Package: php7.3-fpm Severity: normal Tags: security fixed-upstream I've got this info via nextcloud notification: https://nextcloud.com/blog/urgent-security-issue-in-nginx-php-fpm/
Some more details are here: https://de.tenable.com/blog/cve-2019-11043-vulnerability-in-php-fpm-could-lead-to-remote-code-execution-on-nginx I'm not sure about the severity, please adjust if necessary. -- tobi -- System Information: Debian Release: bullseye/sid APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8), LANGUAGE=de_DE.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages php7.3-fpm depends on: ii libapparmor1 2.13.3-4 ii libargon2-1 0~20171227-0.2 ii libc6 2.28-10 ii libmagic1 1:5.37-5 ii libpcre2-8-0 10.32-5 ii libsodium23 1.0.17-1 ii libssl1.1 1.1.1d-0+deb10u2 ii libsystemd0 241-7 ii libxml2 2.9.4+dfsg1-7+b3 ii mime-support 3.62 pn php7.3-cli <none> pn php7.3-common <none> pn php7.3-json <none> pn php7.3-opcache <none> ii tzdata 2019b-1 ii ucf 3.0038+nmu1 ii zlib1g 1:1.2.11.dfsg-1 php7.3-fpm recommends no packages. Versions of packages php7.3-fpm suggests: pn php-pear <none>
