Description
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | =7.4.21-1+deb11u1 || =7.4.25-1+deb11u1 || =7.4.26-1 || =7.4.28-1+deb11u1 || =7.4.30-1+deb11u1 || =7.4.33-1+deb11u1 || =7.4.33-1+deb11u3 || =7.4.33-1+deb11u4 || >=0 <7.4.33-1+deb11u5 | 7.4.33-1+deb11u5 |
debian 12 | | =8.2.10-1 || =8.2.10-2 || =8.2.12-1 || =8.2.16-1 || =8.2.16-2 || =8.2.17-1 || =8.2.5-2 || =8.2.7-1 || =8.2.7-1.1 || =8.2.7-1.2 || =8.2.7-1~deb12u1 || >=0 <8.2.18-1~deb12u1 | 8.2.18-1~deb12u1 |
 rpm rhel8 | | <0:7.4.33-2.module+el8.10.0+22485+a3539972 | 0:7.4.33-2.module+el8.10.0+22485+a3539972 |
rpm rhel6 | | - | - |
rpm rhel9 | | | 0:8.0.30-2.el9 |
rpm rhel7 | | - | - |
