{"update": {"autokarma": true, "autotime": true, "stable_karma": 3, "stable_days": 7, "unstable_karma": -3, "require_bugs": true, "require_testcases": true, "display_name": "", "notes": "**PHP version 8.3.6** (11 Apr 2024)\n\n**Core:**\n\n* Fixed [GH-13569](https://github.com/php/php-src/issues/13569) (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). (Arnaud)\n* Fixed bug [GH-13612](https://github.com/php/php-src/issues/13612) (Corrupted memory in destructor with weak references). (nielsdos)\n* Fixed bug [GH-13446](https://github.com/php/php-src/issues/13446) (Restore exception handler after it finishes). (ilutov)\n* Fixed bug [GH-13784](https://github.com/php/php-src/issues/13784) (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)\n* Fixed bug [GH-13670](https://github.com/php/php-src/issues/13670) (GC does not scale well with a lot of objects created in destructor). (Arnaud)\n\n**DOM:**\n\n* Add some missing ZPP checks. (nielsdos)\n* Fix potential memory leak in XPath evaluation results. (nielsdos)\n\n**FPM:**\n\n* Fixed [GH-11086](https://github.com/php/php-src/issues/11086) (FPM: config test runs twice in daemonised mode). (Jakub Zelenka)\n* Fix incorrect check in fpm_shm_free(). (nielsdos)\n\n**GD:**\n\n* Fixed bug [GH-12019](https://github.com/php/php-src/issues/12019) (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)\n\n**Gettext:**\n\n* Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)\n\n**MySQLnd:**\n\n* Fix [GH-13452](https://github.com/php/php-src/issues/13452) (Fixed handshake response [mysqlnd]). (Saki Takamachi)\n* Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)\n\n**Opcache:**\n\n* Fixed [GH-13508](https://github.com/php/php-src/issues/13508) (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)\n* Fixed [GH-13712](https://github.com/php/php-src/issues/13712) (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)\n\n**Random:**\n\n* Fixed bug [GH-13544](https://github.com/php/php-src/issues/13544) (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)\n* Fixed bug [GH-13690](https://github.com/php/php-src/issues/13690) (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)\n\n**Session:**\n\n* Fixed bug [GH-13680](https://github.com/php/php-src/issues/13680) (Segfault with session_decode and compilation error). (nielsdos)\n\n**SPL:**\n\n* Fixed bug [GH-13685](https://github.com/php/php-src/issues/13685) (Unexpected null pointer in zend_string.h). (nielsdos)\n\n**Standard:**\n\n* Fixed bug [GH-11808](https://github.com/php/php-src/issues/11808) (Live filesystem modified by tests). (nielsdos)\n* Fixed [GH-13402](https://github.com/php/php-src/issues/13402) (Added validation of `\\n` in $additional_headers of mail()). (SakiTakamachi)\n* Fixed bug [GH-13203](https://github.com/php/php-src/issues/13203) (file_put_contents fail on strings over 4GB on Windows). (divinity76)\n* Fixed bug [GHSA-pc52-254m-w9w7](https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7) (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)\n* Fixed bug [GHSA-wpj3-hf5j-x4v4](https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4) (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (**CVE-2024-2756**) (nielsdos)\n* Fixed bug [GHSA-h746-cjrr-wfmr](https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr) (password_verify can erroneously return true, opening ATO risk). (**CVE-2024-3096**) (Jakub Zelenka) Fixed bug [GHSA-fjp9-9hwx-59fq](https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq) (mb_encode_mimeheader runs endlessly for some inputs). (**CVE-2024-2757**) (Alex Dowad)\n* Fix bug [GH-13932](https://github.com/php/php-src/issues/13932) (Attempt to fix mbstring on windows build) (msvc). (David Carlier)\n\n\n", "type": "security", "status": "stable", "request": null, "severity": "medium", "suggest": "unspecified", "locked": false, "pushed": true, "critpath": false, "critpath_groups": "", "close_bugs": true, "date_submitted": "2024-04-10 06:09:18", "date_modified": "2024-04-16 05:29:04", "date_approved": "2024-04-18 00:57:22", "date_testing": "2024-04-11 