| Index | index by Group | index by Distribution | index by Vendor | index by creation date | index by Name | Mirrors | Help | Search | 
| Name: php-xml | Distribution: Unknown | 
| Version: 7.4.33 | Vendor: Remi's RPM repository <https://rpms.remirepo.net/> #StandWithUkraine | 
| Release: 23.el9.remi | Build date: Tue Mar 18 07:45:26 2025 | 
| Group: Development/Languages | Build host: builder2.remirepo.net | 
| Size: 550702 | Source RPM: php-7.4.33-23.el9.remi.src.rpm | 
| Packager: Remi Collet | |
| Url: http://www.php.net/ | |
| Summary: A module for PHP applications which use XML | |
The php-xml package contains dynamic shared objects which add support to PHP for manipulating XML documents using the DOM tree, and performing XSL transformations on XML documents.
PHP
* Mon Mar 17 2025 Remi Collet <remi@remirepo.net> - 7.4.33-23
  - Fix libxml streams use wrong `content-type` header when requesting a redirected resource
    CVE-2025-1219
  - Fix Stream HTTP wrapper header check might omit basic auth header
    CVE-2025-1736
  - Fix Stream HTTP wrapper truncate redirect location to 1024 bytes
    CVE-2025-1861
  - Fix Streams HTTP wrapper does not fail for headers without colon
    CVE-2025-1734
  - Fix Header parser of `http` stream wrapper does not handle folded headers
    CVE-2025-1217
  - use oracle client library version 23.7 on x86_64 and aarch64
* Thu Feb 13 2025 Remi Collet <remi@remirepo.net> - 7.4.33-22
  - backport fix for ICU 74+
  - backport fix strict prototypes
* Wed Nov 27 2024 Remi Collet <remi@remirepo.net> - 7.4.33-21
  - Fix Leak partial content of the heap through heap buffer over-read
    CVE-2024-8929
* Fri Nov 22 2024 Remi Collet <remi@remirepo.net> - 7.4.33-20
  - Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
    GHSA-4w77-75f9-2c8w
  - Fix OOB access in ldap_escape
    CVE-2024-8932
  - Fix Integer overflow in the dblib/firebird quoter causing OOB writes
    CVE-2024-11236
  - Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
    CVE-2024-11234
  - Fix Single byte overread with convert.quoted-printable-decode filter
    CVE-2024-11233
* Fri Nov 15 2024 Remi Collet <remi@remirepo.net> - 7.4.33-19
  - disable firebird on EL-10
* Thu Sep 26 2024 Remi Collet <remi@remirepo.net> - 7.4.33-18
  - Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI
    CVE-2024-4577
  - Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
    CVE-2024-8926
  - Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
    CVE-2024-8927
  - Fix Logs from childrens may be altered
    CVE-2024-9026
  - Fix Erroneous parsing of multipart form data
    CVE-2024-8925
  - use ICU 74.2
* Mon Aug 26 2024 Remi Collet <remi@remirepo.net> - 7.4.33-17
  - add backport for https://bugs.php.net/79589
    error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading
* Wed Jul 31 2024 Remi Collet <remi@remirepo.net> - 7.4.33-16
  - use oracle client library version 23.5 on x86_64
* Tue Jun 04 2024 Remi Collet <remi@remirepo.net> - 7.4.33-15
  - Fix filter bypass in filter_var FILTER_VALIDATE_URL
    CVE-2024-5458
* Wed Apr 10 2024 Remi Collet <remi@remirepo.net> - 7.4.33-14
  - Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
    CVE-2024-2756
  - Fix password_verify can erroneously return true opening ATO risk
    CVE-2024-3096
* Wed Mar 06 2024 Remi Collet <remi@remirepo.net> - 7.4.33-13
  - patch test suite for zlib-ng
* Mon Feb 19 2024 Remi Collet <remi@remirepo.net> - 7.4.33-12
  - more build patch for GCC 14
* Wed Feb 14 2024 Remi Collet <remi@remirepo.net> - 7.4.33-11
  - add build patch for GCC 14
  - use oracle client library version 21.13 on x86_64
* Tue Dec 12 2023 Remi Collet <remi@remirepo.net> - 7.4.33-10
  - use ICU 73.2
  - use oracle client library version 21.12 on x86_64, 19.19 on aarch64
  - add fixes for libxml 2.11 and 2.12 from 8.1
* Thu Sep 21 2023 Remi Collet <remi@remirepo.net> - 7.4.33-9
  - use oracle client library version 21.11 on x86_64, 19.19 on aarch64
  - use official Oracle Instant Client RPM
* Tue Aug 01 2023 Remi Collet <remi@remirepo.net> - 7.4.33-8
  - Fix Security issue with external entity loading in XML without enabling it
    GHSA-3qrf-m4j2-pcrr CVE-2023-3823
  - Fix Buffer mismanagement in phar_dir_read()
    GHSA-jqcx-ccgc-xwhv CVE-2023-3824
  - move httpd/nginx wants directive to config files in /etc
* Tue Jun 06 2023 Remi Collet <remi@remirepo.net> - 7.4.33-7
  - Fix Missing error check and insufficient random bytes in HTTP Digest
    authentication for SOAP
    GHSA-76gg-c692-v2mw CVE-2023-3247
* Fri Apr 14 2023 Remi Collet <remi@remirepo.net> - 7.4.33-6
  - use ICU 72.1
  - use oracle client library version 21.10
  - fix possible buffer overflow in date
  - define %__phpize and %__phpconfig
/etc/php.d/20-dom.ini /etc/php.d/20-simplexml.ini /etc/php.d/20-xml.ini /etc/php.d/20-xmlwriter.ini /etc/php.d/20-xsl.ini /etc/php.d/30-xmlreader.ini /usr/lib/.build-id /usr/lib/.build-id/02 /usr/lib/.build-id/02/f690ed32a3f94f2be300a12f42a5e2531adb0b /usr/lib/.build-id/32 /usr/lib/.build-id/32/9e8cf2eaa357e6659e03c03770a3e2540e87fd /usr/lib/.build-id/45 /usr/lib/.build-id/45/bae0fca46a9aed4826250c83a84ebe954df760 /usr/lib/.build-id/97 /usr/lib/.build-id/97/9c7f75c909b2d36b459dad90bd18c0cbbb5c31 /usr/lib/.build-id/e9/e68495df3bd8e1a417952251fc128be4908441 /usr/lib/.build-id/fe /usr/lib/.build-id/fe/721ebf3c873cb250ef8a0a3c3d5d99b0750953 /usr/lib64/php/modules/dom.so /usr/lib64/php/modules/simplexml.so /usr/lib64/php/modules/xml.so /usr/lib64/php/modules/xmlreader.so /usr/lib64/php/modules/xmlwriter.so /usr/lib64/php/modules/xsl.so
Generated by rpm2html 1.8.1
Fabrice Bellet, Sat Oct 25 08:50:43 2025