php7.2 (7.2.24-0ubuntu0.18.04.3) bionic-security; urgency=medium * SECURITY UPDATE: Out of bounds read - debian/patches/CVE-2020-7059.patch: fix OOB read in php_strip_tags_ex in ext/standard/string.c and added test ext/standard/tests/file/bug79099.phpt. - CVE-2020-7059 * SECURITY UPDATE: Buffer-overflow - debian/patches/CVE-2020-7060.patch: fix adding a check function is_in_cp950_pua in ext/mbstring/libmbfl/filters/mbfilter_big5.c and added test ext/mbstring/tests/bug79037.phpt. - CVE-2020-7060 -- Leonidas S. Barbosa Tue, 11 Feb 2020 12:55:52 -0300 php7.2 (7.2.24-0ubuntu0.18.04.2) bionic-security; urgency=medium * SECURITY UPDATE: silently truncates a class after a null byte - debian/patches/CVE-2019-11045.patch: not accept arbitrary strings in ext/spl/spl_directory.c, ext/spl/tests/bug78863.phpt. - CVE-2019-11045 * SECURITY UPDATE: Buffer underflow - debian/patches/CVE-2019-11046.patch: not rely on `isdigit()` to detect digits in ext/bcmath/libbcmath/src/str2num.c, ext/bcmath/tests/bug78878.phpt. - CVE-2019-11046 * SECURITY UPDATE: Heap-buffer-overflow - debian/patches/CVE-2019-11047.patch: fix in ext/exif/exif.c, ext/exif/tests/bug78910.phpt. - CVE-2019-11047 * SECURITY UPDATE: Use-after-free - debian/patches/CVE-2019-11050.patch: fix in ext/exif/exif.c, ext/exif/tests/bug78793.phpt. - CVE-2019-11050 -- Leonidas S. Barbosa Mon, 13 Jan 2020 15:39:59 -0300 php7.2 (7.2.24-0ubuntu0.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: updated to 7.2.24 to fix security issue - CVE-2019-11043 * Rebased patches: - debian/patches/0022-lp564920-fix-big-files.patch * Removed patches no longer required: - debian/patches/CVE-2019-11041.patch - debian/patches/CVE-2019-11042.patch -- Marc Deslauriers Mon, 28 Oct 2019 08:07:07 -0400 php7.2 (7.2.19-0ubuntu0.18.04.2) bionic-security; urgency=medium * SECURITY UPDATE: Heap-buffer-overflow - debian/patches/CVE-2019-11041.patch: check Thumbnail.size in order to avoid an overflow in ext/exif.exif.c and adding test to ext/exif/tests/bug78222.phpt. - CVE-2019-11041 * SECURITY UPDATE: Heap-buffer-overflow - debian/patches/CVE-2019-11042.patch: check ByteCount in order to avoid an overflow in ext/exif/exif.c and adding tests to ext/exif/tests/bug78256.phpt. - CVE-2019-11042 -- Leonidas S. Barbosa Mon, 12 Aug 2019 16:34:28 -0300 php7.2 (7.2.19-0ubuntu0.18.04.1) bionic-security; urgency=medium * Updated to 7.2.19 to fix multiple security issues. - CVE-2019-11036 - CVE-2019-11039 - CVE-2019-11040 * Refreshed patches: - debian/patches/0039-hack-phpdbg-to-explicitly-link-with-libedit.patch -- Marc Deslauriers Tue, 04 Jun 2019 10:48:12 -0400 php7.2 (7.2.17-0ubuntu0.18.04.1) bionic-security; urgency=medium * Updated to 7.2.17 to fix multiple security issues. - CVE-2019-11034 - CVE-2019-11035 * Refreshed patches: - debian/patches/0013-Add-support-for-use-of-the-system-timezone-database.patch * Removed patches included in new version: - debian/patches/CVE-2019-9637.patch - debian/patches/CVE-2019-9638-and-CVE-2019-9639-1.patch - debian/patches/CVE-2019-9638-and-CVE-2019-9639-2.patch - debian/patches/CVE-2019-9640.patch - debian/patches/CVE-2019-9641.patch - debian/patches/CVE-2019-9675.patch -- Marc Deslauriers Thu, 18 Apr 2019 10:12:38 -0400 php7.2 (7.2.15-0ubuntu0.18.04.2) bionic-security; urgency=medium * SECURITY UPDATE: Unauthorized users access - debian/patches/CVE-2019-9637.patch: fix in main/streams/plain_wrapper.c. - CVE-2019-9637 * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE - debian/patches/CVE-2019-9638-and-CVE-2019-9639-*.patch: fix in ext/exif/exif.c, added tests in