Ubuntu
php8.1 package

Change log for php8.1 package in Ubuntu

146 of 46 results FirstPreviousNextLast
Published in jammy-updates
Published in jammy-security 
php8.1 (8.1.2-1ubuntu2.18) jammy-security; urgency=medium

  * SECURITY UPDATE: Invalid user information
    - debian/patches/CVE-2024-5458.patch: improves filters validation
      in ext/filter/logical_filters.c and adds test
      in ext/filter/tests/ghsa-w8qr-v226-r27w.phpt.
    - CVE-2024-5458

 -- Leonidas Da Silva Barbosa <email address hidden>  Fri, 14 Jun 2024 12:52:55 -0300
Superseded in jammy-updates
Superseded in jammy-security 
php8.1 (8.1.2-1ubuntu2.17) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap buffer-overflow
    - debian/patches/CVE-2022-4900.patch: prevent potential buffer
      overflow for large valye of php_cli_server_workers_max in
      sapi/cli/php_cli_server.c.
    - CVE-2022-4900
  * SECURITY UPDATE: Cookie by pass
    - debian/patches/CVE-2024-2756.patch: adds more mangling rules
      in main/php_variable.c.
    - CVE-2024-2756
  * SECURITY UPDATE: Account take over risk
    - debian/patches/CVE-2024-3096.patch: disallow null character in bcrypt
      password in ext/standard/password.c,
      ext/standard/tests/password_bcrypt_errors.phpt.
    - CVE-2024-3096

 -- Leonidas Da Silva Barbosa <email address hidden>  Wed, 01 May 2024 07:10:07 -0300
Deleted in jammy-proposed (Reason: moved to -updates) 
php8.1 (8.1.2-1ubuntu2.16) jammy; urgency=medium

  * d/p/fix-segfault-in-fpm_status_export_to_zval.patch: fix
    segmentation fault in fpm_status_export_to_zval. (LP: #2057576)

 -- Athos Ribeiro <email address hidden>  Wed, 10 Apr 2024 08:54:30 -0300
Superseded in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates) 
php8.1 (8.1.2-1ubuntu2.15) jammy; urgency=medium

  * d/p/fix-attribute-instantion-dangling-pointer.patch: Fix sigsegv from
    dangling pointer on attribute observer. (LP: #2054621)
  * d/p/fix-attribute-instantion-memory-overflow-recovery.patch: Fix sigsegv
    during memory overflow recovery on attribute observer.

 -- Brian Morton <email address hidden>  Fri, 23 Feb 2024 12:26:53 -0500
Published in lunar-updates
Published in lunar-security 
php8.1 (8.1.12-1ubuntu4.3) lunar-security; urgency=medium

  * SECURITY UPDATE: Disclosure sensitive information
    - debian/patches/CVE-2023-3823.patch: sanitieze libxml2 globals
      before parsing in ext/dom/document.c, ext/dom/documentfragment.c,
      xml_global_state_entity_loader_bypass.phpt, ext/libxml/php_libxml.h,
      ext/simplexml/simplexml.c, xml_global_state_entity_loader_bypass.phpt,
      ext/soap/php_xml.c, ext/xml/compat.c, ext/xmlreader/php_xmlreader.c,
      xml_global_state_entity_loader_bypass.phpt, ext/xsl/xsltprocessor.c,
      ext/zend_test/test.c, ext/zend_test/test.stub.php.
    - CVE-2023-3823
  * SECURITY UPDATE: Stack buffer overflow
    - debian/patches/CVE-2023-3824.patch: fix buffer mismanagement in
      phar_dir_read(), and in files ext/phar/dirstream.c,
      ext/phar/tests/GHSA-jqcx-ccgx-xwhv.phpt.
    - CVE-2023-3824

 -- Leonidas Da Silva Barbosa <email address hidden>  Thu, 17 Aug 2023 14:37:48 -0300
Superseded in jammy-updates
Superseded in jammy-security 
php8.1 (8.1.2-1ubuntu2.14) jammy-security; urgency=medium

