stable

php-8.2.18-1.fc39

FEDORA-2024-b46619f761 created by remi 10 months ago for Fedora 39

PHP version 8.2.18 (11 Apr 2024)

Core:

  • Fixed bug GH-13612 (Corrupted memory in destructor with weak references). (nielsdos)
  • Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
  • Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). (Arnaud)

DOM:

  • Add some missing ZPP checks. (nielsdos)
  • Fix potential memory leak in XPath evaluation results. (nielsdos)
  • Fix phpdoc for DOMDocument load methods. (VincentLanglet)

FPM

  • Fix incorrect check in fpm_shm_free(). (nielsdos)

GD:

  • Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

Gettext:

  • Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. (David Carlier)

MySQLnd:

  • Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
  • Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

Opcache:

  • Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). (Arnaud, Dmitry)
  • Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). (Bob)

PDO:

  • Fix various PDORow bugs. (Girgias)

Random:

  • Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). (timwolla)
  • Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). (timwolla)

Session:

  • Fixed bug GH-13680 (Segfault with session_decode and compilation error). (nielsdos)

Sockets:

  • Fixed bug GH-13604 (socket_getsockname returns random characters in the end of the socket name). (David Carlier)

SPL:

  • Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized in PHP 8.2.15). (nielsdos)
  • Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

Standard:

  • Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
  • Fixed GH-13402 (Added validation of \n in $additional_headers of mail()). (SakiTakamachi)
  • Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). (divinity76)
  • Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
  • Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
  • Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

XML:

  • Fixed bug GH-13517 (Multiple test failures when building with --with-expat). (nielsdos)

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2024-b46619f761

This update has been submitted for testing by remi.

10 months ago

This update's test gating status has been changed to 'ignored'.

10 months ago

This update has been pushed to testing.

10 months ago

remi edited this update.

10 months ago
User Icon imabug provided feedback 10 months ago
karma

This update has been submitted for stable by bodhi.

10 months ago

This update has been pushed to stable.

10 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
1
Signed
Content Type
RPM
Test Gating
Autopush Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
10 months ago
in testing
10 months ago
in stable
10 months ago
modified
10 months ago
approved
10 months ago
BZ#2275058 CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix
0
0
BZ#2275059 CVE-2024-2756 php: host/secure cookie bypass due to partial CVE-2022-31629 fix [fedora-all]
0
0
BZ#2275061 CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk
0
0
BZ#2275062 CVE-2024-3096 php: password_verify can erroneously return true, opening ATO risk [fedora-all]
0
0

Automated Test Results