Upstream hasn't identified any security fixes in the 7.2.11 release. They say "This is a bugfix release." rather than their usual "This is a security release." when there is a security impact.
Once again I believe US-CERT is just sending out their usual PHP placeholder text without actually checking. Unless someone requests a CVE for one of those fixes, this version will not get released by the security team. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1798625 Title: Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php7.2/+bug/1798625/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
