Bug 31371 - PHP: bugfix release 8.0.27
Summary: PHP: bugfix release 8.0.27
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 8
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA8-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2023-01-04 23:48 CET by Marc Krämer
Modified: 2023-01-24 09:00 CET (History)
4 users (show)

See Also:
Source RPM: php
CVE: CVE-2022-31631
Status comment:


Attachments

Description Marc Krämer 2023-01-04 23:48:35 CET
a new release 8.0.27:
https://www.php.net/ChangeLog-8.php#8.0.27
Comment 1 Marc Krämer 2023-01-04 23:50:36 CET
advisory will follow, if release is official

SRPM:
php-8.0.27-1.mga8.src.rpm

files in core/updates_testing:
php-cgi-8.0.27-1.mga8
php-cli-8.0.27-1.mga8
php-fpm-8.0.27-1.mga8
phpdbg-8.0.27-1.mga8
php-opcache-debuginfo-8.0.27-1.mga8
php-soap-debuginfo-8.0.27-1.mga8
php-intl-debuginfo-8.0.27-1.mga8
php-opcache-8.0.27-1.mga8
php-mbstring-8.0.27-1.mga8
php-mbstring-debuginfo-8.0.27-1.mga8
php-debuginfo-8.0.27-1.mga8
php-phar-debuginfo-8.0.27-1.mga8
php-mysqlnd-debuginfo-8.0.27-1.mga8
php-openssl-debuginfo-8.0.27-1.mga8
php-dom-debuginfo-8.0.27-1.mga8
php-pgsql-debuginfo-8.0.27-1.mga8
php-intl-8.0.27-1.mga8
php-fileinfo-debuginfo-8.0.27-1.mga8
php-mysqli-debuginfo-8.0.27-1.mga8
apache-mod_php-8.0.27-1.mga8
php-curl-debuginfo-8.0.27-1.mga8
php-pdo-debuginfo-8.0.27-1.mga8
php-ini-8.0.27-1.mga8
php-soap-8.0.27-1.mga8
php-sockets-debuginfo-8.0.27-1.mga8
php-session-debuginfo-8.0.27-1.mga8
php-phar-8.0.27-1.mga8
php-mysqlnd-8.0.27-1.mga8
php-imap-debuginfo-8.0.27-1.mga8
php-gmp-debuginfo-8.0.27-1.mga8
php-gd-debuginfo-8.0.27-1.mga8
php-zip-debuginfo-8.0.27-1.mga8
php-ldap-debuginfo-8.0.27-1.mga8
php-exif-debuginfo-8.0.27-1.mga8
php-ftp-debuginfo-8.0.27-1.mga8
php-openssl-8.0.27-1.mga8
php-dba-debuginfo-8.0.27-1.mga8
php-snmp-debuginfo-8.0.27-1.mga8
php-sodium-debuginfo-8.0.27-1.mga8
php-doc-8.0.27-1.mga8
php-dom-8.0.27-1.mga8
php-tidy-debuginfo-8.0.27-1.mga8
php-bcmath-debuginfo-8.0.27-1.mga8
php-filter-debuginfo-8.0.27-1.mga8
php-sqlite3-debuginfo-8.0.27-1.mga8
php-iconv-debuginfo-8.0.27-1.mga8
php-mysqli-8.0.27-1.mga8
php-pgsql-8.0.27-1.mga8
php-posix-debuginfo-8.0.27-1.mga8
php-odbc-debuginfo-8.0.27-1.mga8
php-zlib-debuginfo-8.0.27-1.mga8
php-pdo-8.0.27-1.mga8
php-session-8.0.27-1.mga8
php-pdo_pgsql-debuginfo-8.0.27-1.mga8
php-pdo_mysql-debuginfo-8.0.27-1.mga8
php-curl-8.0.27-1.mga8
php-pdo_firebird-debuginfo-8.0.27-1.mga8
php-gd-8.0.27-1.mga8
php-sockets-8.0.27-1.mga8
php-imap-8.0.27-1.mga8
php-xsl-debuginfo-8.0.27-1.mga8
php-pdo_sqlite-debuginfo-8.0.27-1.mga8
php-xmlwriter-debuginfo-8.0.27-1.mga8
php-xmlreader-debuginfo-8.0.27-1.mga8
php-tokenizer-debuginfo-8.0.27-1.mga8
php-calendar-debuginfo-8.0.27-1.mga8
php-sodium-8.0.27-1.mga8
php-exif-8.0.27-1.mga8
php-ldap-8.0.27-1.mga8
php-readline-debuginfo-8.0.27-1.mga8
php-pdo_dblib-debuginfo-8.0.27-1.mga8
php-gmp-8.0.27-1.mga8
php-pcntl-debuginfo-8.0.27-1.mga8
php-zip-8.0.27-1.mga8
php-ftp-8.0.27-1.mga8
php-sqlite3-8.0.27-1.mga8
php-dba-8.0.27-1.mga8
php-pdo_odbc-debuginfo-8.0.27-1.mga8
php-odbc-8.0.27-1.mga8
php-bz2-debuginfo-8.0.27-1.mga8
php-tidy-8.0.27-1.mga8
php-snmp-8.0.27-1.mga8
php-enchant-debuginfo-8.0.27-1.mga8
php-zlib-8.0.27-1.mga8
php-iconv-8.0.27-1.mga8
php-filter-8.0.27-1.mga8
php-pdo_pgsql-8.0.27-1.mga8
php-fileinfo-8.0.27-1.mga8
php-xmlwriter-8.0.27-1.mga8
php-ctype-debuginfo-8.0.27-1.mga8
php-bcmath-8.0.27-1.mga8
php-gettext-debuginfo-8.0.27-1.mga8
php-sysvmsg-debuginfo-8.0.27-1.mga8
php-pdo_firebird-8.0.27-1.mga8
php-pcntl-8.0.27-1.mga8
php-posix-8.0.27-1.mga8
php-xmlreader-8.0.27-1.mga8
php-pdo_sqlite-8.0.27-1.mga8
php-readline-8.0.27-1.mga8
php-xsl-8.0.27-1.mga8
php-sysvshm-debuginfo-8.0.27-1.mga8
php-calendar-8.0.27-1.mga8
php-pdo_mysql-8.0.27-1.mga8
php-pdo_dblib-8.0.27-1.mga8
php-bz2-8.0.27-1.mga8
php-tokenizer-8.0.27-1.mga8
php-shmop-debuginfo-8.0.27-1.mga8
php-enchant-8.0.27-1.mga8
php-sysvshm-8.0.27-1.mga8
php-sysvsem-debuginfo-8.0.27-1.mga8
php-pdo_odbc-8.0.27-1.mga8
php-sysvmsg-8.0.27-1.mga8
php-shmop-8.0.27-1.mga8
php-fpm-nginx-8.0.27-1.mga8
php-sysvsem-8.0.27-1.mga8
php-ctype-8.0.27-1.mga8
php-gettext-8.0.27-1.mga8
php-fpm-apache-8.0.27-1.mga8
php-cli-debuginfo-8.0.27-1.mga8
php-fpm-debuginfo-8.0.27-1.mga8
phpdbg-debuginfo-8.0.27-1.mga8
apache-mod_php-debuginfo-8.0.27-1.mga8
php-cgi-debuginfo-8.0.27-1.mga8
php-debugsource-8.0.27-1.mga8
php-devel-8.0.27-1.mga8

