automatic import of php

author: CoprDistGit <infra@openeuler.org> 2024-04-11 11:07:05 +0000
committer: CoprDistGit <infra@openeuler.org> 2024-04-11 11:07:05 +0000
commit: 38c580c665444de96c55fa3ea7ffd73617ddf5a9 (patch)
tree: ea7ddfc2d3c5ce47596d9c706481e6e5d3521181 /php.spec
parent: bd844fa554d0ba579aa1880681a50f7bc00ddb72 (diff)
1 files changed, 10 insertions, 1 deletions
diff --git a/php.spec b/php.spec
index b96af9c..08e3fad 100644
--- a/php.spec
+++ b/php.spec
@@ -43,7 +43,7 @@
 
 Name:          php
 Version:       %{upver}
-Release:       1.1
+Release:       1.2
 Summary:       PHP scripting language for creating dynamic web sites
 License:       PHP and Zend and BSD and MIT and ASL 1.0 and NCSA LGPL-2.1+ and Apache-2.0 and Artistic-1.0-Perl
 URL:           http://www.php.net/
@@ -103,6 +103,8 @@ Patch203: php-cve-2023-0662.patch
 Patch204: php-cve-2023-3247.patch
 Patch205: php-cve-2023-3823.patch
 Patch206: php-cve-2023-3824.patch
+Patch207: php-cve-2024-2756.patch
+Patch208: php-cve-2024-3096.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -1231,6 +1233,13 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 
 
 %changelog
+* Thu Apr 11 2024 Fund Wang <fundawang@yeah.net> - 7.4.33-1.2
+- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
+  CVE-2024-2756
+- Fix password_verify can erroneously return true opening ATO risk
+  CVE-2024-3096
+
+
 * Fri Aug 18 2023 Fund Wang <fundawang@yeah.net> - 7.4.33-1
 - New version 7.4.33
author	CoprDistGit <infra@openeuler.org>	2024-04-11 11:07:05 +0000
committer	CoprDistGit <infra@openeuler.org>	2024-04-11 11:07:05 +0000
commit	38c580c665444de96c55fa3ea7ffd73617ddf5a9 (patch)
tree	ea7ddfc2d3c5ce47596d9c706481e6e5d3521181 /php.spec
parent	bd844fa554d0ba579aa1880681a50f7bc00ddb72 (diff)