This bug was fixed in the package php8.0 - 8.0.8-1ubuntu0.2
---------------
php8.0 (8.0.8-1ubuntu0.2) impish-security; urgency=medium
* SECURITY UPDATE: Use after free
- debian/patches/CVE-2021-21708.patch: change the call to
zval_ptr_dtor in ext/filter/logical_filters.c to be done
after a validation is succeeded, and add a test for this
case in ext/filter/tests/bug81708.phpt
- CVE-2021-21708
-- Rodrigo Figueiredo Zaiden <rodrigo.zai...@canonical.com> Thu, 24
Feb 2022 12:03:09 -0300
** Changed in: php8.0 (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961820
Title:
CVE-2021-21708: potential RCE with filter_var(...,
FILTER_VALIDATE_FLOAT)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php7.4/+bug/1961820/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