  * SECURITY UPDATE: Disclosure sensitive information
    - debian/patches/CVE-2023-3823.patch: sanitieze libxml2 globals
      before parsing in ext/dom/document.c, ext/dom/documentfragment.c,
      xml_global_state_entity_loader_bypass.phpt, ext/libxml/php_libxml.h,
      ext/simplexml/simplexml.c, xml_global_state_entity_loader_bypass.phpt,
      ext/soap/php_xml.c, ext/xml/compat.c, ext/xmlreader/php_xmlreader.c,
      xml_global_state_entity_loader_bypass.phpt, ext/xsl/xsltprocessor.c,
      ext/zend_test/test.c, ext/zend_test/test.stub.php.
    - CVE-2023-3823
  * SECURITY UPDATE: Stack buffer overflow
    - debian/patches/CVE-2023-3824.patch: fix buffer mismanagement in
      phar_dir_read(), and in files ext/phar/dirstream.c,
      ext/phar/tests/GHSA-jqcx-ccgx-xwhv.phpt.
    - CVE-2023-3824

 -- Leonidas Da Silva Barbosa <email address hidden>  Fri, 18 Aug 2023 08:41:11 -0300
Obsolete in kinetic-updates
Obsolete in kinetic-security 
php8.1 (8.1.7-1ubuntu3.5) kinetic-security; urgency=medium

  * SECURITY UPDATE: Missing error check and insufficient random
    bytes
    - debian/patches/CVE-2023-3247-1.patch: fixes missing randomness
      check and insufficient random byes for SOAP HTTP digest
      in ext/soap/php_http.c.
    - debian/patches/CVE-2023-3247-2.patch: fix wrong backporting of previous
      soap patch.
    - CVE-2023-3247

 -- Leonidas Da Silva Barbosa <email address hidden>  Wed, 28 Jun 2023 11:05:45 -0300
Superseded in jammy-updates
Superseded in jammy-security 
php8.1 (8.1.2-1ubuntu2.13) jammy-security; urgency=medium

  * SECURITY UPDATE: Missing error check and insufficient random
    bytes
    - debian/patches/CVE-2023-3247-1.patch: fixes missing randomness
      check and insufficient random byes for SOAP HTTP digest
      in ext/soap/php_http.c.
    - debian/patches/CVE-2023-3247-2.patch: fix wrong backporting of previous
      soap patch.
    - CVE-2023-3247

 -- Leonidas Da Silva Barbosa <email address hidden>  Wed, 28 Jun 2023 11:01:49 -0300
Superseded in lunar-updates
Superseded in lunar-security 
php8.1 (8.1.12-1ubuntu4.2) lunar-security; urgency=medium

  * SECURITY UPDATE: Missing error check and insufficient random
    bytes
    - debian/patches/CVE-2023-3247-1.patch: fixes missing randomness
      check and insufficient random byes for SOAP HTTP digest
      in ext/soap/php_http.c.
    - debian/patches/CVE-2023-3247-2.patch: fix wrong backporting of previous
      soap patch.
    - CVE-2023-3247

 -- Leonidas Da Silva Barbosa <email address hidden>  Wed, 28 Jun 2023 10:56:12 -0300
Deleted in jammy-proposed (Reason: moved to -updates) 
php8.1 (8.1.2-1ubuntu2.12) jammy; urgency=medium

  * d/p/fix-map-ptr-mem-leak.patch: Fix map_ptr opcache-less fpm memory leak.
    (LP: #2017207)

 -- Athos Ribeiro <email address hidden>  Wed, 14 Jun 2023 19:57:19 -0300
Deleted in kinetic-proposed (Reason: moved to -updates) 
php8.1 (8.1.7-1ubuntu3.4) kinetic; urgency=medium

