CVE-2019-11043

Question

CVE-2019-11043

nota-ja opened this issue 5 years ago · 5 comments

CVE-2019-11043 has been released on 28 Oct. With the released document, it seems highly critical vulnerability.

As of my installation trial of today (2019-11-05), the latest (0.9.0) image of this repository seems using php / php-fpm version 7.3.9-1deb10u1, thus it is vulnerable to the CVE.

Do you have any plan to upgrade PHP and PHP-FPM in the near future?

Answer 1 · 2019-11-05T20:36:52.000Z

Hello,
The lastest release have been rebuild. The packages may have been updated. Could you please check and let me know ?

Thanks

Answer 2 · 2019-11-06T01:14:38.000Z

Thank you for the quick response.
I'll check it.

Answer 3 · 2019-11-06T01:24:09.000Z

$ docker exec -it phpldapadmin-service /bin/bash
root@phpldapadmin-service:/# php -v
PHP 7.3.11-1~deb10u1 (cli) (built: Oct 26 2019 14:14:18) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.11, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.11-1~deb10u1, Copyright (c) 1999-2018, by Zend Technologies
root@phpldapadmin-service:/# /usr/sbin/php-fpm7.3 --version
PHP 7.3.11-1~deb10u1 (fpm-fcgi) (built: Oct 26 2019 14:14:18)
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.11, Copyright (c) 1998-2018 Zend Technologies
    with Zend OPcache v7.3.11-1~deb10u1, Copyright (c) 1999-2018, by Zend Technologies

It seems OK. Thank you very much!

May I close this issue, or leave it you to do so?

Answer 4 · 2019-11-06T08:29:54.000Z

thanks
you can close the issue :)

Answer 5 · 2019-11-08T03:09:41.000Z

OK, and Thank you.