Overview

File _patchinfo of Package patchinfo.39648

<patchinfo incident="39648">
  <issue tracker="cve" id="2025-1220"/>
  <issue tracker="cve" id="2025-1735"/>
  <issue tracker="cve" id="2025-6491"/>
  <issue tracker="bnc" id="1246167">VUL-0: CVE-2025-1220: php53,php7,php8: unprocessed null bytes in hostnames can lead to SSRF</issue>
  <issue tracker="bnc" id="1246146">VUL-0: CVE-2025-1735: php53,php7,php8: pgsql extension does not properly handle errors within escape functions</issue>
  <issue tracker="bnc" id="1246148">VUL-0: CVE-2025-6491: php53,php7,php8: NULL pointer dereference when processing a SoapVar with a fully qualified name that is longer than 2G</issue>
  <packager>pgajdos</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for php7</summary>
  <description>This update for php7 fixes the following issues:

- CVE-2025-1220: Fixed null byte termination in hostnames (bsc#1246167)
- CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping (bsc#1246146)
- CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix (bsc#1246148)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places