rpms/scl-php70/php.git, branch master The master git repository for php RPM Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface 2024-11-26T11:04:22+00:00 Remi Collet remi@remirepo.net 2024-11-26T11:04:22+00:00 daf9b88c6cd0fe21b83f684e10dba7095d49605e GHSA-4w77-75f9-2c8w Fix OOB access in ldap_escape CVE-2024-8932 Fix Integer overflow in the dblib/firebird quoter causing OOB writes CVE-2024-11236 Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 
  GHSA-4w77-75f9-2c8w
Fix OOB access in ldap_escape
  CVE-2024-8932
Fix Integer overflow in the dblib/firebird quoter causing OOB writes
  CVE-2024-11236
Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
  CVE-2024-11234
Fix Single byte overread with convert.quoted-printable-decode filter
  CVE-2024-11233
Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI 2024-09-27T07:58:37+00:00 Remi Collet remi@remirepo.net 2024-09-27T07:58:37+00:00 04a009d3791ab5c8aeead7988076e6a5ffb6cbc9 CVE-2024-4577 Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability CVE-2024-8926 Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 Fix Erroneous parsing of multipart form data CVE-2024-8925 
  CVE-2024-4577
Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
  CVE-2024-8926
Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
  CVE-2024-8927
Fix Erroneous parsing of multipart form data
  CVE-2024-8925
use oracle client library version 23.5 on x86_64 2024-07-31T09:10:09+00:00 Remi Collet remi@remirepo.net 2024-07-31T09:10:09+00:00 6325fa517ce34105f1614520543b2da49b786263 






Fix filter bypass in filter_var FILTER_VALIDATE_URL
2024-06-05T08:41:13+00:00

Remi Collet
remi@remirepo.net

2024-06-05T08:41:13+00:00

d4688638bf6ce9d2018a189d9364a8713b90b40e

  CVE-2024-5458





  CVE-2024-5458







use oracle client library version 21.13 on x86_64, 19.19 on aarch64
2024-04-10T12:56:28+00:00

Remi Collet
remi@remirepo.net

2024-04-10T12:56:28+00:00

997d6f80d9b806bcdad4af50a785d271b65004bf

Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096





Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096







use official Oracle Instant Client RPM
2023-09-22T08:26:06+00:00

Remi Collet
remi@remirepo.net

2023-09-22T08:26:06+00:00

e51a3d1aa8197e659b0ed76baf4b9c8799788c48












Fix Security issue with external entity loading in XML without enabling it
2023-08-02T09:14:07+00:00

Remi Collet
remi@remirepo.net

2023-08-02T09:14:07+00:00

e2daa46b2fee0adf416031348a5e48960e2c663c

  GHSA-3qrf-m4j2-pcrr CVE-2023-3823
Fix Buffer mismanagement in phar_dir_read()
  GHSA-jqcx-ccgc-xwhv CVE-2023-3824
move httpd/nginx wants directive to config files in /etc





  GHSA-3qrf-m4j2-pcrr CVE-2023-3823
Fix Buffer mismanagement in phar_dir_read()
  GHSA-jqcx-ccgc-xwhv CVE-2023-3824
move httpd/nginx wants directive to config files in /etc







fix possible buffer overflow in date
2023-06-21T08:52:17+00:00

Remi Collet
remi@remirepo.net

2023-06-21T08:52:17+00:00

63df0c1397405e708ffb04201cf64c34c2f214e2

define %php70___phpize and %php70___phpconfig





define %php70___phpize and %php70___phpconfig







Fix Missing error check and insufficient random bytes in HTTP Digest
2023-06-07T10:23:13+00:00

Remi Collet
remi@remirepo.net

2023-06-07T10:23:13+00:00

4e1bc99284de106ea65bfbede27f48699bd132bd

  authentication for SOAP
  GHSA-76gg-c692-v2mw
use oracle client library version 21.10





  authentication for SOAP
  GHSA-76gg-c692-v2mw
use oracle client library version 21.10







fix #81744: Password_verify() always return true with some hash
2023-02-15T10:13:26+00:00

Remi Collet
remi@remirepo.net

2023-02-15T10:13:26+00:00

4242469728c5089a3cbc80405cecc4a75e14367d

  CVE-2023-0567
fix #81746: 1-byte array overrun in common path resolve code
  CVE-2023-0568
fix DOS vulnerability when parsing multipart request body
  CVE-2023-0662





  CVE-2023-0567
fix #81746: 1-byte array overrun in common path resolve code
  CVE-2023-0568
fix DOS vulnerability when parsing multipart request body
  CVE-2023-0662