This bug was fixed in the package php7.4 - 7.4.3-4ubuntu2.4
--------------- php7.4 (7.4.3-4ubuntu2.4) focal-security; urgency=medium
* SECURITY UPDATE: Incorrect encryption data - debian/patches/CVE-2020-7069.patch: fix wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV in ext/openssl/openssl.c, ext/openssl/tests/cipher_tests.inc, ext/openssl/openssl_*_ccm.phpt. - CVE-2020-7069 * SECURITY UPDATE: Possibly forge cookie - debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt, tests/basic/bug79699.phpt. - CVE-2020-7070
-- <email address hidden> (Leonidas S. Barbosa) Tue, 06 Oct 2020 12:47:56 -0300
This bug was fixed in the package php7.4 - 7.4.3-4ubuntu2.4
---------------
php7.4 (7.4.3-4ubuntu2.4) focal-security; urgency=medium
* SECURITY UPDATE: Incorrect encryption data patches/ CVE-2020- 7069.patch: fix wrong ciphertext/tag openssl. c, openssl/ tests/cipher_ tests.inc, ext/openssl/ openssl_ *_ccm.phpt. patches/ CVE-2020- 7070.patch: do not decode cookie names anymore variables. c, tests/basic/ 022.phpt, tests/basic/ 023.phpt,
- debian/
in AES-CCM encryption for a 12 bytes IV in ext/openssl/
ext/
- CVE-2020-7069
* SECURITY UPDATE: Possibly forge cookie
- debian/
in main/php_
tests/basic/bug79699.phpt.
- CVE-2020-7070
-- <email address hidden> (Leonidas S. Barbosa) Tue, 06 Oct 2020 12:47:56 -0300