diff options
author | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-06-14 00:58:50 +0200 |
---|---|---|
committer | Jean-Pierre Giraud <jean-pierregiraud@neuf.fr> | 2023-06-14 00:58:50 +0200 |
commit | c5509af528aa35c1f0f1d4333d57bfc6a7e7e324 (patch) | |
tree | 0026311398f5fad948edcc206e60ad7ef612024a | |
parent | fb25755ab2e4bde3b36a0407aecea9828ce38c4d (diff) |
[SECURITY] [DSA 5424-1] php7.4 security update
-rw-r--r-- | english/security/2023/dsa-5424.data | 13 | ||||
-rw-r--r-- | english/security/2023/dsa-5424.wml | 20 |
2 files changed, 33 insertions, 0 deletions
diff --git a/english/security/2023/dsa-5424.data b/english/security/2023/dsa-5424.data new file mode 100644 index 00000000000..09aaeb3cc61 --- /dev/null +++ b/english/security/2023/dsa-5424.data @@ -0,0 +1,13 @@ +<define-tag pagetitle>DSA-5424-1 php7.4</define-tag> +<define-tag report_date>2023-6-13</define-tag> +<define-tag secrefs>not yet available</define-tag> +<define-tag packages>php7.4</define-tag> +<define-tag isvulnerable>yes</define-tag> +<define-tag fixed>yes</define-tag> +<define-tag fixed-section>no</define-tag> + +#use wml::debian::security + + + +</dl> diff --git a/english/security/2023/dsa-5424.wml b/english/security/2023/dsa-5424.wml new file mode 100644 index 00000000000..95503cd2eec --- /dev/null +++ b/english/security/2023/dsa-5424.wml @@ -0,0 +1,20 @@ +<define-tag description>security update</define-tag> +<define-tag moreinfo> +<p>It was discovered that PHP's implementation of SOAP HTTP Digest +authentication performed insufficient error validation, which may result +in a stack information leak or use of weak randomness.</p> + +<p>For the oldstable distribution (bullseye), this problem has been fixed +in version 7.4.33-1+deb11u4.</p> + +<p>We recommend that you upgrade your php7.4 packages.</p> + +<p>For the detailed security status of php7.4 please refer to +its security tracker page at: +<a href="https://security-tracker.debian.org/tracker/php7.4">\ +https://security-tracker.debian.org/tracker/php7.4</a></p> +</define-tag> + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2023/dsa-5424.data" +# $Id: $ |