diff options
Diffstat (limited to 'php.spec')
| -rw-r--r-- | php.spec | 18 |
1 files changed, 17 insertions, 1 deletions
@@ -43,7 +43,7 @@ Name: php Version: %{upver} -Release: 1.5 +Release: 1.6 Summary: PHP scripting language for creating dynamic web sites License: PHP and Zend and BSD and MIT and ASL 1.0 and NCSA LGPL-2.1+ and Apache-2.0 and Artistic-1.0-Perl URL: http://www.php.net/ @@ -106,6 +106,10 @@ Patch206: php-cve-2023-3824.patch Patch207: php-cve-2024-2756.patch Patch208: php-cve-2024-3096.patch Patch209: php-cve-2024-5458.patch +Patch210: php-cve-2024-8925.patch +Patch211: php-cve-2024-8926.patch +Patch212: php-cve-2024-8927.patch +Patch213: php-cve-2024-9026.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -1234,6 +1238,18 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || : %changelog +* Fri Sep 27 2024 Funda Wang <fundawang@yeah.net> - 7.4.33-1.6 +- Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI + CVE-2024-4577 +- Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability + CVE-2024-8926 +- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision + CVE-2024-8927 +- Fix Logs from childrens may be altered + CVE-2024-9026 +- Fix Erroneous parsing of multipart form data + CVE-2024-8925 + * Fri Jun 07 2024 Funda Wang <fundawang@yeah.net> - 7.4.33-1.4 - Fix filter bypass in filter_var FILTER_VALIDATE_URL CVE-2024-5458 |