View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000177 | Rocky-Linux-8 | php | public | 2022-08-09 09:41 | 2022-08-09 09:41 |
| Reporter | Benedict Rosner | Assigned To | |||
| Priority | normal | Severity | tweak | Reproducibility | always |
| Status | new | Resolution | open | ||
| Summary | 0000177: php-7.4 - yum updateinfo shows RLSA-2022:5467 even tho patch is merged | ||||
| Description | yum updateinfo --list gives me the following list: Last metadata expiration check: 3:09:04 ago on Tue 09 Aug 2022 07:04:44 AM CEST. RLSA-2022:5467 Important/Sec. php-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64 RLSA-2022:5467 Important/Sec. php-cli-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64 RLSA-2022:5467 Important/Sec. php-common-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64 RLSA-2022:5467 Important/Sec. php-fpm-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64 RLSA-2022:5467 Important/Sec. php-gd-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64 RLSA-2022:5467 Important/Sec. php-ldap-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64 RLSA-2022:5467 Important/Sec. php-mbstring-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64 RLSA-2022:5467 Important/Sec. php-opcache-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64 RLSA-2022:5467 Important/Sec. php-pdo-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64 RLSA-2022:5467 Important/Sec. php-xml-8.0.13-3.module+el8.6.0+989+3fbff15c.x86_64 You can see that the patch was included in the changelog: yum changelog php Last metadata expiration check: 0:00:05 ago on Tue 09 Aug 2022 11:24:55 AM CEST. Listing all changelogs Changelogs for php-7.4.19-3.module+el8.6.0+990+389ef54a.x86_64 * Wed Jun 22 12:00:00 AM 2022 Remi Collet <rcollet@redhat.com> - 7.4.19-3 - fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626 ... https://errata.rockylinux.org/RLSA-2022:5467 shows the installed version to be affected: php-7.4.19-3.module+el8.6.0+990+389ef54a.x86_64.rpm | ||||
| Steps To Reproduce | install php-7.4 module run yum update check with yum updateinfo --list this will show a couple of critical patches | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2022-08-09 09:41 | Benedict Rosner | New Issue |
