From 485e1dba324f107e4462247b54d8f135b2b34d96 Mon Sep 17 00:00:00 2001
From: CoprDistGit <infra@openeuler.org>
Date: Thu, 11 Apr 2024 11:07:05 +0000
Subject: automatic import of php

---
 php.spec | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

(limited to 'php.spec')

diff --git a/php.spec b/php.spec
index b96af9c..08e3fad 100644
--- a/php.spec
+++ b/php.spec
@@ -43,7 +43,7 @@
 
 Name:          php
 Version:       %{upver}
-Release:       1.1
+Release:       1.2
 Summary:       PHP scripting language for creating dynamic web sites
 License:       PHP and Zend and BSD and MIT and ASL 1.0 and NCSA LGPL-2.1+ and Apache-2.0 and Artistic-1.0-Perl
 URL:           http://www.php.net/
@@ -103,6 +103,8 @@ Patch203: php-cve-2023-0662.patch
 Patch204: php-cve-2023-3247.patch
 Patch205: php-cve-2023-3823.patch
 Patch206: php-cve-2023-3824.patch
+Patch207: php-cve-2024-2756.patch
+Patch208: php-cve-2024-3096.patch
 
 # Fixes for tests (300+)
 # Factory is droped from system tzdata
@@ -1231,6 +1233,13 @@ systemctl try-restart php-fpm.service >/dev/null 2>&1 || :
 
 
 %changelog
+* Thu Apr 11 2024 Fund Wang <fundawang@yeah.net> - 7.4.33-1.2
+- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
+  CVE-2024-2756
+- Fix password_verify can erroneously return true opening ATO risk
+  CVE-2024-3096
+
+
 * Fri Aug 18 2023 Fund Wang <fundawang@yeah.net> - 7.4.33-1
 - New version 7.4.33
 
-- 
cgit v1.2.3