Changelog for
php72-php-cli-7.2.34-14.fc35.remi.x86_64.rpm :
* Mon Oct 24 2022 Remi Collet
- 7.2.34-14- hash: fix #81738: buffer overflow in hash_update() on long parameter. CVE-2022-37454
* Tue Sep 27 2022 Remi Collet - 7.2.34-13- phar: fix #81726 DOS when using quine gzip file. CVE-2022-31628- core: fix #81727 Don\'t mangle HTTP variable names that clash with ones that have a specific semantic meaning. CVE-2022-31629- use oracle client library version 21.7
* Tue Jun 07 2022 Remi Collet - 7.2.34-11- use oracle client library version 21.6- mysqlnd: fix #81719: mysqlnd/pdo password buffer overflow. CVE-2022-31626- pgsql: fix #81720: Uninitialized array in pg_query_params(). CVE-2022-31625
* Mon Nov 15 2021 Remi Collet - 7.2.34-10- Fix #79971 special character is breaking the path in xml function CVE-2021-21707
* Wed Oct 20 2021 Remi Collet - 7.2.34-9- fix PHP-FPM oob R/W in root process leading to priv escalation CVE-2021-21703- use libicu version 69- use oracle client library version 21.3
* Tue Sep 07 2021 Remi Collet - 7.2.34-8- fix intl build on F35
* Wed Aug 25 2021 Remi Collet - 7.2.34-7- Fix #81211 Symlinks are followed when creating PHAR archive
* Mon Jun 28 2021 Remi Collet - 7.2.34-6- Fix #81122 SSRF bypass in FILTER_VALIDATE_URL CVE-2021-21705- Fix #76448 Stack buffer overflow in firebird_info_cb- Fix #76449 SIGSEGV in firebird_handle_doer- Fix #76450 SIGSEGV in firebird_stmt_execute- Fix #76452 Crash while parsing blob data in firebird_fetch_blob CVE-2021-21704
* Thu May 27 2021 Remi Collet - 7.2.34-5- fix snmp extension build with net-snmp without DES
* Wed Apr 28 2021 Remi Collet - 7.2.34-4- Fix #80710 imap_mail_compose() header injection- use oracle client library version 21.1
* Wed Feb 03 2021 Remi Collet - 7.2.34-3- Fix #80672 Null Dereference in SoapClient CVE-2021-21702- better fix for #77423
* Mon Jan 04 2021 Remi Collet - 7.2.34-2- Fix #77423 FILTER_VALIDATE_URL accepts URLs with invalid userinfo CVE-2020-7071