During the month of December 2024 and on behalf of Freexian, I worked on the following:
php7.4, php7.3, php7.0 and php5 ------------------------------- Uploaded php7.4=7.4.33-1+deb11u7 and issued DLA-3986-1. https://lists.debian.org/msgid-search/?m=z1wxnl0vw0es6...@debian.org * CVE-2024-8929: Partial content leak of the heap through heap buffer over-read in mysqlnd. * CVE-2024-8932: Out-of-bound write in ldap_escape(). * CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter. * CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs. * CVE-2024-11236: Out-of-bound writes in in the firebird and dblib quoters due integer overflow. * GHSA-4w77-75f9-2c8w: Heap-Use-After-Free in sapi_read_post_data() processing in CLI SAPI Interface. Uploaded php7.3=7.3.31-1~deb10u9 (buster) and issued ELA-1277-1 for the same issues. https://www.freexian.com/lts/extended/updates/ela-1277-1-php7.3/ Uploaded php7.0=7.0.33-0+deb9u20 (stretch) and issued ELA-1278-1 for the same issues. https://www.freexian.com/lts/extended/updates/ela-1278-1-php7.0/ Uploaded php5=5.6.40+dfsg-0+deb8u22 (jessie) and issued ELA-1279-1 for the same issues, plus a segfault fix segfault on close() after free_result() with mysqlnd. https://www.freexian.com/lts/extended/updates/ela-1279-1-php5/ Most of my ELTS time was spent on backporting and testing the fix for CVE-2024-8929 to older suites, especially jessie's php5. The code of the mysqlnd extension has changed quite a bit since then. python-urllib3 -------------- Uploaded 1.26.5-1~exp1+deb11u1 and issued DLA-3998-1. https://lists.debian.org/msgid-search/?m=z2bpycawl98in...@debian.org * CVE-2023-43804: Cookie request header isn't stripped during cross-origin redirects. * CVE-2023-45803: Request body not stripped after redirect from 303 status changes request method to GET. * CVE-2024-37891: Proxy-Authorization request header isn't stripped during cross-origin redirects. * Bugfix (#1089507): Use system 'six' module in urllib3.util.ssltransport. Also, prepare 1.26.12-1+deb12u1 for bookworm fixing these same issues and file spu bug #1091087 to that effect. sqlparse -------- Uploaded 0.4.1-1+deb11u1 and issued DLA-4000-1. https://lists.debian.org/msgid-search/?m=z2cmmfc3zl5jk...@debian.org * CVE-2021-32839: StripComments filter contains a regular expression that is vulnerable to ReDOS. * CVE-2023-30608: Parser contains a regular expression that is vulnerable to ReDOS. * CVE-2024-4340: Parsing of heavily nested list leads to Denial of Service. Also, prepare 0.4.2-1+deb12u1 for bookworm fixing these same issues and file spu bug #1091547 to that effect. opensc ------ Uploaded 0.21.0-1+deb11u1 and issued DLA-4004-1. https://lists.debian.org/msgid-search/?m=z2_9i71eqsjqk...@debian.org * CVE-2021-34193: Stack overflow vulnerability in OpenSC smart card middleware via crafted responses to APDUs. * CVE-2021-42778: Heap double free issue in sc_pkcs15_free_tokeninfo(). * CVE-2021-42779: Heap use after free issue sc_file_valid(). * CVE-2021-42780: Use after return issue insert_pin(). * CVE-2021-42781. Heap buffer overflow in pkcs15-oberthur.c. * CVE-2021-42782: Multiple stack buffer overflow issues. * CVE-2023-2977: Buffer overrun vulnerability in pkcs15's cardos_have_verifyrc_package(). * CVE-2023-5992: Side-channel leaks while stripping encryption PKCS#1.5 padding in OpenSC. * CVE-2023-40660: Potential PIN bypass with empty PIN. * CVE-2023-40661: Multiple memory vulnerabilities in pkcs15-init. * CVE-2024-1454: Memory use after free in AuthentIC driver when updating token info. * CVE-2024-8443: Heap buffer overflow in OpenPGP driver when generating key. * CVE-2024-45615: Usage of uninitialized values in libopensc and pkcs15init. * CVE-2024-45616: Uninitialized values after incorrect check or usage of APDU response values in libopensc. * CVE-2024-45617: Uninitialized values after incorrect or missing checking return values of functions in libopensc. * CVE-2024-45618: Uninitialized values after incorrect or missing checking return values of functions in pkcs15init. * CVE-2024-45619: Incorrect handling length of buffers or files in libopensc. * CVE-2024-45620: Incorrect handling length of buffers or files in pkcs15init. Also, prepare 0.23.0-0.3+deb12u2 for bookworm fixing the 9 open no-dsa vulnerabilities (CVE-2023-5992, CVE-2024-1454, -8443 and -45615 to -45620) and file spu bug #1091207 to that effect. Also, prepare 0.25.1-2.1 for unstable fixing the 7 open no-dsa vulnerabilities (CVE-2024-8443 and -45615 to -45620). The NMU has since been uploaded by the maintainer. Thanks to the sponsors for financing the above, and to Freexian for coordinating! -- Guilhem.
signature.asc
Description: PGP signature
