From ba8f13e5d7caaa17d473b3532b3819826df6dfe6 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Thu, 5 Dec 2024 22:31:07 +0100 Subject: [PATCH] package/php: security bump to version 8.2.26 Fixes the following security issues: - Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface https://github.com/php/php-src/security/advisories/GHSA-4w77-75f9-2c8w - CVE-2024-8932: OOB access in ldap_escape https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff - CVE-2024-8929: [Mysqlnd] Leak partial content of the heap through heap buffer over-read https://github.com/php/php-src/security/advisories/GHSA-h35g-vwh6-m678 - CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter https://github.com/php/php-src/security/advisories/GHSA-r977-prxv-hc43 - CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs https://github.com/php/php-src/security/advisories/GHSA-c5f2-jwm7-mmq2 - CVE-2024-11236: Integer overflow in the firebird and dblib quoters causing OOB writes https://github.com/php/php-src/security/advisories/GHSA-5hqh-c84r-qjcv Changelog: https://www.php.net/ChangeLog-8.php#8.2.26 Signed-off-by: Peter Korsgaard --- package/php/php.hash | 2 +- package/php/php.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/php/php.hash b/package/php/php.hash index 6615e159b6..788efe39b6 100644 --- a/package/php/php.hash +++ b/package/php/php.hash @@ -1,5 +1,5 @@ # From https://www.php.net/downloads.php -sha256 330b54876ea1d05ade12ee9726167332058bccd58dffa1d4e12117f6b4f616b9 php-8.2.25.tar.xz +sha256 54747400cb4874288ad41a785e6147e2ff546cceeeb55c23c00c771ac125c6ef php-8.2.26.tar.xz # License file sha256 b42e4df5e50e6ecda1047d503d6d91d71032d09ed1027ba1ef29eed26f890c5a LICENSE diff --git a/package/php/php.mk b/package/php/php.mk index 372aad916f..be53e13908 100644 --- a/package/php/php.mk +++ b/package/php/php.mk @@ -4,7 +4,7 @@ # ################################################################################ -PHP_VERSION = 8.2.25 +PHP_VERSION = 8.2.26 PHP_SITE = https://www.php.net/distributions PHP_SOURCE = php-$(PHP_VERSION).tar.xz PHP_INSTALL_STAGING = YES