~bryce/ubuntu/+source/php7.4:merge-v7o4o5-1-groovy

Branch merges

Propose for merging

Merged into ubuntu/+source/php7.4:debian/sid at revision 2b891b7c9bd1c343ba5a457d890bd827c3e9b57b

Christian Ehrhardt  (community): Needs Fixing on 2020-07-17

Canonical Server: Pending requested 2020-07-16

Diff: 253 lines (+172/-5)

6 files modified

debian/changelog (+90/-0)
debian/control (+4/-1)
debian/control.in (+4/-1)
debian/libapache2-mod-php.postinst.extra (+8/-3)
debian/patches/CVE-2019-11048.patch (+65/-0)
debian/patches/series (+1/-0)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

2b891b7... by Bryce Harrington on 2020-07-16

changelog

95d8590... by Bryce Harrington on 2020-07-16

update-maintainer

0bb3d37... by Bryce Harrington on 2020-07-16

reconstruct-changelog

9f0cbc9... by Bryce Harrington on 2020-07-16

merge-changelogs

6726f34... by Bryce Harrington on 2020-07-16

  * Dropped:
    - SECURITY UPDATE: Truncated url due \0
      + debian/patches/CVE-2020-7066.patch: check for get_headers
 not accepting \0 in ext/standard/url.c.
      + CVE-2020-7066
      [Fixed in 7.4.5-1]

66c1ae9... by Bryce Harrington on 2020-07-16

  * Dropped:
    - SECURITY UPDATE: Memory corruption, crash and potentially code execution
      + debian/patches/CVE-2020-7065.patch: make sure that negative values are
 properly compared in ext/mbstring/php_unicode.c,
 ext/mbstring/tests/bug70371.phpt.
      + CVE-2020-7065
      [Fixed in 7.4.5-1]

35d6c07... by Bryce Harrington on 2020-07-16

  * Dropped:
    - SECURITY UPDATE: Read one byte of uninitialized memory
      + debian/patches/CVE-2020-7064.patch: check length in
        exif_process_TIFF_in_JPEG to avoid read uninitialized memory
        ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
      + CVE-2020-7064
      [Fixed in 7.4.5-1]

7b8984c... by Bryce Harrington on 2020-07-16

    - SECURITY UPDATE: Denial of service through oversized memory allocated
      + debian/patches/CVE-2019-11048.patch: changes types int to size_t
        in main/rfc1867.c.
      + CVE-2019-11048

1cb1d6c... by Bryce Harrington on 2020-07-16

    - libapache2-mod-php.postinst.extra: Disable other mod-php versions.
      Fixes failure when upgrading from previous versions of mod-php.
      (LP: 1865218)

aaa066f... by Bryce Harrington on 2020-03-26

    - d/control, d/control.in: Conflict with mod-php from php7.2 and
      php7.3 to ensure safe upgrade path for apache2.
      (Fixes LP: #1850933)