| Errata ID | 648 |
|---|---|
| Date | 2020-03-11 |
| Source package | php7.0 |
| Fixed in version | 7.0.33-0+deb9u7 |
| Description | This update addresses the following issues: * PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte (CVE-2019-11045) * Out-of-bounds read in bc_shift_addsub (CVE-2019-11046) * Information disclosure in exif_read_data() (CVE-2019-11047) * Out-of-bounds read when parsing EXIF information (CVE-2019-11050) * Out of bounds read in php_strip_tags_ex (CVE-2020-7059) * Global buffer-overflow in mbfl_filt_conv_big5_wchar function (CVE-2020-7060) |
| Additional notes | |
| CVE ID | CVE-2019-11045 CVE-2019-11046 CVE-2019-11047 CVE-2019-11050 CVE-2020-7059 CVE-2020-7060 |
| UCS Bug number | #50919 |
