1 -b .cve7262 +%patch -P235 -p1 -b .cve6735 +%patch -P236 -p1 -b .cve7268 # Fixes for tests %patch -P300 -p1 -b .datetests @@ -1985,6 +1995,18 @@ EOF %changelog +* Tue May 12 2026 Remi Collet <remi@remirepo.net> - 7.2.34-27 +- Fix XSS within status endpoint + CVE-2026-6735 +- Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map + CVE-2026-6722 +- Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION + CVE-2026-7261 +- Fix Broken Apache map value NULL check + CVE-2026-7262 +- Fix Signed integer overflow of char array offset + CVE-2026-7568 + * Tue Feb 17 2026 Remi Collet <remi@remirepo.net> - 7.2.34-26 - Fix Heap buffer overflow in array_merge() CVE-2025-14178 |