lang/php72: last changelog references to wrong version, please update to 7.2.33
José García Juanino
jjuanino at gmail.com
Tue Aug 25 20:49:33 UTC 2020
Hi all,
I am inspecting the last update in lang/php72 port
(https://svnweb.freebsd.org/ports?view=revision&revision=545454),
and the changelog shows the following:
lang/php72: Update from 7.2.22 to 7.2.23
Changelog:
Core:
Fixed bug #79877 (getimagesize function silently truncates
after a null byte) (cmb)
Phar:
Fixed bug #79797 (Use of freed hash key in the
phar_parse_zipfile function). (CVE-2020-7068)
Unless I am misunderstanding something, it seems to be wrong: that
changelog references to 7.2.33 update instead of the 7.2.23 one, and
on the other hand in the Makefile also references the wrong version
7.2.32.
In short, I think what needs to be done is to update the port to the
7.2.33 version to cover CVE-2020-7068.
Regards
More information about the freebsd-ports
mailing list