  * d/p/fix-map-ptr-mem-leak.patch: Fix map_ptr opcache-less fpm memory leak.
    (LP: #2017207)

 -- Athos Ribeiro <email address hidden>  Wed, 14 Jun 2023 19:56:11 -0300
Deleted in lunar-proposed (Reason: moved to -updates) 
php8.1 (8.1.12-1ubuntu4.1) lunar; urgency=medium

  * d/p/fix-map-ptr-mem-leak.patch: Fix map_ptr opcache-less fpm memory leak.
    (LP: #2017207)

 -- Athos Ribeiro <email address hidden>  Wed, 14 Jun 2023 16:57:52 -0300
Superseded in jammy-updates
Superseded in jammy-security 
php8.1 (8.1.2-1ubuntu2.11) jammy-security; urgency=medium

  * SECURITY UPDATE: password_verify() accepts invalid Blowfish hashes
    - debian/patches/CVE-2023-0567-1.patch: fix validation of malformed
      BCrypt hashes in ext/standard/crypt_blowfish.c,
      ext/standard/tests/crypt/bcrypt_salt_dollar.phpt.
    - debian/patches/CVE-2023-0567-2.patch: fix possible buffer overread in
      php_crypt() in ext/standard/crypt.c,
      ext/standard/tests/password/password_bcrypt_short.phpt.
    - CVE-2023-0567
  * SECURITY UPDATE: off-by-one in core path resolution function
    - debian/patches/CVE-2023-0568.patch: fix array overrun when appending
      slash to paths in ext/dom/document.c, ext/xmlreader/php_xmlreader.c,
      main/fopen_wrappers.c.
    - CVE-2023-0568
  * SECURITY UPDATE: DoS via excessive number of parts in HTTP form upload
    - debian/patches/CVE-2023-0662-1.patch: introduce
      max_multipart_body_parts INI in main/main.c, main/rfc1867.c,
      sapi/fpm/tests/*, sapi/fpm/tests/tester.inc.
    - debian/patches/CVE-2023-0662-2.patch: fix repeated warning for file
      uploads limit exceeding in main/rfc1867.c.
    - CVE-2023-0662

 -- Marc Deslauriers <email address hidden>  Wed, 22 Feb 2023 17:56:18 -0500
Superseded in kinetic-updates
Superseded in kinetic-security 
php8.1 (8.1.7-1ubuntu3.3) kinetic-security; urgency=medium

  * SECURITY UPDATE: password_verify() accepts invalid Blowfish hashes
    - debian/patches/CVE-2023-0567-1.patch: fix validation of malformed
      BCrypt hashes in ext/standard/crypt_blowfish.c,
      ext/standard/tests/crypt/bcrypt_salt_dollar.phpt.
    - debian/patches/CVE-2023-0567-2.patch: fix possible buffer overread in
      php_crypt() in ext/standard/crypt.c,
      ext/standard/tests/password/password_bcrypt_short.phpt.
    - CVE-2023-0567
  * SECURITY UPDATE: off-by-one in core path resolution function
    - debian/patches/CVE-2023-0568.patch: fix array overrun when appending
      slash to paths in ext/dom/document.c, ext/xmlreader/php_xmlreader.c,
      main/fopen_wrappers.c.
    - CVE-2023-0568
  * SECURITY UPDATE: DoS via excessive number of parts in HTTP form upload
    - debian/patches/CVE-2023-0662-1.patch: introduce
      max_multipart_body_parts INI in main/main.c, main/rfc1867.c,
      sapi/fpm/tests/*, sapi/fpm/tests/tester.inc.
    - debian/patches/CVE-2023-0662-2.patch: fix repeated warning for file
      uploads limit exceeding in main/rfc1867.c.
    - CVE-2023-0662

 -- Marc Deslauriers <email address hidden>  Wed, 22 Feb 2023 17:55:33 -0500
Deleted in mantic-release (Reason: Superseded by php8.2)
Published in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
php8.1 (8.1.12-1ubuntu4) lunar; urgency=medium

