Security updates & CURLFile bug
Hi there,
I was just wondering when the fixes for the following security bugs will be incorporated. They have been fixed in the upstream releases as specified in https:/
- CVE-2020-7070 - PHP parses encoded cookie names so malicious `__Host-` cookies can be sent
- CVE-2020-7069 - Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV
- CVE-2019-11048 - Long variables cause OOM and temp files are not cleaned, Long variables in multipart/form-data cause OOM and temp files are not cleaned
- CVE-2020-7067 - OOB Read in urldecode()
- CVE-2020-7065 - mb_strtolower (UTF-32LE): stack-buffer-
We also encountered an issue with CURLFile bug as specified in https:/
Thanks in advance.
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu php7.4 Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Bug Reporter for more information if necessary.