[Bug 264593] lang/php74: possible RCE in MySQLnd/pgsql extensions for PHP <7.4.30

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Fri, 10 Jun 2022 13:03:58 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=264593

            Bug ID: 264593
           Summary: lang/php74: possible RCE in MySQLnd/pgsql extensions
                    for PHP <7.4.30
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: Individual Port(s)
          Assignee: tz@freebsd.org
          Reporter: freebsdbugs@filis.org
             Flags: maintainer-feedback?(tz@freebsd.org)
          Assignee: tz@freebsd.org

https://www.php.net/ChangeLog-7.php#7.4.30 fixes 2 CVEs:

mysqlnd:
  Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
pgsql:
  Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)

-- 
You are receiving this mail because:
You are the assignee for the bug.