CLD-377 Details

Other IDs this deficiency may be known by:

CVE ID None
Other ID(s) fixed-in-7.2.5

Basic Information:

Affected Package(s) php
Deficiency Type SECURITY
Date Created 2018-04-26 17:01:55
Date Last Modified 2018-04-26 17:04:40

Version Specific Information:

Cucumber 1.0 i686 not affected
Cucumber 1.0 x86_64 not affected

Cucumber 1.1 i686 fixed in php-7.2.5-i686-1
Cucumber 1.1 x86_64 fixed in php-7.2.5-x86_64-1

Details:

From https://secure.php.net/ChangeLog-7.php#7.2.5. All of these were fixes in
php-7.2.5 on Cucumber Linux 1.1:

    Core:
        Fixed bug #75722 (Convert valgrind detection to configure option).
    Date:
        Fixed bug #76131 (mismatch arginfo for date_create).
    Exif:
        Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value).
    FPM:
        Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long).
        Fixed incorrect write to getenv result in FPM reload.
    GD:
        Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).
    iconv:
        Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence).
    intl:
        Fixed bug #76153 (Intl compilation fails with icu4c 61.1).
    ldap:
        Fixed bug #76248 (Malicious LDAP-Server Response causes Crash).
    mbstring:
        Fixed bug #75944 (Wrong cp1251 detection).
        Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).
    ODBC:
        Fixed bug #76088 (ODBC functions are not available by default on Windows).
    Opcache:
        Fixed bug #76094 (Access violation when using opcache).
    Phar:
        Fixed bug #76129 (fix for CVE-2018-5712 may not be complete).
    phpdbg:
        Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite).
    SPL:
        Fixed bug #76131 (mismatch arginfo for splarray constructor).
    standard:
        Fixed bug #74139 (mail.add_x_header default inconsistent with docs).
        Fixed bug #75996 (incorrect url in header for mt_rand).