All errata/sisyphus_e2k/ALT-PU-2022-6397-1
ALT-PU-2022-6397-1

Package update php7-tidy in branch sisyphus_e2k

Version7.4.32-alt1
Task#0
Published2022-10-05
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2022-31628
MEDIUM5.5

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the phar uncompressor code would recursively uncompress "quines" gzip files, resulting in an infinite loop.

Published: 2022-09-28Modified: 2024-11-21
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2022-31629
MEDIUM6.5

In PHP versions before 7.4.31, 8.0.24 and 8.1.11, the vulnerability enables network and same-site attackers to set a standard insecure cookie in the victim's browser which is treated as a `__Host-` or `__Secure-` cookie by PHP applications.

Published: 2022-09-28Modified: 2025-11-04
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
References