[ol8_appstream] php-enchant-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64

The php-enchant package contains a dynamic shared object that will add
support for using the enchant library to PHP.

Changelog (Show File list) (Show related packages)

• Mon Jan 19 2026 Remi Collet <rcollet@redhat.com> - 7.4.33-3

  - Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
    GHSA-4w77-75f9-2c8w
  - Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
    CVE-2024-11234
  - Fix Single byte overread with convert.quoted-printable-decode filter
    CVE-2024-11233
  - Fix Leak partial content of the heap through heap buffer over-read
    CVE-2024-8929
  - Fix libxml streams use wrong `content-type` header when requesting a redirected resource
    CVE-2025-1219
  - Fix Stream HTTP wrapper header check might omit basic auth header
    CVE-2025-1736
  - Fix Stream HTTP wrapper truncate redirect location to 1024 bytes
    CVE-2025-1861
  - Fix Streams HTTP wrapper does not fail for headers without colon
    CVE-2025-1734
  - Fix Header parser of `http` stream wrapper does not handle folded headers
    CVE-2025-1217
  - Fix pgsql extension does not check for errors during escaping
    CVE-2025-1735
  - Fix NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
    CVE-2025-6491
  - Fix Null byte termination in hostnames
    CVE-2025-1220
  - Fix Null byte termination in dns_get_record()
    GHSA-www2-q4fc-65wf
  - Fix Heap buffer overflow in array_merge()
    CVE-2025-14178
  - Fix Information Leak of Memory in getimagesize
    CVE-2025-14177

• Wed Nov 13 2024 Remi Collet <rcollet@redhat.com> - 7.4.33-2

  - fix low/moderate CVEs
    RHEL-66589
  - Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
    CVE-2024-8927
  - Fix Logs from childrens may be altered
    CVE-2024-9026
  - Fix Erroneous parsing of multipart form data
    CVE-2024-8925
  - Fix filter bypass in filter_var FILTER_VALIDATE_URL
    CVE-2024-5458
  - Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
    CVE-2024-2756
  - Fix password_verify can erroneously return true opening ATO risk
    CVE-2024-3096
  - Fix Security issue with external entity loading in XML without enabling it
    CVE-2023-3823
  - Fix Buffer mismanagement in phar_dir_read()
    CVE-2023-3824
  - Fix Missing error check and insufficient random bytes in HTTP Digest
    authentication for SOAP
    CVE-2023-3247
  - fix #81744: Password_verify() always return true with some hash
    CVE-2023-0567
  - fix #81746: 1-byte array overrun in common path resolve code
    CVE-2023-0568
  - fix DOS vulnerability when parsing multipart request body
    CVE-2023-0662

• Fri Jan 13 2023 Remi Collet <rcollet@redhat.com> - 7.4.33-1

  - rebase to 7.4.33
  - fix: due to an integer overflow PDO::quote() may return unquoted string
    CVE-2022-31631

• Thu Jul 07 2022 Remi Collet <rcollet@redhat.com> - 7.4.30-1

  - rebase to 7.4.30 #2099615

• Wed Jun 22 2022 Remi Collet <rcollet@redhat.com> - 7.4.19-3

  - fix password of excessive length triggers buffer overflow leading to RCE
    CVE-2022-31626

• Wed Jan 19 2022 Remi Collet <rcollet@redhat.com> - 7.4.19-2

  - fix SSRF bypass in FILTER_VALIDATE_URL
    CVE-2021-21705
  - fix Local privilege escalation via PHP-FPM
    CVE-2021-21703

• Thu May 20 2021 Remi Collet <rcollet@redhat.com> - 7.4.19-1

  - rebase to 7.4.19 #1944110

• Mon Jun 15 2020 Remi Collet <rcollet@redhat.com> - 7.4.6-4

  - fix regression in 7.4.6 with generators and exception

• Wed May 27 2020 Remi Collet <rcollet@redhat.com> - 7.4.6-3

  - build phpdbg only once
  - fix regression in 7.4.6 when yielding an array based generator

• Wed May 20 2020 Remi Collet <rcollet@redhat.com> - 7.4.6-2

  - use php-config from embed SAPI to reduce used libs