* SECURITY UPDATE: Heap buffer-overflow
- debian/patches/CVE-2022-4900.patch: prevent potential buffer
overflow for large valye of php_cli_server_workers_max in
sapi/cli/php_cli_server.c.
- CVE-2022-4900
* SECURITY UPDATE: Cookie by pass
- debian/patches/CVE-2024-2756.patch: adds more mangling rules
in main/php_variable.c.
- CVE-2024-2756
* SECURITY UPDATE: Account take over risk
- debian/patches/CVE-2024-3096.patch: disallow null character in bcrypt
password in ext/standard/password.c,
ext/standard/tests/password_bcrypt_errors.phpt.
- CVE-2024-3096
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 01 May 2024 07:11:33 -0300
This bug was fixed in the package php7.4 - 7.4.3-4ubuntu2.22
---------------
php7.4 (7.4.3-4ubuntu2.22) focal-security; urgency=medium
* SECURITY UPDATE: Heap buffer-overflow patches/ CVE-2022- 4900.patch: prevent potential buffer server_ workers_ max in cli/php_ cli_server. c. patches/ CVE-2024- 2756.patch: adds more mangling rules variable. c. patches/ CVE-2024- 3096.patch: disallow null character in bcrypt password. c, standard/ tests/password_ bcrypt_ errors. phpt.
- debian/
overflow for large valye of php_cli_
sapi/
- CVE-2022-4900
* SECURITY UPDATE: Cookie by pass
- debian/
in main/php_
- CVE-2024-2756
* SECURITY UPDATE: Account take over risk
- debian/
password in ext/standard/
ext/
- CVE-2024-3096
-- Leonidas Da Silva Barbosa <email address hidden> Wed, 01 May 2024 07:11:33 -0300