~bryce/ubuntu/+source/php7.4:merge-v7o4o5-1-groovy

Last commit made on 2020-07-16
Get this branch:
git clone -b merge-v7o4o5-1-groovy https://git.launchpad.net/~bryce/ubuntu/+source/php7.4
Only Bryce Harrington can upload to this branch. If you are Bryce Harrington please log in for upload directions.

Branch merges

Branch information

Name:
merge-v7o4o5-1-groovy
Repository:
lp:~bryce/ubuntu/+source/php7.4

Recent commits

2b891b7... by Bryce Harrington on 2020-07-16

changelog

95d8590... by Bryce Harrington on 2020-07-16

update-maintainer

0bb3d37... by Bryce Harrington on 2020-07-16

reconstruct-changelog

9f0cbc9... by Bryce Harrington on 2020-07-16

merge-changelogs

6726f34... by Bryce Harrington on 2020-07-16

  * Dropped:
    - SECURITY UPDATE: Truncated url due \0
      + debian/patches/CVE-2020-7066.patch: check for get_headers
 not accepting \0 in ext/standard/url.c.
      + CVE-2020-7066
      [Fixed in 7.4.5-1]

66c1ae9... by Bryce Harrington on 2020-07-16

  * Dropped:
    - SECURITY UPDATE: Memory corruption, crash and potentially code execution
      + debian/patches/CVE-2020-7065.patch: make sure that negative values are
 properly compared in ext/mbstring/php_unicode.c,
 ext/mbstring/tests/bug70371.phpt.
      + CVE-2020-7065
      [Fixed in 7.4.5-1]

35d6c07... by Bryce Harrington on 2020-07-16

  * Dropped:
    - SECURITY UPDATE: Read one byte of uninitialized memory
      + debian/patches/CVE-2020-7064.patch: check length in
        exif_process_TIFF_in_JPEG to avoid read uninitialized memory
        ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
      + CVE-2020-7064
      [Fixed in 7.4.5-1]

7b8984c... by Bryce Harrington on 2020-07-16

    - SECURITY UPDATE: Denial of service through oversized memory allocated
      + debian/patches/CVE-2019-11048.patch: changes types int to size_t
        in main/rfc1867.c.
      + CVE-2019-11048

1cb1d6c... by Bryce Harrington on 2020-07-16

    - libapache2-mod-php.postinst.extra: Disable other mod-php versions.
      Fixes failure when upgrading from previous versions of mod-php.
      (LP: 1865218)

aaa066f... by Bryce Harrington on 2020-03-26

    - d/control, d/control.in: Conflict with mod-php from php7.2 and
      php7.3 to ensure safe upgrade path for apache2.
      (Fixes LP: #1850933)