Package php-xml-8.0.30-4.el9_7.x86_64 content_copy download

×

* Fri Oct 03 2025 Remi Collet <rcollet@redhat.com> - 8.0.30-4
- Fix pgsql extension does not check for errors during escaping
  CVE-2025-1735
- Fix NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
  CVE-2025-6491
- Fix Null byte termination in hostnames
  CVE-2025-1220
- Fix soap memory corruption
- Fix ldap_set_option() not applied on different ldap connections

* Thu Mar 13 2025 Remi Collet <rcollet@redhat.com> - 8.0.30-3
- Fix libxml streams use wrong `content-type` header when requesting a redirected resource
  CVE-2025-1219
- Fix Stream HTTP wrapper header check might omit basic auth header
  CVE-2025-1736
- Fix Stream HTTP wrapper truncate redirect location to 1024 bytes
  CVE-2025-1861
- Fix Streams HTTP wrapper does not fail for headers without colon
  CVE-2025-1734
- Fix Header parser of `http` stream wrapper does not handle folded headers
  CVE-2025-1217

* Tue Jan 21 2025 Remi Collet <rcollet@redhat.com> - 8.0.30-2
- Fix Leak partial content of the heap through heap buffer over-read
  CVE-2024-8929
- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
  CVE-2024-11234
- Fix Single byte overread with convert.quoted-printable-decode filter
  CVE-2024-11233
- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
  CVE-2024-8927
- Fix Logs from childrens may be altered
  CVE-2024-9026
- Fix Erroneous parsing of multipart form data
  CVE-2024-8925
- Fix filter bypass in filter_var FILTER_VALIDATE_URL
  CVE-2024-5458
- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
  CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
  CVE-2024-3096

* Fri Oct 06 2023 Remi Collet <rcollet@redhat.com> - 8.0.30-1
- rebase to 8.0.30
- Resolves: RHEL-11946