ext/exif/tests/bug77563.jpg, ext/exif/tests/bug77563.phpt. - CVE-2019-9638 - CVE-2019-9639 * SECURITY UPDATE: Invalid read - debian/patches/CVE-2019-9640.patch: fix in ext/exif/exif.c, added tests in ext/exif/tests/bug77540.jpg, ext/exif/tests/bug77540.phpt. - CVE-2019-9640 * SECURITY UPDATE: Unitialized read - debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c. - CVE-2019-9641 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2019-9675.patch: fix in ext/phar/tar.c, added tests in ext/phar/tests/bug71488.phpt, ext/phar/tests/bug77586,phpt, ext/phar/tests/bug77586/files/*. -- Leonidas S. Barbosa Fri, 22 Mar 2019 14:05:14 -0300 php7.2 (7.2.15-0ubuntu0.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: Update to 7.2.15 to fix security issues - CVE-2018-19935 - CVE-2018-19518 -- Mike Salvatore Fri, 08 Feb 2019 09:54:22 -0500 php7.2 (7.2.10-0ubuntu0.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: Update to 7.2.10 to fix security issues - CVE-2015-9253 - CVE-2018-14851 - CVE-2018-14883 -- Marc Deslauriers Thu, 13 Sep 2018 09:45:02 -0400 php7.2 (7.2.7-0ubuntu0.18.04.2) bionic-security; urgency=medium * SECURITY UPDATE: 7.2.7 did not actually include the fix for the CVE-2018-12882 exif security issue. This release adds backported patches to fix the issue. - debian/patches/CVE-2018-12882-1.patch: fix heap use after free in _php_stream_free in ext/exif/exif.c, ext/exif/tests/bug76409.phpt. - debian/patches/CVE-2018-12882-2.patch: fix test portability in ext/exif/tests/bug76409.phpt. - CVE-2018-12882 -- Marc Deslauriers Wed, 04 Jul 2018 12:55:24 -0400 php7.2 (7.2.7-0ubuntu0.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: Update to 7.2.7 to fix security issue - CVE-2018-12882 -- Marc Deslauriers Tue, 03 Jul 2018 11:16:52 -0400 php7.2 (7.2.5-0ubuntu0.18.04.1) bionic-security; urgency=medium * SECURITY UPDATE: Update to 7.2.5 to fix security issues - CVE-2018-10545, CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549 * d/p/0036-php-5.4.9-fixheader.patch: updated for new version. -- Marc Deslauriers Wed, 09 May 2018 13:21:02 -0400 php7.2 (7.2.3-1ubuntu1) bionic; urgency=medium * Merge with Debian unstable (LP: #1744148). Remaining changes: - Drop dh-php from Recommends to Suggests so it can be demoted to universe as it depends on xml2/universe. -- Nishanth Aravamudan Wed, 14 Mar 2018 15:03:58 -0700 php7.2 (7.2.3-1) unstable; urgency=medium * New upstream version 7.2.3 * Rebase patches on top of new upstream release. -- Ondřej Surý Tue, 06 Mar 2018 11:15:04 +0000 php7.2 (7.2.2-3) unstable; urgency=medium * Add explicit libpcre3 >= 2:8.35 dependency as dh_genshlibs is failing to add versioned dependency for some reason. -- Ondřej Surý Tue, 06 Feb 2018 16:07:40 +0000 php7.2 (7.2.2-2) unstable; urgency=medium * Remove explicit libpcre3 dependency and let dh_genshlibs do its magic -- Ondřej Surý Tue, 06 Feb 2018 13:00:04 +0000 php7.2 (7.2.2-1ubuntu2) bionic; urgency=medium * No-change rebuild against libcurl4 -- Steve Langasek Wed, 28 Feb 2018 08:43:55 +0000 php7.2 (7.2.2-1ubuntu1) bionic; urgency=low * Merge from Debian unstable. Remaining changes: - Drop dh-php from Recommends to Suggests so it can be demoted to universe as it depends on xml2/universe. -- Dimitri John Ledkov Fri, 09 Feb 2018 21:18:55 +0000 php7.2 (7.2.2-1) unstable; urgency=medium * New upstream version 7.2.2 * Rebase patches on top of new upstream release * Regenerate d/control to finish php7.2-sodium removal -- Ondřej Surý Thu, 01 Feb 2018 15:19:04 +0000 php7.2 (7.2.1-1ubuntu2) bionic; urgency=medium * d/control.in: also needs update to keep dh-php in universe. -- Nishanth