FEDORA-2019-7bb07c3b02 created by remi 21 days ago for Fedora 30
stable

PHP version 7.3.11 (24 Oct 2019)

Core:

  • Fixed bug #78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser)
  • Fixed bug #78620 (Out of memory error). (cmb, Nikita)

Exif :

  • Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7) (Kalle)

FPM:

  • Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043) (Jakub Zelenka)
  • Fixed bug #78413 (request_terminate_timeout does not take effect after fastcgi_finish_request). (Sergei Turchanov)

MBString:

  • Fixed bug #78579 (mb_decode_numericentity: args number inconsistency). (cmb)
  • Fixed bug #78609 (mb_check_encoding() no longer supports stringable objects). (cmb)

MySQLi:

  • Fixed bug #76809 (SSL settings aren't respected when persistent connections are used). (fabiomsouto)

Mysqlnd:

  • Fixed bug #78525 (Memory leak in pdo when reusing native prepared statements). (Nikita)

PCRE:

  • Fixed bug #78272 (calling preg_match() before pcntl_fork() will freeze child process). (Nikita)

PDO_MySQL:

  • Fixed bug #78623 (Regression caused by "SP call yields additional empty result set"). (cmb)

Session:

  • Fixed bug #78624 (session_gc return value for user defined session handlers). (bshaffer)

Standard:

  • Fixed bug #76342 (file_get_contents waits twice specified timeout). (Thomas Calvet)
  • Fixed bug #78612 (strtr leaks memory when integer keys are used and the subject string shorter). (Nikita)
  • Fixed bug #76859 (stream_get_line skips data if used with data-generating filter). (kkopachev)

Zip:

  • Fixed bug #78641 (addGlob can modify given remove_path value). (cmb)

How to install

sudo dnf upgrade --advisory=FEDORA-2019-7bb07c3b02
This update has been submitted for testing by remi. 21 days ago
This update's test gating status has been changed to 'waiting'. 21 days ago
This update's test gating status has been changed to 'ignored'. 21 days ago
This update has been pushed to testing. 17 days ago
karma
Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe. 16 days ago

Bad karma without any information / bug report is bull shit and will be ignored

User Icon lcts commented & provided feedback 16 days ago
karma

Works without issues on my system (nginx-uwsgi-php stack, various web apps), though I did not try to specifically reproduce the bugs.

remi edited this update. 15 days ago
remi edited this update. 14 days ago
This update can be pushed to stable now if the maintainer wishes 10 days ago
This update has been submitted for stable by bodhi. 10 days ago
This update has been pushed to stable. 9 days ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
21 days ago
in testing
17 days ago
in stable
9 days ago
modified
14 days ago
BZ#1766378 CVE-2019-11043 php: underflow in env_path_info in fpm_main.c
0
0
BZ#1766379 CVE-2019-11043 php: underflow in env_path_info in fpm_main.c [fedora-all]
0
0

Automated Test Results