Vulnerability roundup 84: php-7.4.6: 2 advisories #88381

ckauhaus · 2020-05-20T11:12:21Z

CVE-2020-7065 CVSSv3=8.8 (nixos-unstable)
CVE-2020-7064 CVSSv3=5.4 (nixos-unstable)

Scanned versions: nixos-unstable: 0f5ce2f. May contain false positives.

The text was updated successfully, but these errors were encountered:

ckauhaus · 2020-06-25T14:05:41Z

https://nvd.nist.gov/vuln/detail/CVE-2020-7065 talks about PHP 7.4.34 which does not exist. The mentioned mb_strtolower bug has been fixed in 7.4.4 and 7.3.16. So this is a false positive.
Similar for https://nvd.nist.gov/vuln/detail/CVE-2020-7064: bogus PHP versions mentioned in the CVE. PHP 7.4.34 does not exist again, and the changelogs don't mention anything similar for 7.3.16.

Point releases contain several security updates and bugfixes. Changelog: https://www.php.net/ChangeLog-7.php#7.4.7 Fixes #88381

ckauhaus added the 1.severity: security label May 20, 2020

ckauhaus mentioned this issue Jun 18, 2020

Vulnerability roundup 85: php-7.4.6: 2 advisories [8.8] #90924

Closed

2 tasks

ckauhaus closed this as completed Jun 25, 2020

Ma27 pushed a commit that referenced this issue Jun 25, 2020

php: 7.2.29 -> 7.2.31, 7.3.16 -> 7.3.19, 7.4.6 -> 7.4.7

1d805c9

Point releases contain several security updates and bugfixes. Changelog: https://www.php.net/ChangeLog-7.php#7.4.7 Fixes #88381

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Vulnerability roundup 84: php-7.4.6: 2 advisories #88381

Vulnerability roundup 84: php-7.4.6: 2 advisories #88381

ckauhaus commented May 20, 2020

ckauhaus commented Jun 25, 2020

Vulnerability roundup 84: php-7.4.6: 2 advisories #88381

Vulnerability roundup 84: php-7.4.6: 2 advisories #88381

Comments

ckauhaus commented May 20, 2020

ckauhaus commented Jun 25, 2020