Bug 1766673 - rh-php72 security updates missing
Summary: rh-php72 security updates missing
Status: NEW
Alias: None
Product: softwarecollections.org
Classification: Community
Component: rh-php71
Version: 1.0
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Remi Collet
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2019-10-29 16:11 UTC by christoph.perner
Modified: 2020-01-07 13:48 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description christoph.perner 2019-10-29 16:11:14 UTC
Description of problem:
Seems that rh-php72 gots a kind of lost.
I was wondering why are no updates where released for the php72 packages since December 2018.
According to the CVE List where were a lot of CVEs in the meanwhile:
I also found this CVEs mentioned in the Redhat Product Erratas, but only for PHP 7.1:

As PHP 7.1 goes EOL end of the month via rhscl and 7.0 will follow next month PHP 7.2 gets the only still supported Version via rhscl. (according to https://access.redhat.com/support/policy/updates/rhscl)

Also in the bugtracker rh-php72 is not listed by now as a selectable Component.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. yum install rh-php72 on CentOS7 or look at http://mirror.centos.org/centos/7/sclo/x86_64/rh/rh-php72/

Actual results:
See only Version 7.2.10-3.el7 from 5.12.2018

Expected results:
See an updated Version fixing newer PHP CVEs since End of 2018

Additional info:

Comment 1 Neil Neyman 2019-11-01 16:07:57 UTC
This needs to be patched ASAP; the latest version of rh-php72 from Redhat SCL is failing scans because of critical vulnerabilities on our web servers.   Please provide an update to all php 7.2 pachages in SCL.

Comment 2 christoph.perner 2019-12-05 09:35:55 UTC
Any updates on this?
This is urgent as it's a security issue!

Note You need to log in before you can comment on or make changes to this bug.