Changelog for
php-xmlrpc-7.4.33-20.fc40.remi.x86_64.rpm :
* Fri Nov 22 2024 Remi Collet
- 7.4.33-20- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface GHSA-4w77-75f9-2c8w- Fix OOB access in ldap_escape CVE-2024-8932- Fix Integer overflow in the dblib/firebird quoter causing OOB writes CVE-2024-11236- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234- Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233
* Fri Nov 15 2024 Remi Collet - 7.4.33-19- disable firebird on EL-10
* Thu Sep 26 2024 Remi Collet - 7.4.33-18- Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI CVE-2024-4577- Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability CVE-2024-8926- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927- Fix Logs from childrens may be altered CVE-2024-9026- Fix Erroneous parsing of multipart form data CVE-2024-8925- use ICU 74.2
* Mon Aug 26 2024 Remi Collet - 7.4.33-17- add backport for https://bugs.php.net/79589 error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading
* Wed Jul 31 2024 Remi Collet - 7.4.33-16- use oracle client library version 23.5 on x86_64
* Tue Jun 04 2024 Remi Collet - 7.4.33-15- Fix filter bypass in filter_var FILTER_VALIDATE_URL CVE-2024-5458
* Wed Apr 10 2024 Remi Collet - 7.4.33-14- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756- Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096
* Wed Mar 06 2024 Remi Collet - 7.4.33-13- patch test suite for zlib-ng
* Mon Feb 19 2024 Remi Collet - 7.4.33-12- more build patch for GCC 14
* Wed Feb 14 2024 Remi Collet - 7.4.33-11- add build patch for GCC 14- use oracle client library version 21.13 on x86_64
* Tue Dec 12 2023 Remi Collet - 7.4.33-10- use ICU 73.2- use oracle client library version 21.12 on x86_64, 19.19 on aarch64- add fixes for libxml 2.11 and 2.12 from 8.1
* Thu Sep 21 2023 Remi Collet - 7.4.33-9- use oracle client library version 21.11 on x86_64, 19.19 on aarch64- use official Oracle Instant Client RPM
* Tue Aug 01 2023 Remi Collet - 7.4.33-8- Fix Security issue with external entity loading in XML without enabling it GHSA-3qrf-m4j2-pcrr CVE-2023-3823- Fix Buffer mismanagement in phar_dir_read() GHSA-jqcx-ccgc-xwhv CVE-2023-3824- move httpd/nginx wants directive to config files in /etc
* Tue Jun 06 2023 Remi Collet - 7.4.33-7- Fix Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP GHSA-76gg-c692-v2mw CVE-2023-3247
* Fri Apr 14 2023 Remi Collet - 7.4.33-6- use ICU 72.1- use oracle client library version 21.10- fix possible buffer overflow in date- define %__phpize and %__phpconfig
* Tue Feb 21 2023 Remi Collet - 7.4.33-5- F38: enable imap extension
* Tue Feb 14 2023 Remi Collet - 7.4.33-4- fix #81744: Password_verify() always return true with some hash CVE-2023-0567- fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568- fix DOS vulnerability when parsing multipart request body CVE-2023-0662
* Fri Feb 10 2023 Remi Collet - 7.4.33-3- F38: disable imap extension- add dependency on pcre2 minimal version
* Mon Dec 19 2022 Remi Collet - 7.4.33-2- pdo: fix #81740: PDO::quote() may return unquoted string CVE-2022-31631- use oracle client library version 21.8