  * SECURITY UPDATE: password_verify() accepts invalid Blowfish hashes
    - debian/patches/CVE-2023-0567-1.patch: fix validation of malformed
      BCrypt hashes in ext/standard/crypt_blowfish.c,
      ext/standard/tests/crypt/bcrypt_salt_dollar.phpt.
    - debian/patches/CVE-2023-0567-2.patch: fix possible buffer overread in
      php_crypt() in ext/standard/crypt.c,
      ext/standard/tests/password/password_bcrypt_short.phpt.
    - CVE-2023-0567
  * SECURITY UPDATE: off-by-one in core path resolution function
    - debian/patches/CVE-2023-0568.patch: fix array overrun when appending
      slash to paths in ext/dom/document.c, ext/xmlreader/php_xmlreader.c,
      main/fopen_wrappers.c.
    - CVE-2023-0568
  * SECURITY UPDATE: DoS via excessive number of parts in HTTP form upload
    - debian/patches/CVE-2023-0662-1.patch: introduce
      max_multipart_body_parts INI in main/main.c, main/rfc1867.c,
      sapi/fpm/tests/*, sapi/fpm/tests/tester.inc.
    - debian/patches/CVE-2023-0662-2.patch: fix repeated warning for file
      uploads limit exceeding in main/rfc1867.c.
    - CVE-2023-0662

 -- Marc Deslauriers <email address hidden>  Wed, 22 Feb 2023 14:48:21 -0500
Superseded in lunar-proposed 
php8.1 (8.1.12-1ubuntu3) lunar; urgency=medium

  * SECURITY UPDATE: Integer overflow in PDO::quote()
    - debian/patches/CVE-2022-31631-*.patch: fix check
      unquotedlen size in ext/pdo_sqlite/sqlite_driver.c.
    - CVE-2022-31631

 -- Marc Deslauriers <email address hidden>  Fri, 17 Feb 2023 14:49:23 -0500
Superseded in jammy-updates
Superseded in jammy-security 
php8.1 (8.1.2-1ubuntu2.10) jammy-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-31631-*.patch: fix check
      unquotedlen size in ext/pdo_sqlite/sqlite_driver.c.
    - CVE-2022-31631

 -- Leonidas Da Silva Barbosa <email address hidden>  Mon, 16 Jan 2023 12:19:49 -0300
Superseded in kinetic-updates
Superseded in kinetic-security 
php8.1 (8.1.7-1ubuntu3.2) kinetic-security; urgency=medium

  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2022-31631-*.patch: fix check
      unquotedlen size in ext/pdo_sqlite/sqlite_driver.c.
    - CVE-2022-31631

 -- Leonidas Da Silva Barbosa <email address hidden>  Mon, 16 Jan 2023 12:18:41 -0300
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
php8.1 (8.1.12-1ubuntu2) lunar; urgency=medium

  * No-change rebuild against libldap-2

 -- Steve Langasek <email address hidden>  Thu, 15 Dec 2022 19:52:55 +0000

Available diffs

Superseded in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates) 
php8.1 (8.1.2-1ubuntu2.9) jammy; urgency=medium

  * d/p/0049-Preserve-file-position-when-php-temp-switches.patch: PHP provides
    a temporary data stream, php://temp, whose contents are moved to a
    temporary file when a predefined size limit is hit. In jammy, the file
    position is set to the end of the file, which results in corrupted/unwanted
    data. Fix this by preserving the file position in this situation.
    (LP: #1990302)

 -- Athos Ribeiro <email address hidden>  Wed, 19 Oct 2022 11:58:09 -0300
Superseded in lunar-release
Deleted in lunar-proposed (Reason: Moved to lunar) 
php8.1 (8.1.12-1ubuntu1) lunar; urgency=medium

