Author: Sergey Panteleev (saundefined)
Date: 2025-03-13T20:54:36+03:00
Commit:
https://github.com/php/web-php/commit/339c7ae4156dae9eb70afc1c4e1190f5b4a15d71
Raw diff:
https://github.com/php/web-php/commit/339c7ae4156dae9eb70afc1c4e1190f5b4a15d71.diff
Fix GHSA-hgf5-96fm-v528
Changed paths:
M ChangeLog-8.php
Diff:
diff --git a/ChangeLog-8.php b/ChangeLog-8.php
index 94982e8444..fc68c662aa 100644
--- a/ChangeLog-8.php
+++ b/ChangeLog-8.php
@@ -97,7 +97,7 @@
<ul>
<li>Fixed bug <?php githubissuel('php/php-src', 17650); ?> (realloc with
size 0 in user_filters.c).</li>
<li>Fix memory leak on overflow in _php_stream_scandir().</li>
- <li>Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit
basic auth header). (CVE-2025-1736)</li>
+ <li>Fixed <?php githubsecurityl('php/php-src', 'hgf5-96fm-v528'); ?> (Stream
HTTP wrapper header check might omit basic auth header). (CVE-2025-1736)</li>
<li>Fixed <?php githubsecurityl('php/php-src', '52jp-hrpf-2jff'); ?> (Stream
HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)</li>
<li>Fixed <?php githubsecurityl('php/php-src', 'pcmh-g36c-qc44'); ?>
(Streams HTTP wrapper does not fail for headers without colon).
(CVE-2025-1734)</li>
<li>Fixed <?php githubsecurityl('php/php-src', 'v8xr-gpvj-cx9g'); ?> (Header
parser of `http` stream wrapper does not handle folded headers).
(CVE-2025-1217)</li>
@@ -1087,7 +1087,7 @@
<ul>
<li>Fixed bug <?php githubissuel('php/php-src', 17650); ?> (realloc with
size 0 in user_filters.c).</li>
<li>Fix memory leak on overflow in _php_stream_scandir().</li>
- <li>Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit
basic auth header). (CVE-2025-1736)</li>
+ <li>Fixed <?php githubsecurityl('php/php-src', 'hgf5-96fm-v528'); ?> (Stream
HTTP wrapper header check might omit basic auth header). (CVE-2025-1736)</li>
<li>Fixed <?php githubsecurityl('php/php-src', '52jp-hrpf-2jff'); ?> (Stream
HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)</li>
<li>Fixed <?php githubsecurityl('php/php-src', 'pcmh-g36c-qc44'); ?>
(Streams HTTP wrapper does not fail for headers without colon).
(CVE-2025-1734)</li>
<li>Fixed <?php githubsecurityl('php/php-src', 'v8xr-gpvj-cx9g'); ?> (Header
parser of `http` stream wrapper does not handle folded headers).
(CVE-2025-1217)</li>
@@ -2812,7 +2812,7 @@
</ul></li>
<li>Streams:
<ul>
- <li>Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit
basic auth header). (CVE-2025-1736)</li>
+ <li>Fixed <?php githubsecurityl('php/php-src', 'hgf5-96fm-v528'); ?> (Stream
HTTP wrapper header check might omit basic auth header). (CVE-2025-1736)</li>
<li>Fixed <?php githubsecurityl('php/php-src', '52jp-hrpf-2jff'); ?> (Stream
HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)</li>
<li>Fixed <?php githubsecurityl('php/php-src', 'pcmh-g36c-qc44'); ?>
(Streams HTTP wrapper does not fail for headers without colon).
(CVE-2025-1734)</li>
<li>Fixed <?php githubsecurityl('php/php-src', 'v8xr-gpvj-cx9g'); ?> (Header
parser of `http` stream wrapper does not handle folded headers).
(CVE-2025-1217)</li>
@@ -5325,7 +5325,7 @@
</ul></li>
<li>Streams:
<ul>
- <li>Fixed GHSA-hgf54-96fm-v528 (Stream HTTP wrapper header check might omit
basic auth header). (CVE-2025-1736)</li>
+ <li>Fixed <?php githubsecurityl('php/php-src', 'hgf5-96fm-v528'); ?> (Stream
HTTP wrapper header check might omit basic auth header). (CVE-2025-1736)</li>
<li>Fixed <?php githubsecurityl('php/php-src', '52jp-hrpf-2jff'); ?> (Stream
HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)</li>
<li>Fixed <?php githubsecurityl('php/php-src', 'pcmh-g36c-qc44'); ?>
(Streams HTTP wrapper does not fail for headers without colon).
(CVE-2025-1734)</li>
<li>Fixed <?php githubsecurityl('php/php-src', 'v8xr-gpvj-cx9g'); ?> (Header
parser of `http` stream wrapper does not handle folded headers).
(CVE-2025-1217)</li>
