rpms/php/php73.git, branch master

Fix Heap buffer overflow in array_merge()

2026-02-17T15:13:12+00:00

  CVE-2025-14178
use oracle client library version 23.26 on x86_64 and aarch64

Fix Leak partial content of the heap through heap buffer over-read

2024-11-28T11:55:45+00:00

  CVE-2024-8929

Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface

2024-11-22T14:55:12+00:00

  GHSA-4w77-75f9-2c8w
Fix OOB access in ldap_escape
  CVE-2024-8932
Fix Integer overflow in the dblib/firebird quoter causing OOB writes
  CVE-2024-11236
Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
  CVE-2024-11234
Fix Single byte overread with convert.quoted-printable-decode filter
  CVE-2024-11233

Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI

2024-09-26T15:54:34+00:00

  CVE-2024-4577
Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
  CVE-2024-8926
Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
  CVE-2024-8927
Fix Erroneous parsing of multipart form data
  CVE-2024-8925

use oracle client library version 23.5 on x86_64

2024-07-31T08:52:46+00:00

Fix filter bypass in filter_var FILTER_VALIDATE_URL

2024-06-05T05:52:29+00:00

  CVE-2024-5458

use oracle client library version 21.11 on x86_64, 19.19 on aarch64

2024-04-10T10:28:15+00:00

Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096

use oracle client library version 21.11 on x86_64, 19.19 on aarch64

2023-10-16T09:30:43+00:00

use official Oracle Instant Client RPM

use official Oracle Instant Client RPM

2023-09-22T08:17:10+00:00

Fix Security issue with external entity loading in XML without enabling it

2023-08-01T13:46:12+00:00

  GHSA-3qrf-m4j2-pcrr CVE-2023-3823
Fix Buffer mismanagement in phar_dir_read()
  GHSA-jqcx-ccgc-xwhv CVE-2023-3824
move httpd/nginx wants directive to config files in /etc