Debian Package Tracker

general

source: php7.4 (main)
version: 7.4.3-4
maintainer: Debian PHP Maintainers (DMD)
uploaders: Lior Kaplan [DMD] – Ondřej Surý [DMD]
arch: all any
std-ver: 4.5.0.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

testing: 7.4.3-4
unstable: 7.4.3-4

versioned links

7.4.3-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

libapache2-mod-php7.4
libphp7.4-embed
php7.4 (1 bugs: 0, 1, 0, 0)
php7.4-bcmath
php7.4-bz2
php7.4-cgi
php7.4-cli
php7.4-common
php7.4-curl
php7.4-dba
php7.4-dev
php7.4-enchant (1 bugs: 0, 1, 0, 0)
php7.4-fpm (2 bugs: 0, 1, 1, 0)
php7.4-gd
php7.4-gmp
php7.4-imap
php7.4-interbase
php7.4-intl
php7.4-json
php7.4-ldap
php7.4-mbstring
php7.4-mysql
php7.4-odbc
php7.4-opcache
php7.4-pgsql
php7.4-phpdbg
php7.4-pspell
php7.4-readline
php7.4-snmp
php7.4-soap
php7.4-sqlite3
php7.4-sybase
php7.4-tidy
php7.4-xml
php7.4-xmlrpc
php7.4-xsl
php7.4-zip

action needed

A new upstream version is available: 7.4.4 high

A new upstream version 7.4.4 is available, you should consider packaging it.

Created: 2020-03-22 Last update: 2020-04-05 17:37

3 security issues in sid high

There are 3 open security issues in sid.

3 important issues:

CVE-2020-7064: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
CVE-2020-7065: In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
CVE-2020-7066: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.

Please fix them.

Created: 2020-04-01 Last update: 2020-04-02 06:48

3 security issues in bullseye high

There are 3 open security issues in bullseye.

3 important issues:

CVE-2020-7064: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory. This could potentially lead to information disclosure or crash.
CVE-2020-7065: In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution.
CVE-2020-7066: In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.34, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it. This may cause some software to make incorrect assumptions about the target of the get_headers() and possibly send some information to a wrong server.

Please fix them.

Created: 2020-04-01 Last update: 2020-04-02 06:48

3 bugs tagged patch in the BTS normal

The BTS contains patches fixing 3 bugs, consider including or untagging them.

Created: 2020-02-26 Last update: 2020-04-05 19:01

Does not build reproducibly during testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2020-02-25 Last update: 2020-04-05 18:00

Depends on packages which need a new maintainer normal

The packages that php7.4 depends on which need a new maintainer are:

qdbm (#890504)
- Build-Depends: libqdbm-dev
- Depends: libqdbm14

Created: 2020-02-02 Last update: 2020-04-05 17:04

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 7.4.4-1, distribution unstable) and new commits in its VCS. You should consider whether it's time to make an upload.

Created: 2019-12-02 Last update: 2020-04-02 05:34

testing migrations

This package will soon be part of the auto-icu transition. You might want to ensure that your package is ready for it. You can probably find supplementary information in the debian-release archives or in the corresponding release.debian.org bug.

news

[rss feed]

[2020-02-25] php7.4 7.4.3-4 MIGRATED to testing (Debian testing watch)
[2020-02-23] Accepted php7.4 7.4.3-4 (source) into unstable (Ondřej Surý)
[2020-02-21] Accepted php7.4 7.4.3-3 (source) into unstable (Ondřej Surý)
[2020-02-20] Accepted php7.4 7.4.3-1 (source) into unstable (Ondřej Surý)
[2020-02-08] Accepted php7.4 7.4.2-7 (source) into unstable (Ondřej Surý)
[2020-02-02] Accepted php7.4 7.4.1-1 (source amd64 all) into unstable (Ondřej Surý)
[2019-12-01] Accepted php7.4 7.4.0~rc6-1 (source amd64 all) into experimental, experimental (Ondřej Surý)

bugs [bug history graph]

all: 6
RC: 0
I&N: 4
M&W: 2
F&P: 0
patch: 3

links

homepage
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker
screenshots
debci

ubuntu

[Information about Ubuntu for Debian Developers]

version: 7.4.3-4build2