Merge php 8.1.7 from Debian unstable
Bug #1983285 reported by
Athos Ribeiro
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php8.1 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
We already merged PHP for this cycle, but there is a new version available in unstable. Let's merge this one to avoid long gaps with Debian.
This should also fix LP: #1983205
CVE References
description: | updated |
To post a comment you must log in.
This bug was fixed in the package php8.1 - 8.1.7-1ubuntu1
---------------
php8.1 (8.1.7-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1983285, #1983205). Remaining changes: patches/ CVE-2022- 31627.patch: use the same memory allocator in
ext/fileinfo/ libmagic. patch, ext/fileinfo/ libmagic/ softmagic. c,
ext/fileinfo/ tests/bug81723.phpt. Update- gcc-func- attr-macro. patch: fix detection of unknown gcc Fix-ssl3- unexpected- eof.patch: fix OpenSSL3 related patches/ CVE-2022- 31625.patch: don't free parameters which
ext/pgsql/ tests/bug81720.phpt. patches/ CVE-20022- 31626.patch: properly calculate size in
ext/mysqlnd/ mysqlnd_ wireprotocol. c.
- Force upgrade from earlier mod-php's to version 8.1 (LP #1890263):
+ d/control: add transitional packages and Breaks/Replaces.
+ d/rules: exclude transitional packages in dh_install.
- d/rules: Don't fill up build log with pedantic warnings.
- d/rules: document garbage collection in ini files. (LP #1772915)
- SECURITY UPDATE: Memory corruption in libmagic
+ debian/
+ CVE-2022-31627
* Dropped changes:
- d/p/0046-
function attributes. (LP #1882279)
[ Fixed in 8.1.7-1 ]
- d/p/0047-
unexpected EOF failure. (LP #1975626)
[ Fixed in 8.1.7-1 ]
- SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
+ debian/
haven't initialized yet in ext/pgsql/pgsql.c,
+ CVE-2022-31625
[ Fixed in 8.1.7-1 ]
- SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
+ debian/
+ CVE-2022-31626
[ Fixed in 8.1.7-1 ]
-- Athos Ribeiro <email address hidden> Mon, 01 Aug 2022 17:04:27 -0300