Assignee: mageia => qa-bugs

Comment 2 David Walser 2023-01-05 20:31:56 CET
Version 8.0.27
05 Jan 2023

    PDO/SQLite:
        Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)


so this is a security update.

Component: RPM Packages => Security
QA Contact: (none) => security

Marc Krämer 2023-01-06 10:09:29 CET

CVE: (none) => CVE-2022-31631

Comment 3 Marc Krämer 2023-01-06 14:48:21 CET
Updated php packages fix security vulnerabilities:

new version [2] fixes the following bug:

PDO/SQLite:
 - (PDO::quote() may return unquoted string). [1]

References:
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31631
[2] https://www.php.net/ChangeLog-8.php#8.0.27
Comment 4 Herman Viaene 2023-01-16 15:43:14 CET
MGA8-64 MATE on Acer Aspire 5253
No installation issues
Refer to bug 31180 for testing:
$ php -S localhost:8000 -t php
[Mon Jan 16 15:27:53 2023] PHP 8.0.27 Development Server (http://localhost:8000) started

Then pointing firefox to http://localhost:8000/create-png.php and http://localhost:8000/sample.php displays correct image and text message.
Works OK.
Make sure httpd and mysqld are running, then start phpmyadmin, login, delete the previous test database testphp8026, create a new database testphp8027 and create a new table with PK and unique key and timestamp and insert some values.
All works OK, good to go.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK

Comment 5 Thomas Andrews 2023-01-16 17:28:59 CET
Validating. Advisory in comment 3.

CC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => validated_update

Dave Hodgins 2023-01-24 01:38:50 CET

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 6 Mageia Robot 2023-01-24 09:00:22 CET
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2023-0013.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.