File _patchinfo of Package patchinfo.33467

<patchinfo incident="33467">
  <issue tracker="cve" id="2024-3096"/>
  <issue tracker="cve" id="2024-2756"/>
  <issue tracker="cve" id="2024-5458"/>
  <issue tracker="bnc" id="1226073">VUL-0: CVE-2024-5458: php5,php53,php7,php72,php74,php8: filter bypass in filter_var FILTER_VALIDATE_URL</issue>
  <issue tracker="bnc" id="1222857">VUL-0: CVE-2024-2756: php5,php53,php7,php72,php74,php8: php: host/secure cookie bypass due to partial  fix</issue>
  <issue tracker="bnc" id="1222858">VUL-0: CVE-2024-3096: php5,php53,php7,php72,php74,php8: php: password_verify can erroneously return true, opening ATO risk</issue>
  <packager>pgajdos</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for php7</summary>
  <description>This update for php7 fixes the following issues:

- CVE-2024-2756: Fixed bypass of security fix applied for CVE-2022-31629 that lead PHP to consider not secure cookies as secure (bsc#1222857)
- CVE-2024-3096: Fixed bypass on null byte leading passwords checked via password_verify (bsc#1222858)
- CVE-2024-5458: Fixed an issue that allows to bypass filters in filter_var FILTER_VALIDATE_URL. (bsc#1226073)
</description>
</patchinfo>