During the month of October 2024 and on behalf of Freexian, I worked on the following:
php7.4 ------ Uploaded 7.4.33-1+deb11u6 and issued DLA-3920-1. https://lists.debian.org/msgid-search/?m=zw20swdcj3zl6...@debian.org * CVE-2022-4900: Setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. * CVE-2024-5458: A code logic error may lead to the downstream code accepting invalid URLs as valid and parsing them incorrectly. * CVE-2024-8925: Erroneous parsing of multipart form data contained in an HTTP POST request * CVE-2024-9026: Log pollution in PHP-FPM when configured to catch workers output. * CVE-2024-8927: `cgi.force_redirect` configuration setting is bypassable. php7.3 ------ Uploaded 7.3.31-1~deb10u8 (buster) and issued ELA-1206-1. https://www.freexian.com/lts/extended/updates/ela-1206-1-php7.3/ * CVE-2024-8925: Erroneous parsing of multipart form data contained in an HTTP POST request * CVE-2024-8927: `cgi.force_redirect` configuration setting is bypassable. php7.0 ------ Uploaded 7.0.33-0+deb9u19 (stretch) and issued ELA-1207-1. https://www.freexian.com/lts/extended/updates/ela-1207-1-php7.0/ * CVE-2024-8925: Erroneous parsing of multipart form data contained in an HTTP POST request * CVE-2024-8927: `cgi.force_redirect` configuration setting is bypassable. php5 ---- Uploaded 5.6.40+dfsg-0+deb8u21 (jessie) and issued ELA-1208-1. https://www.freexian.com/lts/extended/updates/ela-1208-1-php5/ * CVE-2024-8925: Erroneous parsing of multipart form data contained in an HTTP POST request * CVE-2024-8927: `cgi.force_redirect` configuration setting is bypassable. perl ---- Uploaded 5.32.1-4+deb11u4 and issued DLA-3926-1. https://lists.debian.org/msgid-search/?m=zxzh5eneqthpx...@debian.org * CVE-2020-16156: Signature verification bypass in CPAN.pm. * CVE-2023-31484: CPAN::HTTP::Client did not verify X.509 certificates in the HTTP::Tiny call. Also, reviewed Bastien work for buster and jessie ELTS at his request. Thanks to the sponsors for financing the above, and to Freexian for coordinating! -- Guilhem.
signature.asc
Description: PGP signature
