lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 17 Feb 2020 20:39:09 +0000
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 4626-1] php7.3 security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4626-1                   security@...ian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
February 17, 2020                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php7.3
CVE ID         : CVE-2019-11045 CVE-2019-11046 CVE-2019-11047
                 CVE-2019-11049 CVE-2019-11050 CVE-2020-7059
		 CVE-2020-7060

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in information
disclosure, denial of service or incorrect validation of path names.

For the stable distribution (buster), these problems have been fixed in
version 7.3.14-1~deb10u1.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.3

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl5K+WQACgkQEMKTtsN8
TjZA/xAAkC1VQPZceCr4L9w2SuZ3tqxhxtQudPw8NcH7kSZtrvFnFOYvqKTj/wNV
wtHcx4TMZRPYWu+Pzl2WN7B+H++4PtvNDyUmyrwOycOIBnPrRRp9bmtTrs6Dzmm4
M/y2G5PYVGHxeilQWLKiOKX/EL/7EFjjEZq19DyujBGlOZsj3jGDAxtpGn510Q2d
94c2fa1hCBp8u0HGMcCQ632+bK6JS79JixzkkuGlWiih+2H94Qdwm3saiNt3ey/N
QT7tiFsdPWwWUOuT4G6GYrpL0vOw+idm9OClfOAufaZOosgIbL/oUPtMtq7Gb7la
ILxU1KbaLMX0vOszycpIP04AEBPETCKxvDuHNLKTGNaE6GQjIjDkSTIH0hGDeaeX
gCrRosPh0jmI5M158dJrUPkC5JZpsX/WJWGmNnJ5DvCBMlQtaloVBP4eLXlda8fB
743tDdFlaiD6mC0aGMfXp54yTD3/0J2ENmZ8Rx+YEuTr7/7P1Ia8o2HiIoGE4URf
AU4uQ1YjI6bhXo8muN29449vo/5yciVhH3EikHvGtdMAd7c2wD6GxDjpKj2ZWOF8
flI6DcATW+8rq9+dICZOtA0vgxTZb4iPzj4CXoqzfDg+JH5U2AGKQWY/650UIwOX
Q2kshwrrFxQUml8AfiL68OJww4MkBmUb9fbwmgBg0pNASigWJa4=
=EPNV
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