FEDORA-2018-dfe1f0bac6

security update in Fedora 28 for php

Status: testing 2 days ago

PHP version 7.2.13 (06 Dec 2018)

ftp:

  • Fixed bug #77151 (ftp_close(): SSL_read on shutdown). (Remi)

CLI:

  • Fixed bug #77111 (php-win.exe corrupts unicode symbols from cli parameters). (Anatol)

Fileinfo:

  • Fixed bug #77095 (slowness regression in 7.2/7.3 (compared to 7.1)). (Anatol)

iconv:

  • Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR). (cmb)

Core:

  • Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter). (Stas)

IMAP:

  • Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter). (Stas)

ODBC:

  • Fixed bug #77079 (odbc_fetch_object has incorrect type signature). (Jon Allen)

Opcache:

  • Fixed bug #77058 (Type inference in opcache causes side effects). (Nikita)
  • Fixed bug #77092 (array_diff_key() - segmentation fault). (Nikita)

Phar:

  • Fixed bug #77022 (PharData always creates new files with mode 0666). (Stas)
  • Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (Stas)

PGSQL:

  • Fixed bug #77047 (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type). (Andy Gajetzki)

SOAP:

  • Fixed bug #50675 (SoapClient can't handle object references correctly). (Cameron Porter)
  • Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault). (cmb)
  • Fixed bug #77141 (Signedness issue in SOAP when precision=-1). (cmb)

Sockets:

  • Fixed bug #67619 (Validate length on socket_write). (thiagooak)

From upstream

IMAP

  • Fix #77020 null pointer dereference in imap_mail CVE-2018-19935

Comments 6

This update has been submitted for testing by remi.

This update has been pushed to testing.

remi edited this update.

New build(s):

  • php-7.2.13-2.fc28

Removed build(s):

  • php-7.2.13-1.fc28

Karma has been reset.

This update has been submitted for testing by remi.

This update has been pushed to testing.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1654228 CVE-2018-19518 php: imap_open() allows running arbitrary shell commands via mailbox parameter
#1654230 CVE-2018-19518 php: imap_open allows running arbitrary shell commands via mailbox parameter [fedora-all]
Content Type
RPM
Status
testing
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 6 days ago
in testing 2 days ago
days to stable 5
modified 3 days ago

Related Bugs 2

00 #1654228 CVE-2018-19518 php: imap_open() allows running arbitrary shell commands via mailbox parameter
00 #1654230 CVE-2018-19518 php: imap_open allows running arbitrary shell commands via mailbox parameter [fedora-all]

Automated Test Results