diff options
| author | Remi Collet <remi@remirepo.net> | 2024-06-05 10:42:39 +0200 |
|---|---|---|
| committer | Remi Collet <remi@php.net> | 2024-06-05 10:42:39 +0200 |
| commit | ec848d5c6c8a9508202a4c3e1e61ad2d5a06568b (patch) | |
| tree | 85f27e01b3f089726d1dc49e8fccf4fe0b1a5b98 /php70.spec | |
| parent | 827a76739becbd6187f314db6291363b57975efc (diff) | |
CVE-2024-5458
Diffstat (limited to 'php70.spec')
| -rw-r--r-- | php70.spec | 14 |
1 files changed, 11 insertions, 3 deletions
@@ -116,7 +116,7 @@ Summary: PHP scripting language for creating dynamic web sites Name: php Version: %{upver}%{?rcver:~%{rcver}} -Release: 41%{?dist} +Release: 42%{?dist} # All files licensed under PHP version 3.01, except # Zend is licensed under Zend # TSRM is licensed under BSD @@ -243,6 +243,7 @@ Patch264: php-cve-2023-3823.patch Patch265: php-cve-2023-3824.patch Patch266: php-cve-2024-2756.patch Patch267: php-cve-2024-3096.patch +Patch268: php-cve-2024-5458.patch # Fixes for tests (300+) # Factory is droped from system tzdata @@ -994,9 +995,11 @@ Group: System Environment/Libraries License: PHP Requires: php-common%{?_isa} = %{version}-%{release} # Upstream requires 4.0, we require 69.1 to ensure use of libicu69 -BuildRequires: libicu-devel = 69.1 %if 0%{?rhel} +BuildRequires: libicu-devel = 69.1 Obsoletes: php53-intl, php53u-intl, php54-intl, php54w-intl, php55u-intl, php55w-intl, php56u-intl, php56w-intl, php70u-intl, php70w-intl +%else +BuildRequires: libicu-devel %endif %description intl @@ -1166,6 +1169,7 @@ echo CIBLE = %{name}-%{version}-%{release} oci8=%{with_oci8} libzip=%{with_libzi %patch -P265 -p1 -b .cve3824 %patch -P266 -p1 -b .cve2756 %patch -P267 -p1 -b .cve3096 +%patch -P268 -p1 -b .cve5458 # Fixes for tests %if 0%{?fedora} >= 21 || 0%{?rhel} >= 5 @@ -2195,8 +2199,12 @@ fi %changelog +* Tue Jun 4 2024 Remi Collet <remi@remirepo.net> - 7.0.33-42 +- Fix filter bypass in filter_var FILTER_VALIDATE_URL + CVE-2024-5458 + * Wed Apr 10 2024 Remi Collet <remi@remirepo.net> - 7.0.33-41 -- use oracle client library version 21.13 on x86_64, 19.19 on aarch64 +- use oracle client library version 21.13 - Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 - Fix password_verify can erroneously return true opening ATO risk |