Bug 1766673 - rh-php72 security updates missing
Summary: rh-php72 security updates missing
Keywords:
Status: NEW
Alias: None
Product: softwarecollections.org
Classification: Community
Component: rh-php71
Version: 1.0
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
Assignee: Remi Collet
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-10-29 16:11 UTC by christoph.perner
Modified: 2020-01-07 13:48 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description christoph.perner 2019-10-29 16:11:14 UTC
Description of problem:
Seems that rh-php72 gots a kind of lost.
I was wondering why are no updates where released for the php72 packages since December 2018.
According to the CVE List where were a lot of CVEs in the meanwhile:
https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128/version_id-269705/PHP-PHP-7.2.10.html
I also found this CVEs mentioned in the Redhat Product Erratas, but only for PHP 7.1:
https://access.redhat.com/errata/RHSA-2019:2519

As PHP 7.1 goes EOL end of the month via rhscl and 7.0 will follow next month PHP 7.2 gets the only still supported Version via rhscl. (according to https://access.redhat.com/support/policy/updates/rhscl)

Also in the bugtracker rh-php72 is not listed by now as a selectable Component.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. yum install rh-php72 on CentOS7 or look at http://mirror.centos.org/centos/7/sclo/x86_64/rh/rh-php72/


Actual results:
See only Version 7.2.10-3.el7 from 5.12.2018

Expected results:
See an updated Version fixing newer PHP CVEs since End of 2018

Additional info:

Comment 1 Neil Neyman 2019-11-01 16:07:57 UTC
This needs to be patched ASAP; the latest version of rh-php72 from Redhat SCL is failing scans because of critical vulnerabilities on our web servers.   Please provide an update to all php 7.2 pachages in SCL.

Comment 2 christoph.perner 2019-12-05 09:35:55 UTC
Any updates on this?
This is urgent as it's a security issue!


Note You need to log in before you can comment on or make changes to this bug.