{"id":"MGASA-2020-0119","summary":"Updated php packages fix bugs and security vulnerabilities","details":"Updated php packages fix bugs and security vulnerabilities:\n\nCore:\n- Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*'\n  not supported).\n- Fixed bug #79146 (cscript can fail to run on some systems).\n- Fixed bug #78323 (Code 0 is returned on invalid options).\n- Fixed bug #76047 (Use-after-free when accessing already destructed\n  backtrace arguments).\nCURL:\n- Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).\nIntl:\n- Fixed bug #79212 (NumberFormatter::format() may detect wrong type).\nLibxml:\n- Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).\nMBString:\n- Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding).\nMySQLnd:\n- Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).\nOpenSSL:\n- Fixed bug #79145 (openssl memory leak).\nPhar:\n- Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have\n  all-access permissions). (CVE-2020-7063)\n- Fixed bug #79171 (heap-buffer-overflow in phar_extract_file).\n  (CVE-2020-7061)\n- Fixed bug #76584 (PharFileInfo::decompress not working).\nReflection:\n- Fixed bug #79115 (ReflectionClass::isCloneable call reflected class\n  __destruct).\nSession:\n- Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload\n  Progress). (CVE-2020-7062)\nSPL:\n- Fixed bug #79151 (heap use after free caused by\n  spl_dllist_it_helper_move_forward).\nStandard:\n- Fixed bug #78902 (Memory leak when using stream_filter_append).\nXSL:\n- Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).\n","modified":"2026-01-30T22:49:07.829843Z","published":"2020-03-06T16:13:58Z","related":["CVE-2020-7061","CVE-2020-7062","CVE-2020-7063"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0119.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26234"},{"type":"REPORT","url":"https://www.php.net/ChangeLog-7.php#7.3.15"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"7.3.15-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0119.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}