[Buildroot] [PATCH 1/1] php: security bump to 7.3.1
Peter Korsgaard
peter at korsgaard.com
Tue Jan 29 16:27:25 UTC 2019
>>>>> "aduskett" == aduskett <aduskett at gmail.com> writes:
> From: Adam Duskett <Aduskett at gmail.com>
> Fixes the following security issue:
> - CVE-2018-19935: Allows remote attackers to cause a denial of service
> (NULL pointer dereference and application crash) via an empty string in the
> message argument to the imap_mail function.
> https://www.cvedetails.com/cve/CVE-2018-19935/
> Signed-off-by: Adam Duskett <Aduskett at gmail.com>
Given the fallout from moving to 7.3.x, I have NOT applied this to
2018.02.x / 2018.11.x. Instead I have applied a patch to bump the
version to 7.2.14, which fixes the same CVE.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list