FEDORA-2019-7bb07c3b02 created by remi 7 months ago for Fedora 30
stable

PHP version 7.3.11 (24 Oct 2019)

Core:

  • Fixed bug #78535 (auto_detect_line_endings value not parsed as bool). (bugreportuser)
  • Fixed bug #78620 (Out of memory error). (cmb, Nikita)

Exif :

  • Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7) (Kalle)

FPM:

  • Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043) (Jakub Zelenka)
  • Fixed bug #78413 (request_terminate_timeout does not take effect after fastcgi_finish_request). (Sergei Turchanov)

MBString:

  • Fixed bug #78579 (mb_decode_numericentity: args number inconsistency). (cmb)
  • Fixed bug #78609 (mb_check_encoding() no longer supports stringable objects). (cmb)

MySQLi:

  • Fixed bug #76809 (SSL settings aren't respected when persistent connections are used). (fabiomsouto)

Mysqlnd:

  • Fixed bug #78525 (Memory leak in pdo when reusing native prepared statements). (Nikita)

PCRE:

  • Fixed bug #78272 (calling preg_match() before pcntl_fork() will freeze child process). (Nikita)

PDO_MySQL:

  • Fixed bug #78623 (Regression caused by "SP call yields additional empty result set"). (cmb)

Session:

  • Fixed bug #78624 (session_gc return value for user defined session handlers). (bshaffer)

Standard:

  • Fixed bug #76342 (file_get_contents waits twice specified timeout). (Thomas Calvet)
  • Fixed bug #78612 (strtr leaks memory when integer keys are used and the subject string shorter). (Nikita)
  • Fixed bug #76859 (stream_get_line skips data if used with data-generating filter). (kkopachev)

Zip:

  • Fixed bug #78641 (addGlob can modify given remove_path value). (cmb)

How to install

sudo dnf upgrade --advisory=FEDORA-2019-7bb07c3b02

This update has been submitted for testing by remi.

7 months ago

This update's test gating status has been changed to 'waiting'.

7 months ago

This update's test gating status has been changed to 'ignored'.

7 months ago

This update has been pushed to testing.

7 months ago
karma

Bodhi is disabling automatic push to stable due to negative karma. The maintainer may push manually if they determine that the issue is not severe.

7 months ago

Bad karma without any information / bug report is bull shit and will be ignored

User Icon lcts commented & provided feedback 7 months ago
karma

Works without issues on my system (nginx-uwsgi-php stack, various web apps), though I did not try to specifically reproduce the bugs.

remi edited this update.

7 months ago

remi edited this update.

7 months ago

This update can be pushed to stable now if the maintainer wishes

6 months ago

This update has been submitted for stable by bodhi.

6 months ago

This update has been pushed to stable.

6 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
7 months ago
in testing
7 months ago
in stable
6 months ago
modified
7 months ago
BZ#1766378 CVE-2019-11043 php: underflow in env_path_info in fpm_main.c
0
0
BZ#1766379 CVE-2019-11043 php: underflow in env_path_info in fpm_main.c [fedora-all]
0
0

Automated Test Results