Your message dated Sat, 18 Mar 2023 16:23:16 +0100
with message-id <ZBXXZGb/ID/rp...@eldamar.lan>
and subject line Accepted php8.2 8.2.4-1 (source) into unstable
has caused the Debian Bug report #1031368,
regarding php8.2: CVE-2023-0567 CVE-2023-0568 CVE-2023-0662
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1031368: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031368
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: php8.2
Version: 8.2.2-3
Severity: grave
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerabilities were published for php8.2, making the
bureport RC to ideally have those fixed before bookworm release goes
out.
CVE-2023-0567[0]:
| PHP: Password_verify() always return true with some hash
CVE-2023-0568[1]:
| PHP: 1-byte array overrun in common path resolve code
CVE-2023-0662[2]:
| PHP: DOS vulnerability when parsing multipart request body
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-0567
https://www.cve.org/CVERecord?id=CVE-2023-0567
[1] https://security-tracker.debian.org/tracker/CVE-2023-0568
https://www.cve.org/CVERecord?id=CVE-2023-0568
[2] https://security-tracker.debian.org/tracker/CVE-2023-0662
https://www.cve.org/CVERecord?id=CVE-2023-0662
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: php8.2
Source-Version: 8.2.4-1
Hi Ondrej,
This update fixes as well #1031368, closing manually. Can you make
sure the release team can accept it to bookworm?
If you do not forget, please as well mention the CVE id's fixed with
the upload, that makes tracking it much easier :)
REgards,
Salvatore
----- Forwarded message from Debian FTP Masters
<ftpmas...@ftp-master.debian.org> -----
From: Debian FTP Masters <ftpmas...@ftp-master.debian.org>
Resent-From: debian-devel-chan...@lists.debian.org
Reply-To: debian-de...@lists.debian.org
Date: Thu, 16 Mar 2023 15:52:30 +0000
To: debian-devel-chan...@lists.debian.org
Subject: Accepted php8.2 8.2.4-1 (source) into unstable
Message-Id: <e1pcpu2-00bvvl...@fasolo.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 16 Mar 2023 15:24:40 +0100
Source: php8.2
Architecture: source
Version: 8.2.4-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP Maintainers <team+pkg-...@tracker.debian.org>
Changed-By: Ondřej Surý <ond...@debian.org>
Changes:
php8.2 (8.2.4-1) unstable; urgency=medium
.
* New upstream version 8.2.4
Checksums-Sha1:
1c3a3f94ff8082b8813a429f9c0af6f5f07ed2df 5684 php8.2_8.2.4-1.dsc
d564d284a5d2982e12b6108961b53cd67a5a5d3a 11991796 php8.2_8.2.4.orig.tar.xz
ca31239391a1606ff7ead4b800dd7b0937544ad8 833 php8.2_8.2.4.orig.tar.xz.asc
02ce04c2a19626b23f9ceb42c7e0364e1e99cd99 68464 php8.2_8.2.4-1.debian.tar.xz
c6dedb3419e9d6ca098aa8d4beb897c54b7e0ccd 32425 php8.2_8.2.4-1_amd64.buildinfo
Checksums-Sha256:
82a80c1d577a94ce2bc42007458629b45699f3ff5e0cf0642dcc86c7a9d4fb38 5684
php8.2_8.2.4-1.dsc
bc7bf4ca7ed0dd17647e3ea870b6f062fcb56b243bfdef3f59ff7f94e96176a8 11991796
php8.2_8.2.4.orig.tar.xz
d06a3c1d62347e07538a68c4cacc3adffdfc687800fb21226a166ff061f8a20e 833
php8.2_8.2.4.orig.tar.xz.asc
0ce2de0825cb73f300f0ef989ccdf88d328d4ab04433e3dfc74c11c5c9c6dca9 68464
php8.2_8.2.4-1.debian.tar.xz
607293d0352a7f5bfe3f40428f1f4ec4a8b7536f99549b8dd90a7821485a646a 32425
php8.2_8.2.4-1_amd64.buildinfo
Files:
e8175b9ad40d765b7c49428d016e562c 5684 php optional php8.2_8.2.4-1.dsc
43c5fa2cf3428e9692cd9d424e71664f 11991796 php optional php8.2_8.2.4.orig.tar.xz
9a3209241530ae9673bbc89f06589465 833 php optional php8.2_8.2.4.orig.tar.xz.asc
ce69c5c515bb48b1b4ff25e97bcd1fbc 68464 php optional
php8.2_8.2.4-1.debian.tar.xz
634b068125bbf68e013adb4c7c469561 32425 php optional
php8.2_8.2.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmQTNORfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz
NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u
WcLQ/w//VBvPkvlDopic6Bv0xzTtClz+hjDmGdlYSQW5jJQtQwGCoXecPwVE505o
sMnyfpjl3mDNlSbIF4yYvlMxvFz0+SVapTVSkqgQ0HnFAKNOKhBJCL0b6tZdFxyW
zcisyir8tO7lHHKSYCllICZg/iZOiz5Of9NUGHzO9qhNmv8mQEKhRkS/5aP43VU4
qWIthvOD3lRP2do/ReGU9HkH/7hE85cuyTAUB3fF49OrkDyZy82LVCmmjSWUr6Uw
k0dr++ZJxjIcTsBx/HpGDUhaD2+YitK3Nb89PeGK67TvyO913N6Ey9NUtl2+s1/f
J9jnhuuYc5Hx5Xx17T3qRihoixOSm0jQz32lir4Iqlz8GApH7IHcmRaZsRkk3n61
td6fOS0xSzccBVgY/RCsmy9qCP4axkIdTPfuAKog03QmegvI3s4saqvwwqa7Zwmb
AwhOviv217WDcqr5et8yRnd+bS0AMY5h6tE3QGokTbBPQLiBMwWSYWkKYREst+Rv
XXQMEzUC3pLIRSEq36ZBAFqlzXj1aobFd9jH7Rj1RW5E41OZ4hwh+CGDh/bPbLvV
R+j3bGTdSFMU9dRqNEy++68XtQ9veYuMJsztN0rrH8PqIzAGOBg441f8s62r+W9f
sp71zHObJzVPSO9NDI4zC0mpNm8z+me06lVS1WhXm29hOtHXYhs=
=+GM0
-----END PGP SIGNATURE-----
----- End forwarded message -----
--- End Message ---
