[Bug 1961820] Re: CVE-2021-21708: potential RCE with filter_var(..., FILTER_VALIDATE_FLOAT)

Rodrigo Figueiredo Zaiden Mon, 28 Feb 2022 05:31:34 -0800

This bug was fixed in the package php8.0 - 8.0.8-1ubuntu0.2

---------------
php8.0 (8.0.8-1ubuntu0.2) impish-security; urgency=medium


  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2021-21708.patch: change the call to
      zval_ptr_dtor in ext/filter/logical_filters.c to be done
      after a validation is succeeded, and add a test for this
      case in ext/filter/tests/bug81708.phpt
    - CVE-2021-21708

 -- Rodrigo Figueiredo Zaiden <[email protected]>  Thu, 24
Feb 2022 12:03:09 -0300

** Changed in: php8.0 (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1961820

Title:
  CVE-2021-21708: potential RCE with filter_var(...,
  FILTER_VALIDATE_FLOAT)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/php7.4/+bug/1961820/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1961820] Re: CVE-2021-21708: potential RCE with filter_var(..., FILTER_VALIDATE_FLOAT)

Reply via email to