Overview

File _patchinfo of Package patchinfo.37963

<patchinfo incident="37963">
  <issue tracker="cve" id="2025-1861"/>
  <issue tracker="cve" id="2025-1736"/>
  <issue tracker="cve" id="2025-1219"/>
  <issue tracker="cve" id="2024-11235"/>
  <issue tracker="cve" id="2025-1734"/>
  <issue tracker="cve" id="2025-1217"/>
  <issue tracker="bnc" id="1239669">VUL-0: CVE-2025-1861: php53,php7,php72,php74,php8: Stream HTTP wrapper truncate redirect location to 1024 bytes</issue>
  <issue tracker="bnc" id="1239666">VUL-0: CVE-2024-11235: php53,php7,php72,php74,php8: Reference counting in php_request_shutdown causes Use-After-Free</issue>
  <issue tracker="bnc" id="1239667">VUL-0: CVE-2025-1219: php53,php7,php72,php74,php8: libxml streams use wrong `content-type` header when requesting a redirected resource</issue>
  <issue tracker="bnc" id="1239668">VUL-0: CVE-2025-1734: php53,php7,php72,php74,php8: Streams HTTP wrapper does not fail for headers with invalid name and no colon</issue>
  <issue tracker="bnc" id="1239670">VUL-0: CVE-2025-1736: php53,php7,php72,php74,php8: Stream HTTP wrapper header check might omit basic auth header</issue>
  <issue tracker="bnc" id="1239664">VUL-0: CVE-2025-1217: php53,php7,php72,php74,php8: Header parser of `http` stream wrapper does not handle folded headers</issue>
  <packager>pgajdos</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for php7</summary>
  <description>This update for php7 fixes the following issues:

- CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666)
- CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers (bsc#1239664)
- CVE-2025-1219: Fixed libxml streams using wrong content-type header when requesting a redirected resource (bsc#1239667)
- CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668)
- CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670)
- CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places