Source: php8.1 X-Debbugs-CC: t...@security.debian.org Severity: grave Tags: security
Hi, The following vulnerability was published for php8.1. It's specific to 8.1.x CVE-2022-31627[0]: | In PHP versions 8.1.x below 8.1.8, when fileinfo functions, such as | finfo_buffer, due to incorrect patch applied to the third party code | from libmagic, incorrect function may be used to free allocated | memory, which may lead to heap corruption. PHP Bug: https://bugs.php.net/bug.php?id=81723 https://github.com/php/php-src/commit/ca6d511fa54b34d5b75bf120a86482a1b9e1e686 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-31627 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31627 Please adjust the affected versions in the BTS as needed.