Author: Tim Düsterhus (TimWolla) Committer: GitHub (web-flow) Pusher: saundefined Date: 2024-10-02T15:52:25+05:00
Commit: https://github.com/php/web-php/commit/acd86a16d9f8e22e8b7cbc0d0644df9ea9130bdd Raw diff: https://github.com/php/web-php/commit/acd86a16d9f8e22e8b7cbc0d0644df9ea9130bdd.diff Link GHSA advisories in ChangeLog (#1082) Changed paths: M ChangeLog-8.php M bin/news2html M include/changelogs.inc Diff: diff --git a/ChangeLog-8.php b/ChangeLog-8.php index 9831ecc009..8bc457aa16 100644 --- a/ChangeLog-8.php +++ b/ChangeLog-8.php @@ -13,8 +13,8 @@ <b><?php release_date('26-Sep-2024'); ?></b> <ul><li>CGI: <ul> - <li>Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)</li> - <li>Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)</li> + <li>Fixed bug <?php githubsecurityl('php/php-src', 'p99j-rfp4-xqvq'); ?> (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926)</li> + <li>Fixed bug <?php githubsecurityl('php/php-src', '94p6-54jq-9mwp'); ?> (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927)</li> </ul></li> <li>Core: <ul> @@ -41,7 +41,7 @@ </ul></li> <li>FPM: <ul> - <li>Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be altered). (CVE-2024-9026)</li> + <li>Fixed bug <?php githubsecurityl('php/php-src', '865w-9rf3-2wh5'); ?> (Logs from childrens may be altered). (CVE-2024-9026)</li> </ul></li> <li>MySQLnd: <ul> @@ -54,7 +54,7 @@ </ul></li> <li>SAPI: <ul> - <li>Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart form data). (CVE-2024-8925)</li> + <li>Fixed bug <?php githubsecurityl('php/php-src', '9pqp-7h25-4f32'); ?> (Erroneous parsing of multipart form data). (CVE-2024-8925)</li> </ul></li> <li>Standard: <ul> diff --git a/bin/news2html b/bin/news2html index 8fbf9cf42b..661b9e0ecd 100755 --- a/bin/news2html +++ b/bin/news2html @@ -66,6 +66,8 @@ $bug_map = [ '/Implemented FR #([0-9]+)/' => '<?php implemented(\1); ?'.'>', '/GitHub PR #([0-9]+)/' => '<?php githubissuel(\'php/php-src\', \1); ?'.'>', '/GH-([0-9]+)/' => '<?php githubissuel(\'php/php-src\', \1); ?'.'>', + '/GHSA-([0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4})/' + => '<?php githubsecurityl(\'php/php-src\', \'\1\'); ?'.'>', ]; foreach($entries as $module => $items) { diff --git a/include/changelogs.inc b/include/changelogs.inc index 1a63631438..9dc45369bd 100644 --- a/include/changelogs.inc +++ b/include/changelogs.inc @@ -28,6 +28,10 @@ function githubissuel($repo, $number): void { echo "<a href=\"https://github.com/$repo/issues/$number\";>GH-$number</a>"; } +function githubsecurityl($repo, $id): void { + echo "<a href=\"https://github.com/$repo/security/advisories/GHSA-$id\";>GHSA-$id</a>"; +} + function release_date($in): void { $time = strtotime($in); $human_readable = date('d M Y', $time);