  * Merge with Debian unstable (LP: #1996515). Remaining changes:
    - Force upgrade from earlier mod-php's to version 8.1 (LP #1890263):
      + d/control: add transitional packages and Breaks/Replaces.
      + d/rules: exclude transitional packages in dh_install.
    - d/rules: Don't fill up build log with pedantic warnings.
    - d/rules: document garbage collection in ini files. (LP #1772915)
    - d/rules: fix PHP_EXTRA_VERSION setting. (LP #1989196)
    - Test PHP_EXTRA_VERSION setting with autopkgtest.
  * Dropped changes:
    - SECURITY UPDATE: Memory corruption in libmagic
      + debian/patches/CVE-2022-31627.patch: use the same memory allocator in
        ext/fileinfo/libmagic.patch, ext/fileinfo/libmagic/softmagic.c,
        ext/fileinfo/tests/bug81723.phpt.
      + CVE-2022-31627
      [ Fixed in 8.1.8 ]

 -- Athos Ribeiro <email address hidden>  Mon, 14 Nov 2022 13:07:00 -0300

Available diffs

Superseded in jammy-updates
Superseded in jammy-security 
php8.1 (8.1.2-1ubuntu2.8) jammy-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-31628-1.patch: adding a recursion limit
      in ext/phar/phar.c, ext/phar/tests/bug81726.phpt.
    - debian/source/include-binaries: add ext/phar/tests/bug81726.gz.
    - debian/patches/CVE-2022-31628-2.patch: avoid a second check in
      ext/phar/phar.c.
    - CVE-2022-31628
  * SECURITY UPDATE: Cookie injection
    - debian/patches/CVE-2022-31629.patch: don't mangle HTTP
      variable names that clash with ones that have a specific semantic
      meaning in ext/standard/test/bug81727.phpt,
      main/php_variables.c.
    - CVE-2022-31629
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2022-31630.patch: adds validation in
      imageloadfont() for OOB in ext/gd/gd.c, ext/gd/tests/bug81739.phpt.
    - CVE-2022-31630
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2022-37454.patch: fixes buffer overflow in
      hash_update() on long parameter in
      ext/hash/sha3/generic32lc/KeccakSponge.inc,
      ext/hash/sha3/generic64lc/KeccakSponge.inc.
    - CVE-2022-37454

 -- Leonidas Da Silva Barbosa <email address hidden>  Wed, 02 Nov 2022 10:35:25 -0300
Superseded in kinetic-updates
Superseded in kinetic-security 
php8.1 (8.1.7-1ubuntu3.1) kinetic-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2022-31628-1.patch: adding a recursion limit
      in ext/phar/phar.c, ext/phar/tests/bug81726.phpt.
    - debian/source/include-binaries: add ext/phar/tests/bug81726.gz.
    - debian/patches/CVE-2022-31628-2.patch: avoid a second check in
      ext/phar/phar.c.
    - CVE-2022-31628
  * SECURITY UPDATE: Cookie injection
    - debian/patches/CVE-2022-31629.patch: don't mangle HTTP
      variable names that clash with ones that have a specific semantic
      meaning in ext/standard/test/bug81727.phpt,
      main/php_variables.c.
    - CVE-2022-31629
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2022-31630.patch: adds validation in
      imageloadfont() for OOB in ext/gd/gd.c, ext/gd/tests/bug81739.phpt.
    - CVE-2022-31630
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2022-37454.patch: fixes buffer overflow in
      hash_update() on long parameter in
      ext/hash/sha3/generic32lc/KeccakSponge.inc,
      ext/hash/sha3/generic64lc/KeccakSponge.inc.
    - CVE-2022-37454

 -- Leonidas Da Silva Barbosa <email address hidden>  Wed, 02 Nov 2022 10:39:03 -0300
Superseded in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates) 
php8.1 (8.1.2-1ubuntu2.6) jammy; urgency=medium

  * d/rules: fix PHP_EXTRA_VERSION setting. (LP: #1989196)
  * Test PHP_EXTRA_VERSION setting with autopkgtest.

