Overview

File _patchinfo of Package patchinfo.14672

<patchinfo incident="14672">
  <issue tracker="cve" id="2020-7064"/>
  <issue tracker="cve" id="2020-7066"/>
  <issue tracker="bnc" id="1168326">VUL-1: CVE-2020-7064: php5,php72,php7,php53:  read one byte of uninitialized memory via malicious data</issue>
  <issue tracker="bnc" id="1168352">VUL-1: CVE-2020-7066: php72,php7: URL truncation if the URL contains zero (\0) character</issue>
  <issue tracker="bnc" id="1171999">VUL-0: CVE-2019-11048: php5,php72,php7,php53: supplying overly long filenames or field names if HTTP file uploads are allowed could lead to exhausting disk space on the server</issue>
  <issue tracker="cve" id="2019-11048"/>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for php72</summary>
  <description>This update for php72 fixes the following issues:

- CVE-2020-7064: Fixed a one byte read of uninitialized memory in exif_read_data() (bsc#1168326).
- CVE-2020-7066: Fixed URL truncation get_headers() if the URL contains zero (\0) character (bsc#1168352).
- CVE-2019-11048: Improved the handling of overly long filenames or field names in HTTP file uploads (bsc#1171999).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places