php8.1 (8.1.2-1ubuntu2.22) jammy-security; urgency=medium
* SECURITY UPDATE: Null byte termination in hostnames
- debian/patches/CVE-2025-1220.patch: check hostnames in
ext/standard/fsock.c,
ext/standard/tests/network/ghsa-3cr5-j632-f35r.phpt,
ext/standard/tests/streams/ghsa-3cr5-j632-f35r.phpt,
main/streams/xp_socket.c.
- CVE-2025-1220
* SECURITY UPDATE: pgsql extension does not check for errors during
escaping
- debian/patches/CVE-2025-1735.patch: add error checks in
ext/pdo_pgsql/pgsql_driver.c,
ext/pdo_pgsql/tests/ghsa-hrwm-9436-5mv3.phpt,
ext/pgsql/pgsql.c, ext/pgsql/tests/ghsa-hrwm-9436-5mv3.phpt.
- CVE-2025-1735
* SECURITY UPDATE: NULL Pointer Dereference in PHP SOAP Extension via
Large XML Namespace Prefix
- debian/patches/CVE-2025-6491.patch: handle large names in
ext/soap/soap.c, ext/soap/tests/soap_qname_crash.phpt.
- CVE-2025-6491
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Tue, 15 Jul 2025 08:11:22 -0400
php8.1 (8.1.2-1ubuntu2.21) jammy-security; urgency=medium
* SECURITY UPDATE: Use after free
- debian/patches/CVE-2024-11235.patch: fix incorrect live-range
calculation in Zend/zend_opcode.c and add tests in
Zend/tests/ghsa-rwp7-7vc6-8477_001.phpt,
Zend/tests/ghsa-rwp7-7vc6-8477_002.phpt,
Zend/tests/ghsa-rwp7-7vc6-8477_003.phpt.
- CVE-2024-11235
* SECURITY UPDATE: Incorrect MIME type
- debian/patches/CVE-2025-1217.patch: adds HTTP header folding
support for HTTP wrapper response headers in
ext/standard/http_fopen_wrapper.c and add tests in
ests/http/ghsa-v8xr-gpvj-cx9g-001.phpt,
tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt,
tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt,
tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt,
tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt,
tests/http/http_response_header_05.phpt.
- CVE-2025-1217
* SECURITY UPDATE: Wrong content-type requesting a redirected resource
- debian/patches/CVE-2025-1219.patch: fix in ext/libxml/mime_sniff.c.
- CVE-2025-1219
* SECURITY UPDATE: Invalid header
- debian/patches/CVE-2025-1734.patch: fix in ext/standard/http_fopen_wrapper.c
and add tests in
ext/standard/tests/http/bug47021.phpt,
ext/standard/tests/http/bug75535.phpt,
tests/http/ghsa-pcmh-g36c-qc44-001.phpt,
tests/http/ghsa-pcmh-g36c-qc44-002.phpt.
- CVE-2025-1734
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2025-1736.patch: httu user header check
of crlf in ext/standard/http_fopen_wrapper.c and add tests
in tests/http/ghsa-hgf5-96fm-v528-001.phpt,
tests/http/ghsa-hgf5-96fm-v528-002.phpt,
tests/http/ghsa-hgf5-96fm-v528-003.phpt.
- CVE-2025-1736
* SECURITY UPDATE: Location truncation
- debian/patches/CVE-2025-1861.patch: converts the
allocation of location to be on heap instead of stack
in ext/standard/http_fopen_wrapper.c and add tests in
tests/http/ghsa-52jp-hrpf-2jff-001.phpt,
tests/http/ghsa-52jp-hrpf-2jff-002.phpt.
- CVE-2025-1861
* debian/patches/0001-Fix-GH-16955-Use-empheral-ports-for-OpenSSL-server-c.patch
added in order to fix all the tests added in the CVE above.
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Mon, 24 Mar 2025 16:04:23 -0300
php8.1 (8.1.2-1ubuntu2.20) jammy-security; urgency=medium
* SECURITY UPDATE: Buffer over read
- debian/patches/CVE-2024-11233.patch: re arrange
bound check code in ext/standard/filters.c,
ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt.
- CVE-2024-11233
* SECURITY UPDATE: HTTP request smuggling
- debian/patches/CVE-2024-11234.patch: avoiding
fulluri CRLF injection in ext/standard/http_fopen_wrapper.c.
.../tests/http/ghsa-c5f2-jwm7-mmq2.phpt.
- CVE-2024-11234
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2024-11236-1.patch: adding an extralen check
to avoid integer overflow in ext/pdo_dblib/dblib_driver.c,
ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt.
- debian/patches/CVE-2024-11236-2.patch: change qcount to size_t in
order to avoid integer overflow and adding checks in
ext/pdo_firebird/firebird_driver.c.
- CVE-2024-11236
* SECURITY UPDATE: Heap buffer over-reads
- debian/patches/CVE-2024-8929.patch: fix buffer over-reads in
ext/mysqlnd/mysqlnd_ps_codec.c,
ext/mysqlnd/mysqlnd_wireprotocol.c, and create some phpt tests.