 -- Athos Ribeiro <email address hidden>  Thu, 15 Sep 2022 08:30:49 -0300
Superseded in lunar-release
Obsolete in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
php8.1 (8.1.7-1ubuntu3) kinetic; urgency=medium

  * d/rules: fix PHP_EXTRA_VERSION setting. (LP: #1989196)
  * Test PHP_EXTRA_VERSION setting with autopkgtest.

 -- Athos Ribeiro <email address hidden>  Tue, 13 Sep 2022 11:02:34 -0300

Available diffs

Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
php8.1 (8.1.7-1ubuntu2) kinetic; urgency=medium

  * d/rules: fix documented garbage collection probability default value. This
    is a cleanup for the fix proposed in LP #1772915.

 -- Athos Ribeiro <email address hidden>  Tue, 06 Sep 2022 15:00:21 -0300

Available diffs

Superseded in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates) 
php8.1 (8.1.2-1ubuntu2.5) jammy; urgency=medium

  * d/p/0048-Clear-recorded-errors-before-executing-shutdown-func.patch:
    backport OPcache autoloading fix from 8.1.6. (LP: #1983205)

 -- <email address hidden> (Kraut.Hosting)  Mon, 08 Aug 2022 09:28:23 +0200
Superseded in jammy-updates
Deleted in jammy-proposed (Reason: moved to -updates) 
php8.1 (8.1.2-1ubuntu2.4) jammy; urgency=medium

  * d/p/0047-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc
    function attributes. (LP: #1882279)

 -- Athos Ribeiro <email address hidden>  Wed, 17 Aug 2022 10:08:39 -0300
Superseded in jammy-updates
Superseded in jammy-proposed 
php8.1 (8.1.2-1ubuntu2.3) jammy; urgency=medium

  * d/p/0046-Fix-ssl3-unexpected-eof.patch: fix OpenSSL3 related unexpected
    EOF failure. This patch was originally introduced in PHP 8.1.7 to maintain
    compatibility with servers that are not yet compatible with new OpenSSL 3
    changes. This lack of compatibility would result in errors like
    "error:0A000126:SSL routines::unexpected eof while reading in LOCATION".
    (LP: #1975626)

 -- Athos Ribeiro <email address hidden>  Mon, 15 Aug 2022 09:24:10 -0300
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
php8.1 (8.1.7-1ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable (LP: #1983285, #1983205). Remaining changes:
    - Force upgrade from earlier mod-php's to version 8.1 (LP #1890263):
      + d/control: add transitional packages and Breaks/Replaces.
      + d/rules: exclude transitional packages in dh_install.
    - d/rules: Don't fill up build log with pedantic warnings.
    - d/rules: document garbage collection in ini files. (LP #1772915)
    - SECURITY UPDATE: Memory corruption in libmagic
      + debian/patches/CVE-2022-31627.patch: use the same memory allocator in
        ext/fileinfo/libmagic.patch, ext/fileinfo/libmagic/softmagic.c,
        ext/fileinfo/tests/bug81723.phpt.
      + CVE-2022-31627
  * Dropped changes:
    - d/p/0046-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc
      function attributes. (LP #1882279)
      [ Fixed in 8.1.7-1 ]
    - d/p/0047-Fix-ssl3-unexpected-eof.patch: fix OpenSSL3 related
      unexpected EOF failure. (LP #1975626)
      [ Fixed in 8.1.7-1 ]
    - SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
      + debian/patches/CVE-2022-31625.patch: don't free parameters which
        haven't initialized yet in ext/pgsql/pgsql.c,
        ext/pgsql/tests/bug81720.phpt.
      + CVE-2022-31625
      [ Fixed in 8.1.7-1 ]
    - SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
      + debian/patches/CVE-20022-31626.patch: properly calculate size in
        ext/mysqlnd/mysqlnd_wireprotocol.c.
      + CVE-2022-31626
      [ Fixed in 8.1.7-1 ]

