FEDORA-2019-f07db8f031

security update in Fedora 29 for php

Status: stable 15 days ago

PHP version 7.2.21 (01 Aug 2019)

Date:

  • Fixed bug #69044 (discrepency between time and microtime). (krakjoe)

EXIF:

  • Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042) (Stas)
  • Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041) (Stas)

Fileinfo:

  • Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file). (Joshua Westerheide)

FTP:

  • Fixed bug #77124 (FTP with SSL memory leak). (Nikita)

Libxml:

  • Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)). (Nikita)

LiteSpeed:

  • Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode). (George Wang)
  • Fixed bug #76058 (After "POST data can't be buffered", using php://input makes huge tmp files). (George Wang)

Openssl:

  • Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream). (Nikita)

OPcache:

  • Fixed bug #78189 (file cache strips last character of uname hash). (cmb)
  • Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM). (cmb)
  • Fixed bug #78291 (opcache_get_configuration doesn't list all directives). (Andrew Collington)

Phar:

  • Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN). (cmb)

Phpdbg:

  • Fixed bug #78297 (Include unexistent file memory leak). (Nikita)

PDO_Sqlite:

  • Fixed bug #78192 (SegFault when reuse statement after schema has changed). (Vincent Quatrevieux)

Standard:

  • Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit). (cmb)
  • Fixed bug #78269 (password_hash uses weak options for argon2). (Remi)

XMLRPC:

  • Fixed bug #78173 (XML-RPC mutates immutable objects during encoding). (Asher Baker)

Comments 8

This update has been submitted for testing by remi.

This update's test gating status has been changed to 'waiting'.

This update's test gating status has been changed to 'ignored'.

remi edited this update.

This update has been pushed to testing.

This update can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
medium
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Enabled
Dates
submitted 24 days ago
in testing 23 days ago
in stable 15 days ago
modified 24 days ago

Automated Test Results