Ubuntu
php7.0 package

[MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3

Bug #1744148 reported by Simon Déziel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php7.0 (Ubuntu)
Invalid
Undecided
Unassigned
Xenial
Fix Released
Wishlist
Marc Deslauriers
php7.1 (Ubuntu)
Invalid
Undecided
Unassigned
Artful
Fix Released
Undecided
Marc Deslauriers
php7.2 (Ubuntu)
Fix Released
Undecided
Nish Aravamudan

Bug Description

Upstream has put out many more microversions addressing security issues and other bug fixes. Here is a list of the CVEs addressed by those:

PHP 7.0.26 (23 Nov 2017):

* No CVE addressed

PHP 7.0.27 / 7.1.13 (04 Jan 2018):

* https://bugs.php.net/bug.php?id=64938 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8866
* https://bugs.php.net/bug.php?id=75571 / http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5711
* https://bugs.php.net/bug.php?id=74782 / http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5712

PHP 7.1.12 (23 Nov 2017):

* No CVE addressed

PHP 7.1.14 (01 Feb 2018):

* No CVE addressed

PHP 7.0.28 / 7.1.15 / 7.2.3 (01 Mar 2018):

* https://bugs.php.net/bug.php?id=75981 / https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7584

Changelog: https://secure.php.net/ChangeLog-7.php

See original description
Nish Aravamudan (nacc)
Changed in php7.0 (Ubuntu):
status: New → Confirmed
importance: Undecided → Wishlist
assignee: nobody → Nish Aravamudan (nacc)
status: Confirmed → Invalid
Changed in php7.0 (Ubuntu Xenial):
status: New → Confirmed
importance: Undecided → Wishlist
assignee: nobody → Nish Aravamudan (nacc)
Changed in php7.0 (Ubuntu):
assignee: Nish Aravamudan (nacc) → nobody
importance: Wishlist → Undecided
Nish Aravamudan (nacc)
Changed in php7.0 (Ubuntu Xenial):
status: Confirmed → In Progress
Simon Déziel (sdeziel)
summary: - [MRE] Please update to latest upstream release 7.0.27
+ [MRE] Please update to latest upstream release 7.0.28
description: updated
Simon Déziel (sdeziel)
summary: - [MRE] Please update to latest upstream release 7.0.28
+ [MRE] Please update to latest upstream release 7.0.28 / 7.1.15 / 7.2.3
description: updated
no longer affects: php7.1 (Ubuntu Xenial)
no longer affects: php7.1 (Ubuntu)
Nish Aravamudan (nacc)
no longer affects: php7.0 (Ubuntu Artful)
Changed in php7.1 (Ubuntu):
status: New → Invalid
Changed in php7.1 (Ubuntu Artful):
status: New → In Progress
assignee: nobody → Nish Aravamudan (nacc)
Changed in php7.2 (Ubuntu):
status: New → In Progress
assignee: nobody → Nish Aravamudan (nacc)
Nish Aravamudan (nacc)
Changed in php7.2 (Ubuntu):
status: In Progress → Fix Committed
Revision history for this message
Nish Aravamudan (nacc) wrote :
Revision history for this message
Nish Aravamudan (nacc) wrote :
Revision history for this message
Nish Aravamudan (nacc) wrote :
Revision history for this message
Nish Aravamudan (nacc) wrote :
Revision history for this message
Nish Aravamudan (nacc) wrote :

@Marc: php7.0/7.1 is ready to sponsor into xenial-security (and -updates). You should only need to do some changelog mangling to match the security team's format, and a `uscan` to grab the orig tarball from upstream.

Changed in php7.0 (Ubuntu Xenial):
assignee: Nish Aravamudan (nacc) → Marc Deslauriers (mdeslaur)
Changed in php7.1 (Ubuntu Artful):
assignee: Nish Aravamudan (nacc) → Marc Deslauriers (mdeslaur)
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php7.2 - 7.2.3-1ubuntu1

---------------
php7.2 (7.2.3-1ubuntu1) bionic; urgency=medium

  * Merge with Debian unstable (LP: #1744148). Remaining changes:
    - Drop dh-php from Recommends to Suggests so it can be demoted to
      universe as it depends on xml2/universe.

php7.2 (7.2.3-1) unstable; urgency=medium

  * New upstream version 7.2.3
  * Rebase patches on top of new upstream release.

php7.2 (7.2.2-3) unstable; urgency=medium

  * Add explicit libpcre3 >= 2:8.35 dependency as dh_genshlibs is failing
    to add versioned dependency for some reason.

php7.2 (7.2.2-2) unstable; urgency=medium

  * Remove explicit libpcre3 dependency and let dh_genshlibs do its magic

 -- Nishanth Aravamudan <email address hidden> Wed, 14 Mar 2018 15:03:58 -0700

Changed in php7.2 (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php7.1 - 7.1.15-0ubuntu0.17.10.1

---------------
php7.1 (7.1.15-0ubuntu0.17.10.1) artful-security; urgency=medium

  * New upstream release (7.1.15)
    - LP: #1744148
    - Refresh patches.
    - CVE-2018-5712
    - CVE-2018-7584

 -- Nishanth Aravamudan <email address hidden> Wed, 14 Mar 2018 15:30:42 -0700

Changed in php7.1 (Ubuntu Artful):
status: In Progress → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php7.0 - 7.0.28-0ubuntu0.16.04.1

---------------
php7.0 (7.0.28-0ubuntu0.16.04.1) xenial-security; urgency=medium

  * New upstream release (7.0.28)
    - LP: #1744148
    - CVE-2018-5712
    - CVE-2018-7584

 -- Nishanth Aravamudan <email address hidden> Wed, 14 Mar 2018 15:22:51 -0700

Changed in php7.0 (Ubuntu Xenial):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.