 -- Athos Ribeiro <email address hidden>  Mon, 01 Aug 2022 17:04:27 -0300

Available diffs

Superseded in jammy-updates
Superseded in jammy-security 
php8.1 (8.1.2-1ubuntu2.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Memory corruption in libmagic
    - debian/patches/CVE-2022-31627.patch: use the same memory allocator in
      ext/fileinfo/libmagic.patch, ext/fileinfo/libmagic/softmagic.c,
      ext/fileinfo/tests/bug81723.phpt.
    - CVE-2022-31627

 -- Marc Deslauriers <email address hidden>  Thu, 21 Jul 2022 08:10:37 -0400
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
php8.1 (8.1.5-1ubuntu3) kinetic; urgency=medium

  * SECURITY UPDATE: Memory corruption in libmagic
    - debian/patches/CVE-2022-31627.patch: use the same memory allocator in
      ext/fileinfo/libmagic.patch, ext/fileinfo/libmagic/softmagic.c,
      ext/fileinfo/tests/bug81723.phpt.
    - CVE-2022-31627

 -- Marc Deslauriers <email address hidden>  Thu, 21 Jul 2022 08:07:25 -0400

Available diffs

Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
php8.1 (8.1.5-1ubuntu2) kinetic; urgency=medium

  * SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
    - debian/patches/CVE-2022-31625.patch: don't free parameters which
      haven't initialized yet in ext/pgsql/pgsql.c,
      ext/pgsql/tests/bug81720.phpt.
    - CVE-2022-31625
  * SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
    - debian/patches/CVE-20022-31626.patch: properly calculate size in
      ext/mysqlnd/mysqlnd_wireprotocol.c.
    - CVE-2022-31626

 -- Marc Deslauriers <email address hidden>  Tue, 21 Jun 2022 12:32:04 -0400

Available diffs

Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
php8.1 (8.1.5-1ubuntu1) kinetic; urgency=medium

  * Merge with Debian unstable (LP: #1978364). Remaining changes:
    - Force upgrade from earlier mod-php's to version 8.1 (LP #1890263):
      + d/control: add transitional packages and Breaks/Replaces.
      + d/rules: exclude transitional packages in dh_install.
    - d/rules: Don't fill up build log with pedantic warnings.
    - d/p/0046-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc
      function attributes. (LP #1882279)
    - d/rules: document garbage collection in ini files. (LP #1772915)
  * Dropped changes:
    - SECURITY UPDATE: use-after-free in php_filter_float()
      + debian/patches/CVE-2021-21708.patch: fix int handling in
        ext/filter/logical_filters.c, ext/filter/tests/bug81708.phpt.
      + CVE-2021-21708
      [ Fixed in 8.1.3-1 ]
  * New changes:
    - d/p/0047-Fix-ssl3-unexpected-eof.patch: fix OpenSSL3 related
      unexpected EOF failure. (LP: #1975626)

 -- Athos Ribeiro <email address hidden>  Sat, 11 Jun 2022 00:08:45 -0300

Available diffs

Superseded in jammy-updates
Superseded in jammy-security 
php8.1 (8.1.2-1ubuntu2.1) jammy-security; urgency=medium

  * SECURITY UPDATE: RCE via Uninitialized array in pg_query_params()
    - debian/patches/CVE-2022-31625.patch: don't free parameters which
      haven't initialized yet in ext/pgsql/pgsql.c,
      ext/pgsql/tests/bug81720.phpt.
    - CVE-2022-31625
  * SECURITY UPDATE: RCE via mysqlnd/pdo password buffer overflow
    - debian/patches/CVE-20022-31626.patch: properly calculate size in
      ext/mysqlnd/mysqlnd_wireprotocol.c.
    - CVE-2022-31626

