259512 – net/php{73,74,80}: Backport fix for CVE-2021-21703 security vulnerability

Bug 259512 - net/php{73,74,80}: Backport fix for CVE-2021-21703 security vulnerability

Summary: net/php{73,74,80}: Backport fix for CVE-2021-21703 security vulnerability

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	Normal Affects Many People
Assignee:	Torsten Zuehlsdorff

URL:	http://bugs.php.net/81026
Keywords:	needs-patch, needs-qa, security

Depends on:
Blocks:

Reported:	2021-10-28 17:12 UTC by Oleksandr Kryvulia
Modified:	2022-09-11 06:08 UTC (History)
CC List:	3 users (show)

See Also:

Flags:	koobs: maintainer-feedback? (tz) koobs: merge-quarterly?

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Oleksandr Kryvulia 2021-10-28 17:12:00 UTC

Latest vulnerability in php-fmp [1]. Please update php ports.

[1] https://www.openwall.com/lists/oss-security/2021/10/26/7
[2] https://security-tracker.debian.org/tracker/CVE-2021-21703

Comment 1 Kubilay Kocak freebsd_committer

2021-10-30 00:13:05 UTC

... "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12," ...

Upstream commit: https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b

Additionally pending VuXML entry

Comment 2 Torsten Zuehlsdorff freebsd_committer

2021-10-30 12:29:56 UTC

I am sorry, but what do you expect from me? All the ports are up to date, including the fix and are already available in quarterly? What am i missing?

Comment 3 Oleksandr Kryvulia 2021-11-02 10:03:17 UTC

As updates already in ports tree we can close this issue after publishing VuXML entry.
Thank you.