The php-pspell package contains a dynamic shared object that will add
support for using the pspell library to PHP.
Provides
Requires
License
PHP
Changelog
* Tue May 12 2026 Remi Collet <remi@remirepo.net> - 7.3.33-20
- Fix XSS within status endpoint
CVE-2026-6735
- Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map
CVE-2026-6722
- Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION
CVE-2026-7261
- Fix Broken Apache map value NULL check
CVE-2026-7262
- Fix Signed integer overflow of char array offset
CVE-2026-7568
* Tue Feb 17 2026 Remi Collet <remi@remirepo.net> - 7.3.33-19
- Fix Heap buffer overflow in array_merge()
CVE-2025-14178
- use oracle client library version 23.26 on x86_64 and aarch64
* Wed Nov 27 2024 Remi Collet <remi@remirepo.net> - 7.3.33-18
- Fix Leak partial content of the heap through heap buffer over-read
CVE-2024-8929
* Fri Nov 22 2024 Remi Collet <remi@remirepo.net> - 7.3.33-17
- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
GHSA-4w77-75f9-2c8w
- Fix OOB access in ldap_escape
CVE-2024-8932
- Fix Integer overflow in the dblib/firebird quoter causing OOB writes
CVE-2024-11236
- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
CVE-2024-11234
- Fix Single byte overread with convert.quoted-printable-decode filter
CVE-2024-11233
* Thu Sep 26 2024 Remi Collet <remi@remirepo.net> - 7.3.33-16
- Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI
CVE-2024-4577
- Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
CVE-2024-8926
- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
CVE-2024-8927
- Fix Erroneous parsing of multipart form data
CVE-2024-8925
* Wed Jul 31 2024 Remi Collet <remi@remirepo.net> - 7.3.33-15
- use oracle client library version 23.5 on x86_64
* Tue Jun 04 2024 Remi Collet <remi@remirepo.net> - 7.3.33-14
- Fix filter bypass in filter_var FILTER_VALIDATE_URL
CVE-2024-5458
* Wed Apr 10 2024 Remi Collet <remi@remirepo.net> - 7.3.33-13
- use oracle client library version 21.13 on x86_64, 19.19 on aarch64
- Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
CVE-2024-2756
- Fix password_verify can erroneously return true opening ATO risk
CVE-2024-3096
* Thu Sep 21 2023 Remi Collet <remi@remirepo.net> - 7.3.33-12
- use oracle client library version 21.11 on x86_64, 19.19 on aarch64
- use official Oracle Instant Client RPM
* Tue Aug 01 2023 Remi Collet <remi@remirepo.net> - 7.3.33-11
- Fix Security issue with external entity loading in XML without enabling it
GHSA-3qrf-m4j2-pcrr CVE-2023-3823
- Fix Buffer mismanagement in phar_dir_read()
GHSA-jqcx-ccgc-xwhv CVE-2023-3824
- move httpd/nginx wants directive to config files in /etc
* Tue Jun 20 2023 Remi Collet <remi@remirepo.net> - 7.3.33-10
- fix possible buffer overflow in date
* Wed Jun 07 2023 Remi Collet <remi@remirepo.net> - 7.3.33-9
- Fix Missing error check and insufficient random bytes in HTTP Digest
authentication for SOAP
GHSA-76gg-c692-v2mw CVE-2023-3247
- use oracle client library version 21.10
- define __phpize and __phpconfig
* Tue Feb 14 2023 Remi Collet <remi@remirepo.net> - 7.3.33-8
- fix #81744: Password_verify() always return true with some hash
CVE-2023-0567
- fix #81746: 1-byte array overrun in common path resolve code
CVE-2023-0568
- fix DOS vulnerability when parsing multipart request body
CVE-2023-0662
- add dependency on pcre2 minimal version
* Mon Dec 19 2022 Remi Collet <remi@remirepo.net> - 7.3.33-7
- pdo: fix #81740: PDO::quote() may return unquoted string
CVE-2022-31631
- use oracle client library version 21.8
* Mon Oct 24 2022 Remi Collet <remi@remirepo.net> - 7.3.33-6
- hash: fix #81738: buffer overflow in hash_update() on long parameter.
CVE-2022-37454
* Tue Sep 2