automatic import of phpopeneuler22.03_LTS_SP3openeuler20.03_LTS_SP4

1 files changed, 18 insertions, 1 deletions

diff --git a/php.spec b/php.spec
index edfda6f..23e6212 100644
--- a/php.spec
+++ b/php.spec
@@ -43,7 +43,7 @@
 
 Name:          php
 Version:       %{upver}
-Release:       1.6
+Release:       1.7
 Summary:       PHP scripting language for creating dynamic web sites
 License:       PHP and Zend and BSD and MIT and ASL 1.0 and NCSA LGPL-2.1+ and Apache-2.0 and Artistic-1.0-Perl
 URL:           http://www.php.net/
@@ -110,6 +110,11 @@ Patch210: php-cve-2024-8925.patch
 Patch211: php-cve-2024-8926.patch
 Patch212: php-cve-2024-8927.patch
 Patch213: php-cve-2024-9026.patch
+Patch214: php-cve-2024-11236.patch
+Patch215: php-cve-2024-11234.patch
+Patch216: php-cve-2024-8932.patch
+Patch217: php-cve-2024-11233.patch
+Patch218: php-ghsa-4w77-75f9-2c8w.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -1238,6 +1243,18 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 
 
 %changelog
+* Sat Nov 23 2024 Funda Wang <fundawang@yeah.net> - 7.4.33-1.7
+- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
+  GHSA-4w77-75f9-2c8w
+- Fix OOB access in ldap_escape
+  CVE-2024-8932
+- Fix Integer overflow in the dblib/firebird quoter causing OOB writes
+  CVE-2024-11236
+- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
+  CVE-2024-11234
+- Fix Single byte overread with convert.quoted-printable-decode filter
+  CVE-2024-11233
+
 * Fri Sep 27 2024 Funda Wang <fundawang@yeah.net> - 7.4.33-1.6
 - Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI
   CVE-2024-4577