Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: rhel-10.0.beta
Affects Version/s: CentOS Stream 10, rhel-10.0.beta
Component/s: php
Labels:
- rebase

Regression:
None
Severity:
None
Keywords:

Rebase

Pool Team:

rhel-sst-cs-stacks
Sub-System Group:

ssg_core_services

Internal Target Milestone:
22
Story Points:
2
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
None
Products:

Red Hat Enterprise Linux
Sprint:
None

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/136750
Gating Tests:

Enabled
Test Coverage:

Automated

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Rebase to 8.3.7

So fix low CVEs

CVE-2024-2756 _Host-/_Secure- cookie bypass due to partial CVE-2022-31629 fix
CVE-2024-3096 password_verify can erroneously return true,
opening ATO risk
CVE-2024-2757 mb_encode_mimeheader runs endlessly for some inputs

And add backport for ARGON2 support from OpenSSL 3.2 (from 8.4)

Assignee:: Remi Collet

Reporter:: Remi Collet

Developer:: Remi Collet

QA Contact:: Iveta Cesalova

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2024/05/16 7:33 AM

Updated:: 2024/11/20 10:02 AM

Target end:: 2024/07/29