** Changed in: php7.0 (Ubuntu Zesty)
Status: Fix Committed => Fix Released
** Changed in: php7.0 (Ubuntu)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
This bug was fixed in the package php7.0 - 7.0.25-0ubuntu0.16.04.1
---
php7.0 (7.0.25-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream release (7.0.25)
- LP: #1724896
- LP: #1721607
-- Nishanth Aravamudan Wed, 01 Nov
2017 10:18:38
Marking verification-done-zesty as @nacc did the verification in LP:
#1724896 already.
** Tags removed: verification-needed verification-needed-zesty
** Tags added: verification-done verification-done-zesty
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Thanks for the verify Simon,
yes it is an ever ongoing race with code releases :-)
Lets complete this one and Nish likely will take a look at the next version
somewhen later.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Bad timing, on the day Nish updated x/z to 7.0.25, upstream released
7.0.26. No CVEs are addressed by 7.0.26 though.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1721607
Title:
please update to
CVEs addressed in PHP 7.0.23:
* CVE-2017-12932 (https://bugs.php.net/bug.php?id=74103)
In 7.0.24:
* N/A
In 7.0.25:
* CVE-2016-1283 (https://bugs.php.net/bug.php?id=75207)
** Bug watch added: bugs.php.net/ #74103
http://bugs.php.net/bug.php?id=74103
** Bug watch added: bugs.php.net/
After this upgrade:
The following packages will be upgraded:
php-common (1:35ubuntu6 => 1:35ubuntu6.1)
php-fpm (1:7.0+35ubuntu6 => 1:7.0+35ubuntu6.1)
php-mysql (1:7.0+35ubuntu6 => 1:7.0+35ubuntu6.1)
php7.0-cli (7.0.22-0ubuntu0.16.04.1 => 7.0.25-0ubuntu0.16.04.1)
php7.0-common
Hello Steven, or anyone else affected,
Accepted php7.0 into xenial-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/php7.0/7.0.25-0ubuntu0.16.04.1 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
Hello Steven, or anyone else affected,
Accepted php7.0 into zesty-proposed. The package will build now and be
available at
https://launchpad.net/ubuntu/+source/php7.0/7.0.25-0ubuntu0.17.04.1 in a
few hours, and then in the -proposed repository.
Please help us by testing this new package. See
Just an FYI that I have uploaded an update to php7.0 for x and z and
php7.1 for aa (which should get copied to bb, but bb will end up with
7.2 before release), but not as a security update. It will go through
the normal SRU process before being available.
--
You received this bug notification
Just an FYI that I have uploaded an update to php7.0 for x and z and
php7.1 for aa (which should get copied to bb, but bb will end up with
7.2 before release), but not as a security update. It will go through
the normal SRU process before being available.
--
You received this bug notification
I looked through the commits mentioned in the cisecurity.org advisory a
week or two ago, but I couldn't find anything that looked to be security
relevant. Perhaps they just used placeholder text?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
I don't know if a CVE was generated or not, I'm only going off the
information at
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-
could-allow-for-arbitrary-code-execution_2017-093/
Steven Lindsey
Sr. Systems Administrator
RPI Computer Science
On 10/13/2017 03:41 PM, Nish
Thank Tyler :)
Steven,
a) The patched version from Ondrej's repo is not an official, nor
supported version, it's irrelevant to this discussion.
b) If you can provide the CVEs that Tyler asked for, then a security
update will occur.
c) We do have an MRE for PHP7.0 (probably also for PHP7.1 by
Thank Tyler :)
Steven,
a) The patched version from Ondrej's repo is not an official, nor
supported version, it's irrelevant to this discussion.
b) If you can provide the CVEs that Tyler asked for, then a security
update will occur.
c) We do have an MRE for PHP7.0 (probably also for PHP7.1 by
Hello and thanks for the bug report!
We typically backport individual security fixes rather than bringing in
new upstream releases. See this FAQ entry for more information:
https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions
Can you give a list of CVEs that were fixed by the PHP 7.0.22 and/or
16 matches
Mail list logo