Bug 259512 - net/php{73,74,80}: Backport fix for CVE-2021-21703 security vulnerability
Summary: net/php{73,74,80}: Backport fix for CVE-2021-21703 security vulnerability
Status: In Progress
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Many People
Assignee: Torsten Zuehlsdorff
URL: http://bugs.php.net/81026
Keywords: needs-patch, needs-qa, security
Depends on:
Reported: 2021-10-28 17:12 UTC by Oleksandr Kryvulia
Modified: 2021-11-02 10:03 UTC (History)
3 users (show)

See Also:
koobs: maintainer-feedback? (tz)
koobs: merge-quarterly?


Note You need to log in before you can comment on or make changes to this bug.
Description Oleksandr Kryvulia 2021-10-28 17:12:00 UTC
Latest vulnerability in php-fmp [1]. Please update php ports.

[1] https://www.openwall.com/lists/oss-security/2021/10/26/7
[2] https://security-tracker.debian.org/tracker/CVE-2021-21703
Comment 1 Kubilay Kocak freebsd_committer freebsd_triage 2021-10-30 00:13:05 UTC
... "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12," ...

Upstream commit: https://github.com/php/php-src/commit/fadb1f8c1d08ae62b4f0a16917040fde57a3b93b

Additionally pending VuXML entry
Comment 2 Torsten Zuehlsdorff freebsd_committer 2021-10-30 12:29:56 UTC
I am sorry, but what do you expect from me? All the ports are up to date, including the fix and are already available in quarterly? What am i missing?
Comment 3 Oleksandr Kryvulia 2021-11-02 10:03:17 UTC
As updates already in ports tree we can close this issue after publishing VuXML entry.
Thank you.