 -- Marc Deslauriers <email address hidden>  Mon, 13 Jun 2022 09:52:54 -0400
Superseded in kinetic-release
Deleted in kinetic-proposed (Reason: Moved to kinetic) 
php8.1 (8.1.2-1ubuntu4) kinetic; urgency=medium

  * d/p/0046-Update-gcc-func-attr-macro.patch: fix detection of unknown gcc
    function attributes. (LP: #1882279)
  * d/rules: document garbage collection in ini files. (LP: #1772915)

 -- Athos Ribeiro <email address hidden>  Mon, 02 May 2022 19:54:49 -0300
Superseded in kinetic-proposed 
php8.1 (8.1.2-1ubuntu3) kinetic; urgency=medium

  * No-change rebuild against libicu71

 -- Steve Langasek <email address hidden>  Sat, 30 Apr 2022 02:06:04 +0000

Available diffs

Superseded in kinetic-release
Published in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
php8.1 (8.1.2-1ubuntu2) jammy; urgency=medium

  * d/control: Add transitional packages and Breaks/Replaces to force
    upgrade from earlier mod-php's to version 8.1.
    (LP: #1890263)
  * d/rules: Don't fill up build log with pedantic warnings.

 -- Bryce Harrington <email address hidden>  Thu, 07 Apr 2022 17:46:26 +0000

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
php8.1 (8.1.2-1ubuntu1) jammy; urgency=medium

  * SECURITY UPDATE: use-after-free in php_filter_float()
    - debian/patches/CVE-2021-21708.patch: fix int handling in
      ext/filter/logical_filters.c, ext/filter/tests/bug81708.phpt.
    - CVE-2021-21708

 -- Marc Deslauriers <email address hidden>  Fri, 04 Mar 2022 13:13:46 -0500
Superseded in jammy-proposed 
php8.1 (8.1.2-1build1) jammy; urgency=medium

  * No-change rebuild for icu soname change.

 -- Matthias Klose <email address hidden>  Wed, 09 Feb 2022 09:18:22 +0100
Superseded in jammy-proposed 
php8.1 (8.1.2-1) unstable; urgency=medium

  * New upstream version 8.1.2

 -- Ondřej Surý <email address hidden>  Mon, 24 Jan 2022 11:36:08 +0100

Available diffs

Superseded in jammy-proposed 
php8.1 (8.1.1-4) unstable; urgency=medium

  * Override result of AC_PROG_LN_S to fix FTBFS on ppc64el

 -- Ondřej Surý <email address hidden>  Mon, 03 Jan 2022 15:34:56 +0100

Available diffs

Superseded in jammy-proposed 
php8.1 (8.1.1-3) unstable; urgency=medium

  * Fail the build when the dtrace call fails (Closes: #1000784)

 -- Ondřej Surý <email address hidden>  Fri, 31 Dec 2021 10:25:19 +0100

Available diffs

Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
php8.1 (8.1.0-1) unstable; urgency=medium

  * Update d/watch for final PHP 8.1
  * New upstream version 8.1.0

 -- Ondřej Surý <email address hidden>  Thu, 25 Nov 2021 20:57:29 +0100
Superseded in jammy-release
Superseded in jammy-release
Deleted in jammy-proposed (Reason: Moved to jammy) 
php8.1 (8.1.0~rc4-1ubuntu2) jammy; urgency=medium

  * d/rules: Fix FTBFS on armhf.  Use -mfpu=vfpv3-d16 in CFLAGS.
    [Thanks utkarsh and sergiodj]

 -- Bryce Harrington <email address hidden>  Fri, 22 Oct 2021 23:59:56 +0000
Superseded in jammy-proposed 
php8.1 (8.1.0~rc4-1ubuntu1) jammy; urgency=medium

  * Import for jammy. (LP: #1947896)
    - Source tarball comes from Ondřej's ppa rather than pristine-tar.

 -- Bryce Harrington <email address hidden>  Wed, 20 Oct 2021 19:02:44 +0000
146 of 46 results FirstPreviousNextLast