[ol8_appstream] php-gd-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64

Name:	php-gd
Version:	7.4.33
Release:	2.module+el8.10.0+90472+f810484b
Architecture:	aarch64
Module:	php:7.4:8100020241212051802:3924b0c1
Group:	Unspecified
Size:	136722
License:	PHP
RPM:	php-gd-7.4.33-2.module+el8.10.0+90472+f810484b.aarch64.rpm
Source RPM:	php-7.4.33-2.module+el8.10.0+90472+f810484b.src.rpm
Build Date:	Thu Dec 12 2024
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
URL:	http://www.php.net/
Summary:	A module for PHP applications for using the gd graphics library
Description:	The php-gd package contains a dynamic shared object that will add support for using the gd graphics library to PHP.

Changelog (Show File list) (Show related packages)

Wed Nov 13 2024 Remi Collet <rcollet@redhat.com> - 7.4.33-2

- fix low/moderate CVEs
  RHEL-66589
- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
  CVE-2024-8927
- Fix Logs from childrens may be altered
  CVE-2024-9026
- Fix Erroneous parsing of multipart form data
  CVE-2024-8925
- Fix filter bypass in filter_var FILTER_VALIDATE_URL
  CVE-2024-5458
- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096
- Fix Security issue with external entity loading in XML without enabling it
  CVE-2023-3823
- Fix Buffer mismanagement in phar_dir_read()
  CVE-2023-3824
- Fix Missing error check and insufficient random bytes in HTTP Digest
  authentication for SOAP
  CVE-2023-3247
- fix #81744: Password_verify() always return true with some hash
  CVE-2023-0567
- fix #81746: 1-byte array overrun in common path resolve code
  CVE-2023-0568
- fix DOS vulnerability when parsing multipart request body
  CVE-2023-0662

Fri Jan 13 2023 Remi Collet <rcollet@redhat.com> - 7.4.33-1

- rebase to 7.4.33
- fix: due to an integer overflow PDO::quote() may return unquoted string
  CVE-2022-31631

Thu Jul 07 2022 Remi Collet <rcollet@redhat.com> - 7.4.30-1
```
- rebase to 7.4.30 #2099615
```

Wed Jun 22 2022 Remi Collet <rcollet@redhat.com> - 7.4.19-3

- fix password of excessive length triggers buffer overflow leading to RCE
  CVE-2022-31626

Wed Jan 19 2022 Remi Collet <rcollet@redhat.com> - 7.4.19-2

- fix SSRF bypass in FILTER_VALIDATE_URL
  CVE-2021-21705
- fix Local privilege escalation via PHP-FPM
  CVE-2021-21703

Thu May 20 2021 Remi Collet <rcollet@redhat.com> - 7.4.19-1
```
- rebase to 7.4.19 #1944110
```
Mon Jun 15 2020 Remi Collet <rcollet@redhat.com> - 7.4.6-4
```
- fix regression in 7.4.6 with generators and exception
```

Wed May 27 2020 Remi Collet <rcollet@redhat.com> - 7.4.6-3

- build phpdbg only once
- fix regression in 7.4.6 when yielding an array based generator

Wed May 20 2020 Remi Collet <rcollet@redhat.com> - 7.4.6-2
```
- use php-config from embed SAPI to reduce used libs
```

Fri May 15 2020 Remi Collet <rcollet@redhat.com> - 7.4.6-1

- update to 7.4.6
- add ffi extension
- add /usr/share/php/preload as default ffi.preload configuration
- run FPM tests
- set opcache.enable_cli in provided default configuration
- ensure all shared extensions can be loaded
- drop wddx, recode and extensions
- run test suite using 4 concurrent workers