- CVE-2024-8929
* SECURITY UPDATE: Integer overflow
- debian/patches/CVE-2024-8932.patch: fix OOB in access in
ldap_escape in ext/ldap/ldap.c,
ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt,
ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt.
- CVE-2024-8932
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Tue, 03 Dec 2024 17:14:35 -0300
php8.1 (8.1.2-1ubuntu2.19) jammy-security; urgency=medium
* SECURITY UPDATE: Erroneous parsing of multipart form data
- debian/patches/CVE-2024-8925.patch: limit bounday size in
main/rfc1867.c, tests/basic/*.
- CVE-2024-8925
* SECURITY UPDATE: cgi.force_redirect configuration can be bypassed due
to environment variable collision
- debian/patches/CVE-2024-8927.patch: check for REDIRECT_STATUS in
sapi/cgi/cgi_main.c.
- CVE-2024-8927
* SECURITY UPDATE: Logs from childrens may be altered
- debian/patches/CVE-2024-9026.patch: properly calculate size in
sapi/fpm/fpm/fpm_stdio.c, sapi/fpm/tests/*.
- CVE-2024-9026
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 30 Sep 2024 12:25:25 -0400
php8.1 (8.1.2-1ubuntu2.18) jammy-security; urgency=medium
* SECURITY UPDATE: Invalid user information
- debian/patches/CVE-2024-5458.patch: improves filters validation
in ext/filter/logical_filters.c and adds test
in ext/filter/tests/ghsa-w8qr-v226-r27w.phpt.
- CVE-2024-5458
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Fri, 14 Jun 2024 12:52:55 -0300
php8.1 (8.1.2-1ubuntu2.17) jammy-security; urgency=medium
* SECURITY UPDATE: Heap buffer-overflow
- debian/patches/CVE-2022-4900.patch: prevent potential buffer
overflow for large valye of php_cli_server_workers_max in
sapi/cli/php_cli_server.c.
- CVE-2022-4900
* SECURITY UPDATE: Cookie by pass
- debian/patches/CVE-2024-2756.patch: adds more mangling rules
in main/php_variable.c.
- CVE-2024-2756
* SECURITY UPDATE: Account take over risk
- debian/patches/CVE-2024-3096.patch: disallow null character in bcrypt
password in ext/standard/password.c,
ext/standard/tests/password_bcrypt_errors.phpt.
- CVE-2024-3096
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Wed, 01 May 2024 07:10:07 -0300
php8.1 (8.1.2-1ubuntu2.16) jammy; urgency=medium
* d/p/fix-segfault-in-fpm_status_export_to_zval.patch: fix
segmentation fault in fpm_status_export_to_zval. (LP: #2057576)
-- Athos Ribeiro <athos.ribeiro@canonical.com> Wed, 10 Apr 2024 08:54:30 -0300
php8.1 (8.1.2-1ubuntu2.15) jammy; urgency=medium
* d/p/fix-attribute-instantion-dangling-pointer.patch: Fix sigsegv from
dangling pointer on attribute observer. (LP: #2054621)
* d/p/fix-attribute-instantion-memory-overflow-recovery.patch: Fix sigsegv
during memory overflow recovery on attribute observer.
-- Brian Morton <rokclimb15@gmail.com> Fri, 23 Feb 2024 12:26:53 -0500
php8.1 (8.1.2-1ubuntu2.14) jammy-security; urgency=medium
* SECURITY UPDATE: Disclosure sensitive information
- debian/patches/CVE-2023-3823.patch: sanitieze libxml2 globals
before parsing in ext/dom/document.c, ext/dom/documentfragment.c,
xml_global_state_entity_loader_bypass.phpt, ext/libxml/php_libxml.h,
ext/simplexml/simplexml.c, xml_global_state_entity_loader_bypass.phpt,
ext/soap/php_xml.c, ext/xml/compat.c, ext/xmlreader/php_xmlreader.c,
xml_global_state_entity_loader_bypass.phpt, ext/xsl/xsltprocessor.c,
ext/zend_test/test.c, ext/zend_test/test.stub.php.
- CVE-2023-3823
* SECURITY UPDATE: Stack buffer overflow
- debian/patches/CVE-2023-3824.patch: fix buffer mismanagement in
phar_dir_read(), and in files ext/phar/dirstream.c,
ext/phar/tests/GHSA-jqcx-ccgx-xwhv.phpt.
- CVE-2023-3824
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Fri, 18 Aug 2023 08:41:11 -0300
php8.1 (8.1.2-1ubuntu2.13) jammy-security; urgency=medium
* SECURITY UPDATE: Missing error check and insufficient random
bytes
- debian/patches/CVE-2023-3247-1.patch: fixes missing randomness
check and insufficient random byes for SOAP HTTP digest
in ext/soap/php_http.c.
- debian/patches/CVE-2023-3247-2.patch: fix wrong backporting of previous
soap patch.
- CVE-2023-3247
-- Leonidas Da Silva Barbosa <leo.barbosa@canonical.com> Wed, 28 Jun 2023 11:01:49 -0300
# For older changelog entries, run 'apt-get changelog php8.1-common'
Generated by dwww version 1.14 on Tue Aug 26 18:59:27 CEST 2025.