PHP has a MRE generally (Microrelease Exception) and gets regular updates in the security and updates pocket via upstream dotreleases.
On Thu, Sep 12, 2019 at 6:41 AM Paride Legovini < paride.legov...@canonical.com> wrote: > Thanks for your report. Security updates are usually done by patching > the released package with the specific fix needed to address the > problem, trying to minimize changes in behavior and the regression risk. > New releases of software packages are normally not backported to > existing Ubuntu releases, unless there is a very good reason to do so. > > In the security advisory you linked the "Arbitrary Code Execution" seems > to be due to CVE-2019-13224, which does not affect the version of php > currently in Bionic. The other bugs mentioned in the advisory do not > seem to be security-related. It's more like a "kitchen sink" report. > > This said, did you hit any of the bugs mentioned in the advisory? If you > did, please comment back adding all the relevant details, or even better > open a new bug report for the specific issue. You may find it helpful to > read "How to report bugs effectively" > http://www.chiark.greenend.org.uk/~sgtatham/bugs.html. > > I'm setting the status of this report to Incomplete for the moment. > Should you have more information to add here please do so in a comment > and set the bug status back to New. Thanks! > > ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2019-13224 > > ** Changed in: php7.2 (Ubuntu) > Status: New => Incomplete > > -- > You received this bug notification because you are subscribed to php7.2 > in Ubuntu. > Matching subscriptions: PHP7.2 > https://bugs.launchpad.net/bugs/1843591 > > Title: > Security issues related to php7.2.19 > > To manage notifications about this bug go to: > > https://bugs.launchpad.net/ubuntu/+source/php7.2/+bug/1843591/+subscriptions > > Launchpad-Notification-Type: bug > Launchpad-Bug: distribution=ubuntu; sourcepackage=php7.2; component=main; > status=Incomplete; importance=Undecided; assignee=None; > Launchpad-Bug-Information-Type: Public > Launchpad-Bug-Private: no > Launchpad-Bug-Security-Vulnerability: no > Launchpad-Bug-Commenters: legovini wdarking > Launchpad-Bug-Reporter: Gilmar Pereira (wdarking) > Launchpad-Bug-Modifier: Paride Legovini (legovini) > Launchpad-Message-Rationale: Subscriber (php7.2 in Ubuntu) > Launchpad-Message-For: nacc > Launchpad-Subscription: PHP7.2 > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1843591 Title: Security issues related to php7.2.19 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php7.2/+bug/1843591/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs