{"id":"MGASA-2019-0253","summary":"Updated php packages fix security vulnerabilities","details":"Updated php packages fix security vulnerabilities:\n\nA use-after-free in onig_new_deluxe() in regext.c in the bundled\nOniguruma allows attackers to potentially cause information disclosure,\ndenial of service, or possibly code execution by providing a crafted\nregular expression (CVE-2019-13224).\n\nA NULL Pointer Dereference in match_at() in regexec.c in the bundled\nOniguruma allows attackers to potentially cause denial of service by\nproviding a crafted regular expression (CVE-2019-13225).\n\nFor other fixes in this update, see the referenced changelog.\n","modified":"2026-02-02T05:24:54.156416Z","published":"2019-09-06T21:09:08Z","related":["CVE-2019-13224","CVE-2019-13225"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0253.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=25380"},{"type":"REPORT","url":"https://www.php.net/ChangeLog-7.php#PHP_7_3_9"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.3.9-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0253.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}