diff options
| author | Remi Collet <remi@remirepo.net> | 2026-05-13 13:19:18 +0200 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2026-05-13 13:19:18 +0200 |
| commit | c3e3343664f8bffea4e51a6e51316d1fc74bcf54 (patch) | |
| tree | ca49e94fa308150aa428bbbbacd3eb679f97a22d /php.spec | |
| parent | 69bb2b7ce8c939bdd5cd9009bc5150506a16e2c7 (diff) | |
CVE-2026-6735
Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map
CVE-2026-6722
Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION
CVE-2026-7261
Fix Broken Apache map value NULL check
CVE-2026-7262
Fix Signed integer overflow of char array offset
CVE-2026-7568
Diffstat (limited to 'php.spec')
| -rw-r--r-- | php.spec | 24 |
1 files changed, 23 insertions, 1 deletions
@@ -128,7 +128,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: %{?scl_prefix}php Version: %{upver}%{?rcver:~%{rcver}} -Release: 19%{?dist} +Release: 20%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -225,6 +225,11 @@ Patch221: php-cve-2024-11233.patch Patch222: php-ghsa-4w77-75f9-2c8w.patch Patch223: php-cve-2024-8929.patch Patch224: php-cve-2025-14178.patch +Patch225: php-cve-2026-6722.patch +Patch226: php-cve-2026-7261.patch +Patch227: php-cve-2026-7262.patch +Patch228: php-cve-2026-6735.patch +Patch229: php-cve-2026-7568.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -1022,6 +1027,11 @@ sed -e 's/php-devel/%{?scl_prefix}php-devel/' -i scripts/phpize.in %patch -P222 -p1 -b .ghsa4w77 %patch -P223 -p1 -b .cve8929 %patch -P224 -p1 -b .cve14178 +%patch -P225 -p1 -b .cve6722 +%patch -P226 -p1 -b .cve7261 +%patch -P227 -p1 -b .cve7262 +%patch -P228 -p1 -b .cve6735 +%patch -P229 -p1 -b .cve7268 # Fixes for tests %patch -P300 -p1 -b .datetests @@ -1981,6 +1991,18 @@ EOF %changelog +* Tue May 12 2026 Remi Collet <remi@remirepo.net> - 7.3.33-20 +- Fix XSS within status endpoint + CVE-2026-6735 +- Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map + CVE-2026-6722 +- Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION + CVE-2026-7261 +- Fix Broken Apache map value NULL check + CVE-2026-7262 +- Fix Signed integer overflow of char array offset + CVE-2026-7568 + * Tue Feb 17 2026 Remi Collet <remi@remirepo.net> - 7.3.33-19 - Fix Heap buffer overflow in array_merge() CVE-2025-14178 |