Bug 259512

Summary:	net/php{73,74,80}: Backport fix for CVE-2021-21703 security vulnerability
Product:	Ports & Packages	Reporter:	Oleksandr Kryvulia <shuriku>
Component:	Individual Port(s)	Assignee:	Torsten Zuehlsdorff <tz>
Status:	Closed FIXED
Severity:	Affects Many People	CC:	chris, ports-secteam, tz
Priority:	Normal	Keywords:	needs-patch, needs-qa, security
Version:	Latest	Flags:	koobs: maintainer-feedback? (tz) koobs: merge-quarterly?
Hardware:	Any
OS:	Any
URL:	http://bugs.php.net/81026

Description Oleksandr Kryvulia 2021-10-28 17:12:00 UTC

Latest vulnerability in php-fmp [1]. Please update php ports.

[1] https://www.openwall.com/lists/oss-security/2021/10/26/7
[2] https://security-tracker.debian.org/tracker/CVE-2021-21703

Comment 1 Kubilay Kocak freebsd_committer

2021-10-30 00:13:05 UTC

... "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12," ...

Upstream commit: https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b

Additionally pending VuXML entry

Comment 2 Torsten Zuehlsdorff freebsd_committer

2021-10-30 12:29:56 UTC

I am sorry, but what do you expect from me? All the ports are up to date, including the fix and are already available in quarterly? What am i missing?

Comment 3 Oleksandr Kryvulia 2021-11-02 10:03:17 UTC

As updates already in ports tree we can close this issue after publishing VuXML entry.
Thank you.