[Bug 1721607] Re: please update to latest upstream release 7.0.24

** Changed in: php7.0 (Ubuntu Zesty) Status: Fix Committed => Fix Released ** Changed in: php7.0 (Ubuntu) Status: Incomplete => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1721607] Re: please update to latest upstream release 7.0.24

This bug was fixed in the package php7.0 - 7.0.25-0ubuntu0.16.04.1 --- php7.0 (7.0.25-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream release (7.0.25) - LP: #1724896 - LP: #1721607 -- Nishanth Aravamudan Wed, 01 Nov 2017 10:18:38

[Bug 1721607] Re: please update to latest upstream release 7.0.24

Marking verification-done-zesty as @nacc did the verification in LP: #1724896 already. ** Tags removed: verification-needed verification-needed-zesty ** Tags added: verification-done verification-done-zesty -- You received this bug notification because you are a member of Ubuntu Bugs, which is

[Bug 1721607] Re: please update to latest upstream release 7.0.24

Thanks for the verify Simon, yes it is an ever ongoing race with code releases :-) Lets complete this one and Nish likely will take a look at the next version somewhen later. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu.

[Bug 1721607] Re: please update to latest upstream release 7.0.24

Bad timing, on the day Nish updated x/z to 7.0.25, upstream released 7.0.26. No CVEs are addressed by 7.0.26 though. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1721607 Title: please update to

[Bug 1721607] Re: please update to latest upstream release 7.0.24

CVEs addressed in PHP 7.0.23: * CVE-2017-12932 (https://bugs.php.net/bug.php?id=74103) In 7.0.24: * N/A In 7.0.25: * CVE-2016-1283 (https://bugs.php.net/bug.php?id=75207) ** Bug watch added: bugs.php.net/ #74103 http://bugs.php.net/bug.php?id=74103 ** Bug watch added: bugs.php.net/

[Bug 1721607] Re: please update to latest upstream release 7.0.24

After this upgrade: The following packages will be upgraded: php-common (1:35ubuntu6 => 1:35ubuntu6.1) php-fpm (1:7.0+35ubuntu6 => 1:7.0+35ubuntu6.1) php-mysql (1:7.0+35ubuntu6 => 1:7.0+35ubuntu6.1) php7.0-cli (7.0.22-0ubuntu0.16.04.1 => 7.0.25-0ubuntu0.16.04.1) php7.0-common

[Bug 1721607] Re: please update to latest upstream release 7.0.24

Hello Steven, or anyone else affected, Accepted php7.0 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/php7.0/7.0.25-0ubuntu0.16.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See

[Bug 1721607] Re: please update to latest upstream release 7.0.24

Hello Steven, or anyone else affected, Accepted php7.0 into zesty-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/php7.0/7.0.25-0ubuntu0.17.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See

[Bug 1721607] Re: please update to latest upstream release 7.0.24

Just an FYI that I have uploaded an update to php7.0 for x and z and php7.1 for aa (which should get copied to bb, but bb will end up with 7.2 before release), but not as a security update. It will go through the normal SRU process before being available. -- You received this bug notification

[Bug 1721607] Re: please update to latest upstream release 7.0.24

Just an FYI that I have uploaded an update to php7.0 for x and z and php7.1 for aa (which should get copied to bb, but bb will end up with 7.2 before release), but not as a security update. It will go through the normal SRU process before being available. -- You received this bug notification

[Bug 1721607] Re: please update to latest upstream release 7.0.24

I looked through the commits mentioned in the cisecurity.org advisory a week or two ago, but I couldn't find anything that looked to be security relevant. Perhaps they just used placeholder text? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed

Re: [Bug 1721607] Re: please update to latest upstream release 7.0.24

I don't know if a CVE was generated or not, I'm only going off the information at https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php- could-allow-for-arbitrary-code-execution_2017-093/ Steven Lindsey Sr. Systems Administrator RPI Computer Science On 10/13/2017 03:41 PM, Nish

[Bug 1721607] Re: please update to latest upstream release 7.0.24

Thank Tyler :) Steven, a) The patched version from Ondrej's repo is not an official, nor supported version, it's irrelevant to this discussion. b) If you can provide the CVEs that Tyler asked for, then a security update will occur. c) We do have an MRE for PHP7.0 (probably also for PHP7.1 by

[Bug 1721607] Re: please update to latest upstream release 7.0.24

Thank Tyler :) Steven, a) The patched version from Ondrej's repo is not an official, nor supported version, it's irrelevant to this discussion. b) If you can provide the CVEs that Tyler asked for, then a security update will occur. c) We do have an MRE for PHP7.0 (probably also for PHP7.1 by

[Bug 1721607] Re: please update to latest upstream release 7.0.24

Hello and thanks for the bug report! We typically backport individual security fixes rather than bringing in new upstream releases. See this FAQ entry for more information: https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions Can you give a list of CVEs that were fixed by the PHP 7.0.22 and/or