This bug was fixed in the package php8.1 - 8.1.7-1ubuntu1
--------------- php8.1 (8.1.7-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1983285, #1983205). Remaining changes: - Force upgrade from earlier mod-php's to version 8.1 (LP #1890263): + d/control: add transitional packages and Breaks/Replaces. + d/rules: exclude transitional packages in dh_install. - d/rules: Don't fill up build log with pedantic warnings. - d/rules: document garbage collection in ini files. (LP #1772915) - SECURITY UPDATE: Memory corruption in libmagic + debian/patches/CVE-2022-31627.patch: use the same memory allocator in ext/fileinfo/libmagic.patch, ext/fileinfo/libmagic/softmagic.c, ext/fileinfo/tests/bug81723.phpt. + CVE-2022-31627 * Dropped changes: - d/p/0046-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc function attributes. (LP #1882279) [ Fixed in 8.1.7-1 ] - d/p/0047-Fix-ssl3-unexpected-eof.patch: fix OpenSSL3 related unexpected EOF failure. (LP #1975626) [ Fixed in 8.1.7-1 ] - SECURITY UPDATE: RCE via Uninitialized array in pg_query_params() + debian/patches/CVE-2022-31625.patch: don't free parameters which haven't initialized yet in ext/pgsql/pgsql.c, ext/pgsql/tests/bug81720.phpt. + CVE-2022-31625 [ Fixed in 8.1.7-1 ] - SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow + debian/patches/CVE-20022-31626.patch: properly calculate size in ext/mysqlnd/mysqlnd_wireprotocol.c. + CVE-2022-31626 [ Fixed in 8.1.7-1 ]
-- Athos Ribeiro <email address hidden> Mon, 01 Aug 2022 17:04:27 -0300
This bug was fixed in the package php8.1 - 8.1.7-1ubuntu1
---------------
php8.1 (8.1.7-1ubuntu1) kinetic; urgency=medium
* Merge with Debian unstable (LP: #1983285, #1983205). Remaining changes: patches/ CVE-2022- 31627.patch: use the same memory allocator in
ext/fileinfo/ libmagic. patch, ext/fileinfo/ libmagic/ softmagic. c,
ext/fileinfo/ tests/bug81723.phpt. Update- gcc-func- attr-macro. patch: fix detection of unknown gcc Fix-ssl3- unexpected- eof.patch: fix OpenSSL3 related patches/ CVE-2022- 31625.patch: don't free parameters which
ext/pgsql/ tests/bug81720.phpt. patches/ CVE-20022- 31626.patch: properly calculate size in
ext/mysqlnd/ mysqlnd_ wireprotocol. c.
- Force upgrade from earlier mod-php's to version 8.1 (LP #1890263):
+ d/control: add transitional packages and Breaks/Replaces.
+ d/rules: exclude transitional packages in dh_install.
- d/rules: Don't fill up build log with pedantic warnings.
- d/rules: document garbage collection in ini files. (LP #1772915)
- SECURITY UPDATE: Memory corruption in libmagic
+ debian/
+ CVE-2022-31627
* Dropped changes:
- d/p/0046-
function attributes. (LP #1882279)
[ Fixed in 8.1.7-1 ]
- d/p/0047-
unexpected EOF failure. (LP #1975626)
[ Fixed in 8.1.7-1 ]
- SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
+ debian/
haven't initialized yet in ext/pgsql/pgsql.c,
+ CVE-2022-31625
[ Fixed in 8.1.7-1 ]
- SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
+ debian/
+ CVE-2022-31626
[ Fixed in 8.1.7-1 ]
-- Athos Ribeiro <email address hidden> Mon, 01 Aug 2022 17:04:27 -0300