rpms/php/php72.git, branch master

Fix Heap buffer overflow in array_merge()

2026-02-18T07:12:00+00:00

  CVE-2025-14178
use oracle client library version 23.26 on x86_64 and aarch64

Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface

2024-11-26T07:46:40+00:00

  GHSA-4w77-75f9-2c8w
Fix OOB access in ldap_escape
  CVE-2024-8932
Fix Integer overflow in the dblib/firebird quoter causing OOB writes
  CVE-2024-11236
Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
  CVE-2024-11234
Fix Single byte overread with convert.quoted-printable-decode filter
  CVE-2024-11233

Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI

2024-09-27T06:48:20+00:00

  CVE-2024-4577
Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
  CVE-2024-8926
Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
  CVE-2024-8927
Fix Erroneous parsing of multipart form data
  CVE-2024-8925

use oracle client library version 23.5 on x86_64

2024-07-31T09:10:40+00:00

Fix filter bypass in filter_var FILTER_VALIDATE_URL

2024-06-05T06:21:46+00:00

  CVE-2024-5458

use oracle client library version 21.13 on x86_64, 19.19 on aarch64

2024-04-10T12:07:30+00:00

Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096

use oracle client library version 21.11 on x86_64, 19.19 on aarch64

2023-10-16T09:30:37+00:00

use official Oracle Instant Client RPM

use official Oracle Instant Client RPM

2023-09-22T08:16:39+00:00

Fix Security issue with external entity loading in XML without enabling it

2023-08-01T14:10:50+00:00

  GHSA-3qrf-m4j2-pcrr CVE-2023-3823
Fix Buffer mismanagement in phar_dir_read()
  GHSA-jqcx-ccgc-xwhv CVE-2023-3824
move httpd/nginx wants directive to config files in /etc

fix possible buffer overflow in date

2023-06-21T08:05:58+00:00