00:54:59", "date_stable": "2024-04-19 21:20:20", "alias": "FEDORA-2024-5e8ae0def0", "test_gating_status": "ignored", "from_tag": null, "date_pushed": "2024-04-19 21:20:20", "meets_testing_requirements": true, "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-5e8ae0def0", "title": "php-8.3.6-1.fc40", "version_hash": "3a08b1076cc41a8f18bc292600bd64bc24fe4e11", "release": {"name": "F40", "long_name": "Fedora 40", "version": "40", "id_prefix": "FEDORA", "branch": "f40", "dist_tag": "f40", "stable_tag": "f40-updates", "testing_tag": "f40-updates-testing", "candidate_tag": "f40-updates-candidate", "pending_signing_tag": "f40-signing-pending", "pending_testing_tag": "f40-updates-testing-pending", "pending_stable_tag": "f40-updates-pending", "override_tag": "f40-override", "mail_template": "fedora_errata_template", "state": "current", "composed_by_bodhi": true, "create_automatic_updates": false, "package_manager": "dnf", "testing_repository": "updates-testing", "released_on": null, "eol": "2025-05-13", "critpath_mandatory_days_in_testing": 14, "mandatory_days_in_testing": 7, "critpath_min_karma": 2, "min_karma": 1, "setting_status": null}, "user": {"name": "remi", "email": "fedora@famillecollet.com", "id": 94, "avatar": "https://seccdn.libravatar.org/avatar/619d3923bdf71a705e6f65371e59246522f52ad96485c9731408ff28554716cf?s=24&d=retro", "openid": "remi.id.fedoraproject.org", "groups": [{"name": "packager"}, {"name": "provenpackager"}, {"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedorabugs"}, {"name": "centosproject-email-aliases"}, {"name": "sig-sclo"}]}, "comments": [{"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for testing by remi. ", "timestamp": "2024-04-10 06:09:19", "update_id": 603346, "user_id": 91, "id": 3483686, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update's test gating status has been changed to 'ignored'.", "timestamp": "2024-04-10 06:09:19", "update_id": 603346, "user_id": 91, "id": 3483687, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "remi edited this update.\n\nNew build(s):\n\n- php-8.3.6-1.fc40\n\nRemoved build(s):\n\n- php-8.3.5-1.fc40\n\nKarma has been reset.", "timestamp": "2024-04-10 15:21:21", "update_id": 603346, "user_id": 91, "id": 3484091, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to testing.", "timestamp": "2024-04-11 00:56:23", "update_id": 603346, "user_id": 91, "id": 3484596, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "remi edited this update.", "timestamp": "2024-04-16 05:27:59", "update_id": 603346, "user_id": 91, "id": 3491757, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "remi edited this update.", "timestamp": "2024-04-16 05:29:04", "update_id": 603346, "user_id": 91, "id": 3491760, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been submitted for stable by bodhi. \n\nThere is an ongoing freeze; this will be pushed to stable after the freeze is over. ", "timestamp": "2024-04-18 00:57:22", "update_id": 603346, "user_id": 91, "id": 3494646, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}, {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-04-18 13:16:26", "update_id": 603346, "user_id": 2935, "id": 3495292, "bug_feedback": [{"karma": 0, "comment_id": 3495292, "bug_id": 2275058, "bug": {"bug_id": 2275058, "title": "CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix", "security": true, "parent": true}}, {"karma": 0, "comment_id": 3495292, "bug_id": 2275059, "bug": {"bug_id": 2275059, "title": "CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 3495292, "bug_id": 2275061, "bug": {"bug_id": 2275061, "title": "CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk", "security": true, "parent": true}}, {"karma": 0, "comment_id": 3495292, "bug_id": 2275062, "bug": {"bug_id": 2275062, "title": "CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk [fedora-all]", "security": true, "parent": false}}, {"karma": 0, "comment_id": 3495292, "bug_id": 2275068, "bug": {"bug_id": 2275068, "title": "CVE-2024-2757 php: mb_encode_mimeheader runs endlessly for some inputs", "security": true, "parent": true}}, {"karma": 