FEDORA-2019-3f4ba94260

security update in Fedora 30 for php

Status: testing 19 days ago

PHP version 7.3.3 (07 Mar 2019)

Core:

  • Fixed bug #77589 (Core dump using parse_ini_string with numeric sections). (Laruence)
  • Fixed bug #77329 (Buffer Overflow via overly long Error Messages). (Dmitry)
  • Fixed bug #77494 (Disabling class causes segfault on member access). (Dmitry)
  • Fixed bug #77498 (Custom extension Segmentation fault when declare static property). (Nikita)
  • Fixed bug #77530 (PHP crashes when parsing (2)::class). (Ekin)
  • Fixed bug #77546 (iptcembed broken function). (gdegoulet)
  • Fixed bug #77630 (rename() across the device may allow unwanted access during processing). (Stas)

EXIF:

  • Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). (Stas)
  • Fixed bug #77540 (Invalid Read on exif_process_SOFn). (Stas)
  • Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas)
  • Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (Stas)

Mbstring:

  • Fixed bug #77514 (mb_ereg_replace() with trailing backslash adds null byte). (Nikita)

MySQL

  • Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql. (Darek Slusarczyk)

OpenSSL:

  • Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS records). (Abyl Valg, Jakub Zelenka)

PHAR:

  • Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename). (bishop)
  • Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow). (bishop)

phpdbg:

  • Fixed bug #76596 (phpdbg support for display_errors=stderr). (kabel)

SPL:

  • Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries). (Ahmed Abdou)
  • Fixed bug #77431 (openFile() silently truncates after a null byte). (cmb)

Standard:

  • Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions). (John Stevenson)
  • Fixed bug #77612 (setcookie() sets incorrect SameSite header if all of its options filled). (Nikita)

How to install

sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2019-3f4ba94260

Comments 8

This update has been submitted for testing by remi.

remi edited this update.

php-7.3.3-1.fc30 ejected from the push because "Cannot find relevant tag for php-7.3.3-1.fc30. None of ['f30-updates-candidate', 'f30-updates-testing-pending'] are in ['f22-updates-candidate', 'f21-updates-candidate', 'f25-updates-candidate', 'f24-updates-candidate', 'f23-updates-candidate', 'f28-updates-candidate', 'f26-updates-candidate', 'dist-6E-epel-testing-candidate', 'epel7-testing-candidate', 'dist-5E-epel-testing-candidate', 'f27-modular-updates-candidate', 'f28-modular-updates-candidate', 'f29-updates-candidate', 'f29-modular-updates-candidate', 'f29-container-updates-candidate', 'f28-container-updates-candidate', 'f29-flatpak-updates-candidate', 'f27-updates-candidate']."

This update has been submitted for testing by mohanboddu.

This update has been pushed to testing.

This update has reached 3 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by remi.

This update has been submitted for stable by remi.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

Content Type
RPM
Status
testing
Test Gating
Request
stable
Submitted by
Update Type
security
Update Severity
high
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush
Enabled
Dates
submitted 19 days ago
in testing 19 days ago
modified 19 days ago

Automated Test Results