openSUSE Build Service

File _patchinfo of Package patchinfo

<patchinfo incident="18353">
  <issue tracker="cve" id="2022-31629"/>
  <issue tracker="cve" id="2024-2756"/>
  <issue tracker="cve" id="2024-3096"/>
  <issue tracker="bnc" id="1222858">VUL-0: CVE-2024-3096: php5,php53,php7,php72,php74,php8: php: password_verify can erroneously return true, opening ATO risk</issue>
  <issue tracker="bnc" id="1222857">VUL-0: CVE-2024-2756: php5,php53,php7,php72,php74,php8: php: host/secure cookie bypass due to partial  fix</issue>
  <packager>pgajdos</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for php81</summary>
  <description>This update for php81 fixes the following issues:

Version update to 8.1.28

* Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
  partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos) [boo#1222857]
* Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
  opening ATO risk). (CVE-2024-3096) (Jakub Zelenka) [boo#1222858]
</description>
</patchinfo>
Places

File _patchinfo of Package patchinfo

Places
