Maintenance release, fixing CVE security issues for PHP.
Backported PHP CVE fixes
-
PHP version 7.1.33.25, 7.2.34.21, 7.3.33.13, 7.4.33.8 CVE fixes
-
CLI
- Fixed bug GHSA-4w77-75f9-2c8w: Heap-Use-After-Free in
sapi_read_post_dataProcessing in CLI SAPI Interface.
- Fixed bug GHSA-4w77-75f9-2c8w: Heap-Use-After-Free in
-
LDAP
- Fixed bug GHSA-g665-fm4p-vhff: OOB access in
ldap_escape. (CVE-2024-8932)
- Fixed bug GHSA-g665-fm4p-vhff: OOB access in
-
MySQLnd
- Fixed bug GHSA-h35g-vwh6-m678: Leak partial content of the heap through heap buffer over-read. (CVE-2024-8929)
-
PDO DBLIB
- Fixed bug GHSA-5hqh-c84r-qjcv: Integer overflow in the
dblibquoter causing OOB writes. (CVE-2024-11236)
- Fixed bug GHSA-5hqh-c84r-qjcv: Integer overflow in the
-
PDO Firebird
- Fixed bug GHSA-5hqh-c84r-qjcv: Integer overflow in the
firebirdquoter causing OOB writes. (CVE-2024-11236)
- Fixed bug GHSA-5hqh-c84r-qjcv: Integer overflow in the
-
Streams
- Fixed bug GHSA-c5f2-jwm7-mmq2: Configuring a proxy in a stream context might allow for CRLF injection in URIs. (CVE-2024-11234)
- Fixed bug GHSA-r977-prxv-hc43: Single byte overread with
convert.quoted-printable-decodefilter. (CVE-2024-11233)