Bug 1755880

Summary: PHP security fix
Product: [Fedora] Fedora Reporter: Remi Collet <fedora>
Component: onigurumaAssignee: Mamoru TASAKA <mtasaka>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 30CC: ktdreyer, mtasaka, no1youknowz
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: oniguruma-6.9.1-3.fc29 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-11-21 02:02:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Remi Collet 2019-09-26 11:40:25 UTC 
PHP 7.3.10 include a security fix from oniguruma

See https://bugs.php.net/bug.php?id=78559

Upstream fix:
https://github.com/kkos/oniguruma/commit/d3e402928b6eb3327f8f7d59a9edfa622fec557b


Perhaps worth to be included in Fedora package.

Notice: this heap-buffer-overflow is only detected by AddressSanitizer
Comment 1 Remi Collet 2019-10-04 12:09:18 UTC 
Also
https://github.com/kkos/oniguruma/commit/15c4228aa2ffa02140a99912dd3177df0b1841c6
Comment 2 Fedora Update System 2019-11-12 04:15:26 UTC 
FEDORA-2019-e4819c6510 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-e4819c6510
Comment 3 Fedora Update System 2019-11-12 05:12:34 UTC 
FEDORA-2019-6a931c8eec has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a931c8eec
Comment 4 Fedora Update System 2019-11-13 10:46:26 UTC 
oniguruma-6.9.2-3.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-e4819c6510
Comment 5 Fedora Update System 2019-11-13 12:05:15 UTC 
oniguruma-6.9.1-3.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-6a931c8eec
Comment 6 Remi Collet 2019-11-13 14:25:25 UTC 
Thanks a lot
Comment 7 Fedora Update System 2019-11-21 00:55:12 UTC 
oniguruma-6.9.2-3.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2019-11-21 02:02:18 UTC 
oniguruma-6.9.1-3.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.