File _patchinfo of Package patchinfo.33461
<patchinfo incident="33461">
<issue tracker="cve" id="2024-3096"/>
<issue tracker="cve" id="2024-2756"/>
<issue tracker="bnc" id="1222857">VUL-0: CVE-2024-2756: php5,php53,php7,php72,php74,php8: php: host/secure cookie bypass due to partial fix</issue>
<issue tracker="bnc" id="1222858">VUL-0: CVE-2024-3096: php5,php53,php7,php72,php74,php8: php: password_verify can erroneously return true, opening ATO risk</issue>
<packager>pgajdos</packager>
<rating>moderate</rating>
<category>security</category>
<summary>Security update for php7</summary>
<description>This update for php7 fixes the following issues:
- CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure (bsc#1222857)
- CVE-2024-3096: Fixed bypass on null byte leading passwords checked via password_verify (bsc#1222858)
</description>
</patchinfo>