Thanks for your report. Security updates are usually done by patching the released package with the specific fix needed to address the problem, trying to minimize changes in behavior and the regression risk. New releases of software packages are normally not backported to existing Ubuntu releases, unless there is a very good reason to do so.
In the security advisory you linked the "Arbitrary Code Execution" seems to be due to CVE-2019-13224, which does not affect the version of php currently in Bionic. The other bugs mentioned in the advisory do not seem to be security-related. It's more like a "kitchen sink" report. This said, did you hit any of the bugs mentioned in the advisory? If you did, please comment back adding all the relevant details, or even better open a new bug report for the specific issue. You may find it helpful to read "How to report bugs effectively" http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. I'm setting the status of this report to Incomplete for the moment. Should you have more information to add here please do so in a comment and set the bug status back to New. Thanks! ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13224 ** Changed in: php7.2 (Ubuntu) Status: New => Incomplete -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1843591 Title: Security issues related to php7.2.19 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php7.2/+bug/1843591/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs