Hi all,
I am inspecting the last update in lang/php72 port
(https://svnweb.freebsd.org/ports?view=revision&revision=545454),
and the changelog shows the following:
lang/php72: Update from 7.2.22 to 7.2.23
Changelog:
Core:
Fixed bug #79877 (getimagesize function silently truncates
after a null byte) (cmb)
Phar:
Fixed bug #79797 (Use of freed hash key in the
phar_parse_zipfile function). (CVE-2020-7068)
Unless I am misunderstanding something, it seems to be wrong: that
changelog references to 7.2.33 update instead of the 7.2.23 one, and
on the other hand in the Makefile also references the wrong version
7.2.32.
In short, I think what needs to be done is to update the port to the
7.2.33 version to cover CVE-2020-7068.
Regards
_______________________________________________
freebsd-ports@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"
