Format: 1.8
Date: Thu, 18 Apr 2024 10:26:55 -0300
Source: php8.1
Built-For-Profiles: noudeb
Architecture: source
Version: 8.1.2-1ubuntu2.16
Distribution: jammy-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>
Changes:
 php8.1 (8.1.2-1ubuntu2.16) jammy-security; urgency=medium
 .
   * SECURITY UPDATE: Heap buffer-overflow
     - debian/patches/CVE-2022-4900.patch: prevent potential buffer
       overflow for large valye of php_cli_server_workers_max in
       sapi/cli/php_cli_server.c.
     - CVE-2022-4900
   * SECURITY UPDATE: Cookie by pass
     - debian/patches/CVE-2024-2756.patch: adds more mangling rules
       in main/php_variable.c.
     - CVE-2024-2756
   * SECURITY UPDATE: Account take over risk
     - debian/patches/CVE-2024-3096.patch: disallow null character in bcrypt
       password in ext/standard/password.c,
       ext/standard/tests/password_bcrypt_errors.phpt.
     - CVE-2024-3096
Checksums-Sha1:
 eed6e4630e89e491ac16f4a40b76c95eb3a81f45 5580 php8.1_8.1.2-1ubuntu2.16.dsc
 408437e53d3e35415954db09ca0ad7c89c6866e9 97136 php8.1_8.1.2-1ubuntu2.16.debian.tar.xz
 3d6c7205177cdab7b8c85470599c92af4d0f014d 15502 php8.1_8.1.2-1ubuntu2.16_source.buildinfo
Checksums-Sha256:
 cb1e994aa015bfb4fd80824432e840b100eb83443408a2935061c15cebfb6fc7 5580 php8.1_8.1.2-1ubuntu2.16.dsc
 4c6303adccee04eadfe05be965b6b3a7fab5d0304c0d3adf14ea2ff757c8a62a 97136 php8.1_8.1.2-1ubuntu2.16.debian.tar.xz
 fa029f22a40b1c0547195b77f8eaa4dc4257e773a7120c827cf965ea04a1166f 15502 php8.1_8.1.2-1ubuntu2.16_source.buildinfo
Files:
 263dace358eab4cf44171aef7f4cadd2 5580 php optional php8.1_8.1.2-1ubuntu2.16.dsc
 da6f1c00cfa513d4e13b87d4a55b5697 97136 php optional php8.1_8.1.2-1ubuntu2.16.debian.tar.xz
 833005397ced3c0e16cd59329e51d8ed 15502 php optional php8.1_8.1.2-1ubuntu2.16_source.buildinfo
Original-Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org>