Category Archives: Advisories

php-8.1.11-1.fc37

Read Time:1 Minute, 16 Second

FEDORA-2022-580da6af27

Packages in this update:

php-8.1.11-1.fc37

Update description:

PHP version 8.1.11 (29 Sep 2022)

Core:

Fixed bug php#81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628). (cmb)
Fixed bug php#81727: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629). (Derick)
Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
Fixed bug GH-9361 (Segmentation fault on script exit php#9379). (cmb, Christian Schneider)
Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class constants in constant expressions). (ilutov)

DOM:

Fixed bug php#79451 (DOMDocument->replaceChild on doctype causes double free). (Nathan Freeman)

FPM:

Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload). (Dmitry Menshikov)
Fixed bug php#77780 (“Headers already sent…” when previous connection was aborted). (Jakub Zelenka)

GMP

Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()). (Girgias)

Intl

Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter). (Girgias)

PCRE:

Fixed pcre.jit on Apple Silicon. (Niklas Keller)

PDO_PGSQL:

Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed). (Yurunsoft)

Reflection:

Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure). (cmb, Nicolas Grekas)

Streams:

Fixed bug GH-9316 ($http_response_header is wrong for long status line). (cmb, timwolla)

Read More

CVE-2021-41433

Read Time:9 Second

SQL Injection vulnerability exists in version 1.0 of the Resumes Management and Job Application Website application login form by EGavilan Media that allows authentication bypass through login.php.

Read More