BIT-PHP-2020-7063 Files added to tar with Phar::buildFromIterator have all-access permissions

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator function, the files are added with default permissions 0666, or all access even if the original files on the filesystem were with more restrictive permissions...

PHP 7.2.x < 7.2.28 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.28, 7.3.x prior to 7.3.15, or 7.4.x prior to 7.4.3. It is, therefore, affected by multiple vulnerabilities: - A heap buffer overflow exists in pharextractfile. CVE-2020-7061 - A null pointer dereference...

Security fix for the ALT Linux 8 package php7 version 7.2.28-alt1

7.2.28-alt1 built Feb. 25, 2020 Anton Farygin in task 246730 Feb. 20, 2020 Anton Farygin - 7.2.28 Fixes: CVE-2020-7062, CVE-2020-7063...