CVE-2020-7063

Priority
Description
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below
7.4.3, when creating PHAR archive using PharData::buildFromIterator()
function, the files are added with default permissions (0666, or all
access) even if the original files on the filesystem were with more
restrictive permissions. This may result in files having more lax
permissions than intended when such archive is extracted.
Assigned-to
leosilva
Notes
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (5.3.10-1ubuntu3.45)
Ubuntu 14.04 ESM (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.29+esm11)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upsteam:https://github.com/microsoft/php-src/commit/ed163ca242932e7f60467fb32ec00166f4318a40#diff-0bdf3ed2441587a6ad661bca6c7e7c93
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (7.0.33-0ubuntu0.16.04.14)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (7.2.24-0ubuntu0.18.04.4)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (7.3.15-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):released (7.3.11-0ubuntu0.19.10.4)
Ubuntu 20.04 (Focal Fossa):DNE
Package
Upstream:released (7.4.3-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):not-affected (7.4.3-4build1)
More Information

Updated: 2020-04-16 13:15:34 UTC (commit 0a573a6c05e2268f7fdfec01b2a42815f1b95641)