Hello and thanks for the bug report! We typically backport individual security fixes rather than bringing in new upstream releases. See this FAQ entry for more information:
https://wiki.ubuntu.com/SecurityTeam/FAQ#Versions Can you give a list of CVEs that were fixed by the PHP 7.0.22 and/or 7.0.24 releases? It isn't clear to me from the changelogs: http://www.php.net/ChangeLog-7.php#7.0.22 http://www.php.net/ChangeLog-7.php#7.0.24 Please update the bug status to "NEW" if you're able to list CVEs that were fixed. ** Changed in: php7.0 (Ubuntu) Status: New => Incomplete ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1721607 Title: please update to latest upstream release 7.0.24 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php7.0/+bug/1721607/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
