This bug was fixed in the package php7.4 - 7.4.3-4ubuntu2.4
---------------
php7.4 (7.4.3-4ubuntu2.4) focal-security; urgency=medium
* SECURITY UPDATE: Incorrect encryption data
- debian/patches/CVE-2020-7069.patch: fix wrong ciphertext/tag
in AES-CCM encryption for a 12 bytes IV in ext/openssl/openssl.c,
ext/openssl/tests/cipher_tests.inc, ext/openssl/openssl_*_ccm.phpt.
- CVE-2020-7069
* SECURITY UPDATE: Possibly forge cookie
- debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore
in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt,
tests/basic/bug79699.phpt.
- CVE-2020-7070
-- [email protected] (Leonidas S. Barbosa) Tue, 06 Oct 2020
12:47:56 -0300
** Changed in: php7.4 (Ubuntu Focal)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-7069
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-7070
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1887826
Title:
CURLFile POST missing Content-Length header
To manage notifications about this bug go to:
https://bugs.launchpad.net/php/+bug/1887826/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