0, "comment_id": 3495292, "bug_id": 2275069, "bug": {"bug_id": 2275069, "title": "CVE-2024-2757 php: mb_encode_mimeheader runs endlessly for some inputs [fedora-all]", "security": true, "parent": false}}], "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}, {"karma": 0, "karma_critpath": 0, "text": "This update has been pushed to stable.", "timestamp": "2024-04-19 21:37:50", "update_id": 603346, "user_id": 91, "id": 3497414, "bug_feedback": [], "testcase_feedback": [], "user": {"name": "bodhi", "email": null, "id": 91, "avatar": "https://apps.fedoraproject.org/img/icons/bodhi-24.png", "openid": "bodhi.id.fedoraproject.org", "groups": []}}], "builds": [{"nvr": "php-8.3.6-1.fc40", "signed": true, "release_id": 76, "type": "rpm", "epoch": 0}], "bugs": [{"bug_id": 2275058, "title": "CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 3494524, "bug_id": 2275058, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-04-17 19:50:59", "update_id": 603347, "user_id": 2935, "id": 3494524, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 3495292, "bug_id": 2275058, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-04-18 13:16:26", "update_id": 603346, "user_id": 2935, "id": 3495292, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}]}, {"bug_id": 2275059, "title": "CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 3494524, "bug_id": 2275059, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-04-17 19:50:59", "update_id": 603347, "user_id": 2935, "id": 3494524, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 3495292, "bug_id": 2275059, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-04-18 13:16:26", "update_id": 603346, "user_id": 2935, "id": 3495292, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}]}, {"bug_id": 2275061, "title": "CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 3494524, "bug_id": 2275061, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-04-17 19:50:59", "update_id": 603347, "user_id": 2935, "id": 3494524, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 3495292, "bug_id": 2275061, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-04-18 13:16:26", "update_id": 603346, "user_id": 2935, "id": 3495292, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}]}, {"bug_id": 2275062, "title": "CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 3494524, "bug_id": 2275062, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-04-17 19:50:59", "update_id": 603347, "user_id": 2935, "id": 3494524, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}, {"karma": 0, "comment_id": 3495292, "bug_id": 2275062, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-04-18 13:16:26", "update_id": 603346, "user_id": 2935, "id": 3495292, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}]}, {"bug_id": 2275068, "title": "CVE-2024-2757 php: mb_encode_mimeheader runs endlessly for some inputs", "security": true, "parent": true, "feedback": [{"karma": 0, "comment_id": 3495292, "bug_id": 2275068, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-04-18 13:16:26", "update_id": 603346, "user_id": 2935, "id": 3495292, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}]}, {"bug_id": 2275069, "title": "CVE-2024-2757 php: mb_encode_mimeheader runs endlessly for some inputs [fedora-all]", "security": true, "parent": false, "feedback": [{"karma": 0, "comment_id": 3495292, "bug_id": 2275069, "comment": {"karma": 1, "karma_critpath": 0, "text": "", "timestamp": "2024-04-18 13:16:26", "update_id": 603346, "user_id": 2935, "id": 3495292, "testcase_feedback": [], "user": {"name": "imabug", "email": "eugenemah@gmail.com", "id": 2935, "avatar": "https://seccdn.libravatar.org/avatar/ea8ba927783ee0ef10e6f05f14791abf925972bac4f31aba458058d3e7907a6d?s=24&d=retro", "openid": "imabug.id.fedoraproject.org", "groups": [{"name": "ipausers"}, {"name": "fedora-contributor"}, {"name": "signed_fpca"}, {"name": "fedora-hams"}]}}}]}], "updateid": "FEDORA-2024-5e8ae0def0", "karma": 1, "content_type": "rpm", "test_cases": []}, "can_edit": false, "ci_allowed": false}