From: Peter Korsgaard <peter@korsgaard.com>
To: buildroot@busybox.net
Subject: [Buildroot] [git commit] package/php: security bump to version 7.4.11
Date: Sun, 4 Oct 2020 11:19:51 +0200 [thread overview]
Message-ID: <20201004094312.287318E516@busybox.osuosl.org> (raw)
commit: https://git.buildroot.net/buildroot/commit/?id=51d9617474db14e4757ca3a340deccc1dc3df6c7
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
- Fix CVE-2020-7069: In PHP versions 7.2.x below 7.2.34, 7.3.x below
7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with
openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the
IV is actually used. This can lead to both decreased security and
incorrect encryption data.
- Fix CVE-2020-7070: In PHP versions 7.2.x below 7.2.34, 7.3.x below
7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP
cookie values, the cookie names are url-decoded. This may lead to
cookies with prefixes like __Host confused with cookies that decode to
such prefix, thus leading to an attacker being able to forge cookie
which is supposed to be secure. See also CVE-2020-8184 for more
information.
https://www.php.net/ChangeLog-7.php#7.4.11
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
package/php/php.hash | 2 +-
package/php/php.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/php/php.hash b/package/php/php.hash
index c383c471eb..77a0feb555 100644
--- a/package/php/php.hash
+++ b/package/php/php.hash
@@ -1,5 +1,5 @@
# From https://www.php.net/downloads.php
-sha256 c2d90b00b14284588a787b100dee54c2400e7db995b457864d66f00ad64fb010 php-7.4.10.tar.xz
+sha256 5d31675a9b9c21b5bd03389418218c30b26558246870caba8eb54f5856e2d6ce php-7.4.11.tar.xz
# License file
sha256 0967ad6cf4b7fe81d38709d7aaef3fecb3bd685be7eebb37b864aa34c991baa7 LICENSE
diff --git a/package/php/php.mk b/package/php/php.mk
index 3047bfe94d..6b528cdc33 100644
--- a/package/php/php.mk
+++ b/package/php/php.mk
@@ -4,7 +4,7 @@
#
################################################################################
-PHP_VERSION = 7.4.10
+PHP_VERSION = 7.4.11
PHP_SITE = http://www.php.net/distributions
PHP_SOURCE = php-$(PHP_VERSION).tar.xz
PHP_INSTALL_STAGING = YES
reply other threads:[~2020-10-04 9:19 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20201004094312.287318E516@busybox.osuosl.org \
--to=peter@korsgaard.com \
--cc=buildroot@busybox.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.