FEDORA-2018-b6072889db

security update in Fedora 28 for php

Status: stable 2 months ago

PHP version 7.2.10 (13 Sep 2018)

Core:

  • Fixed bug #76754 (parent private constant in extends class memory leak). (Laruence)
  • Fixed bug #72443 (Generate enabled extension). (petk)
  • Fixed bug #75797 (Memory leak when using class_alias() in non-debug mode). (Massimiliano Braglia)

Apache2:

  • Fixed bug #76582 (Apache bucket brigade sometimes becomes invalid). (stas)

Bz2:

  • Fixed arginfo for bzcompress. (Tyson Andre)

gettext:

  • Fixed bug #76517 (incorrect restoring of LDFLAGS). (sji)

iconv:

  • Fixed bug #68180 (iconv_mime_decode can return extra characters in a header). (cmb)
  • Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers). (cmb)
  • Fixed bug #60494 (iconv_mime_decode does ignore special characters). (cmb)
  • Fixed bug #55146 (iconv_mime_decode_headers() skips some headers). (cmb)

intl:

  • Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders). (Anatol)

libxml:

  • Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader callback undefined). (Ville Hukkam√§ki)

mbstring:

  • Fixed bug #76704 (mb_detect_order return value varies based on argument type). (cmb)

Opcache:

  • Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar file). (Laruence)

OpenSSL:

  • Fixed bug #76705 (unusable ssl => peer_fingerprint in stream_context_create()). (Jakub Zelenka)

phpdbg:

  • Fixed bug #76595 (phpdbg man page contains outdated information). (Kevin Abel)

SPL:

  • Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()). (cmb)
  • Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0). (Tim Siebels)

Standard:

  • Fixed bug #76778 (array_reduce leaks memory if callback throws exception). (cmb)

zlib:

  • Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option). (Jay Bonci)
  • Fixed bug #76709 (Minimal required zlib library is 1.2.0.4). (petk)

Comments 9

This update has been submitted for testing by remi.

This update has been pushed to testing.

I installed this on my Ampache server and it seems to work still.

karma: +1

remi edited this update.

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by remi.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1629552 CVE-2018-17082 php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request
#1629553 CVE-2018-17082 php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
+2
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 2 months ago
in testing 2 months ago
in stable 2 months ago
modified 2 months ago

Related Bugs 2

00 #1629552 CVE-2018-17082 php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request
00 #1629553 CVE-2018-17082 php: Cross-site scripting (XSS) flaw in Apache2 component via body of 'Transfer-Encoding: chunked' request [fedora-all]

Automated Test Results