Date: Tue, 25 Aug 2020 22:49:19 +0200 From: =?UTF-8?B?Sm9zw6kgR2FyY8OtYSBKdWFuaW5v?= <jjuanino@gmail.com> To: ports <freebsd-ports@freebsd.org> Cc: tz@freebsd.org Subject: lang/php72: last changelog references to wrong version, please update to 7.2.33 Message-ID: <CAAVO5%2BJRbHfncp4ojXDYLh9AKwcOad1ztwPvMogtRk7-ztSQFw@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, I am inspecting the last update in lang/php72 port (https://svnweb.freebsd.org/ports?view=revision&revision=545454), and the changelog shows the following: lang/php72: Update from 7.2.22 to 7.2.23 Changelog: Core: Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb) Phar: Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068) Unless I am misunderstanding something, it seems to be wrong: that changelog references to 7.2.33 update instead of the 7.2.23 one, and on the other hand in the Makefile also references the wrong version 7.2.32. In short, I think what needs to be done is to update the port to the 7.2.33 version to cover CVE-2020-7068. Regards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAVO5%2BJRbHfncp4ojXDYLh9AKwcOad1ztwPvMogtRk7-ztSQFw>