please update to latest upstream release 7.0.24
Bug #1721607 reported by
Steven Lindsey
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php7.0 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Zesty |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
There are serious vulnerabilties in php7.0.22, which is what is currently considered up to date.
There is a patched version at
https:/
Is there a reason not to make it the current version?
CVE References
Changed in php7.0 (Ubuntu Zesty): | |
status: | Fix Committed → Fix Released |
Changed in php7.0 (Ubuntu): | |
status: | Incomplete → Fix Released |
To post a comment you must log in.
Hello and thanks for the bug report!
We typically backport individual security fixes rather than bringing in new upstream releases. See this FAQ entry for more information:
https:/ /wiki.ubuntu. com/SecurityTea m/FAQ#Versions
Can you give a list of CVEs that were fixed by the PHP 7.0.22 and/or 7.0.24 releases? It isn't clear to me from the changelogs:
http:// www.php. net/ChangeLog- 7.php#7. 0.22 www.php. net/ChangeLog- 7.php#7. 0.24
http://
Please update the bug status to "NEW" if you're able to list CVEs that were fixed.