This bug was fixed in the package php8.0 - 8.0.8-1ubuntu2
---------------
php8.0 (8.0.8-1ubuntu2) jammy; urgency=medium
* SECURITY UPDATE: Out of bounds read/write
- debian/patches/CVE-2021-21703.patch: The main change is to
store scoreboard procs directly to the variable sized
array rather than indirectly through the pointer in
sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm/fpm_request.c,
sapi/fpm/fpm/fpm_scoreboard.c, sapi/fpm/fpm/fpm_scoreboard.h,
sapi/fpm/fpm/fpm_status.c, sapi/fpm/fpm/fpm_worker_pool.c.
- CVE-2021-21703
-- Leonidas Da Silva Barbosa <[email protected]> Thu, 02 Dec
2021 13:34:27 -0300
** Changed in: php8.0 (Ubuntu)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21703
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1946005
Title:
php8.0: Fail to build against OpenSSL 3.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php8.0/+bug/1946005/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