Aravamudan Wed, 31 Jan 2018 10:36:35 -0800 php7.2 (7.2.1-1ubuntu1) bionic; urgency=medium * Drop dh-php from Recommends to Suggests so it can be demoted to universe (LP #1590623). + dh-php has gained a dependency on xml2 which is in universe. -- Nishanth Aravamudan Thu, 25 Jan 2018 11:32:42 -0800 php7.2 (7.2.1-1) unstable; urgency=medium * Update the Vcs-* to salsa.d.o * Slightly update debian/copyright (most changes were already in) * New upstream version 7.2.1 * Rebase patches on top of new upstream release -- Ondřej Surý Fri, 05 Jan 2018 11:21:04 +0000 php7.2 (7.2.0-2) unstable; urgency=medium * Get rid of extra php7.2-sodium module -- Ondřej Surý Wed, 06 Dec 2017 14:15:47 +0000 php7.2 (7.2.0-1) unstable; urgency=low * Update PHP 7.2 signing keys * New upstream version 7.2.0 * Rebase patches for new upstream release. -- Ondřej Surý Thu, 30 Nov 2017 13:55:57 +0000 php7.2 (7.2.0~rc6-1) unstable; urgency=medium * New upstream version 7.2.0~rc6 * Rebase patches for new upstream version. -- Ondřej Surý Sun, 12 Nov 2017 03:30:05 +0000 php7.2 (7.2.0~rc5-1) unstable; urgency=medium * New upstream version 7.2.0~rc5 * Rebase patches for new upstream release -- Ondřej Surý Fri, 27 Oct 2017 13:33:55 +0000 php7.2 (7.2.0~rc4-2) unstable; urgency=medium * Fix the usage of internal allocator in xmlrpc extension -- Ondřej Surý Tue, 24 Oct 2017 18:54:46 +0000 php7.2 (7.2.0~rc4-1) unstable; urgency=medium * New upstream version 7.2.0~rc4 * Rebase patches on top of new upstream version 7.2.0~rc4 -- Ondřej Surý Sun, 22 Oct 2017 13:07:11 +0000 php7.2 (7.2.0~rc3-1) unstable; urgency=medium * New upstream version 7.2.0~rc3 * Refresh patches for PHP 7.2.0~rc3 -- Ondřej Surý Thu, 28 Sep 2017 18:26:49 +0200 php7.2 (7.2.0~rc2-1) unstable; urgency=medium * New upstream version 7.2.0~rc2 * Rebase patches on top of PHP 7.2.0~rc2 -- Ondřej Surý Mon, 18 Sep 2017 11:24:14 +0200 php7.2 (7.2.0~rc1-1) unstable; urgency=medium * New upstream version 7.2.0~rc1 * Rebase patches on top of PHP 7.2.0~rc1 * Update d/copyright (License check courtesy of Luca Falavigna) * Rewrap the files in d/ with wrap-and-sort -a -- Ondřej Surý Thu, 31 Aug 2017 14:00:16 +0200 php7.2 (7.2.0~beta3-2) unstable; urgency=medium * Enable Argon2 support for password hashing functions * Enable shared libsodium extension -- Ondřej Surý Fri, 25 Aug 2017 11:35:23 +0200 php7.2 (7.2.0~beta3-1) unstable; urgency=medium * Allow libgcrypt11-dev when it's not a transitional package * New upstream version 7.2.0~beta3 * Refresh patches on top of PHP 7.2.0~beta3 -- Ondřej Surý Fri, 18 Aug 2017 15:00:36 +0200 php7.2 (7.2.0~beta2-2) experimental; urgency=medium * Update Vcs-* links to https://gitlab.com/deb.sury.org/... * Stop depending on obsolete automake1.11 * Switch build-depends to libgcrypt20-dev -- Ondřej Surý Fri, 04 Aug 2017 11:56:09 +0200 php7.2 (7.2.0~beta2-1) experimental; urgency=medium * Update d/watch for PHP 7.2 * New upstream version 7.2.0~beta2 * Rebase patches for PHP 7.2.0~beta2 -- Ondřej Surý Thu, 03 Aug 2017 20:42:38 +0200 php7.2 (7.2.0~beta1-1) experimental; urgency=medium * New upstream version 7.2.0~beta1 * Enable support for libsodium crypto * Rebase patches on top of PHP 7.2.0~beta1 * Update phpapi for PHP 7.2 to 20170718 -- Ondřej Surý Thu, 27 Jul 2017 13:29:34 +0200 php7.2 (7.2.0~alpha3-1) experimental; urgency=medium * New upstream version 7.2.0~alpha3 * Rebase patches on top of PHP 7.2.0~alpha3 * Update d/rules with configure.in -> configure.ac rename * Remove mcrypt extension that has been removed upstream * Update phpapi to 20160731 -- Ondřej Surý Thu, 06 Jul 2017 13:50:44 +0200