Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted php7.0 7.0.33-0+deb9u11 (source) into oldstable
Date: Thu, 15 Jul 2021 08:40:13 +0000
Signed by: Sylvain Beucler <beuc@beuc.net>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 12 Jul 2021 20:15:58 +0200
Source: php7.0
Binary: libapache2-mod-php7.0 libphp7.0-embed php7.0 php7.0-cgi php7.0-cli php7.0-dev php7.0-fpm php7.0-phpdbg php7.0-xsl php7.0-intl php7.0-odbc php7.0-readline php7.0-recode php7.0-common php7.0-sqlite3 php7.0-xml php7.0-sybase php7.0-gd php7.0-mcrypt php7.0-zip php7.0-interbase php7.0-tidy php7.0-mysql php7.0-snmp php7.0-curl php7.0-json php7.0-pgsql php7.0-mbstring php7.0-enchant php7.0-opcache php7.0-imap php7.0-gmp php7.0-bcmath php7.0-soap php7.0-dba php7.0-xmlrpc php7.0-pspell php7.0-bz2 php7.0-ldap
Architecture: source
Version: 7.0.33-0+deb9u11
Distribution: stretch-security
Urgency: high
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 libapache2-mod-php7.0 - server-side, HTML-embedded scripting language (Apache 2 module)
 libphp7.0-embed - HTML-embedded scripting language (Embedded SAPI library)
 php7.0     - server-side, HTML-embedded scripting language (metapackage)
 php7.0-bcmath - Bcmath module for PHP
 php7.0-bz2 - bzip2 module for PHP
 php7.0-cgi - server-side, HTML-embedded scripting language (CGI binary)
 php7.0-cli - command-line interpreter for the PHP scripting language
 php7.0-common - documentation, examples and common module for PHP
 php7.0-curl - CURL module for PHP
 php7.0-dba - DBA module for PHP
 php7.0-dev - Files for PHP7.0 module development
 php7.0-enchant - Enchant module for PHP
 php7.0-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary)
 php7.0-gd  - GD module for PHP
 php7.0-gmp - GMP module for PHP
 php7.0-imap - IMAP module for PHP
 php7.0-interbase - Interbase module for PHP
 php7.0-intl - Internationalisation module for PHP
 php7.0-json - JSON module for PHP
 php7.0-ldap - LDAP module for PHP
 php7.0-mbstring - MBSTRING module for PHP
 php7.0-mcrypt - libmcrypt module for PHP
 php7.0-mysql - MySQL module for PHP
 php7.0-odbc - ODBC module for PHP
 php7.0-opcache - Zend OpCache module for PHP
 php7.0-pgsql - PostgreSQL module for PHP
 php7.0-phpdbg - server-side, HTML-embedded scripting language (PHPDBG binary)
 php7.0-pspell - pspell module for PHP
 php7.0-readline - readline module for PHP
 php7.0-recode - recode module for PHP
 php7.0-snmp - SNMP module for PHP
 php7.0-soap - SOAP module for PHP
 php7.0-sqlite3 - SQLite3 module for PHP
 php7.0-sybase - Sybase module for PHP
 php7.0-tidy - tidy module for PHP
 php7.0-xml - DOM, SimpleXML, WDDX, XML, and XSL module for PHP
 php7.0-xmlrpc - XMLRPC-EPI module for PHP
 php7.0-xsl - XSL module for PHP (dummy)
 php7.0-zip - Zip module for PHP
Closes: 991008
Changes:
 php7.0 (7.0.33-0+deb9u11) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * Fix CGI test suite (Closes: #991008).
   * CVE-2019-18218: fileinfo: cdf_read_property_info in cdf.c does not
     restrict the number of CDF_VECTOR elements, which allows a heap-based
     buffer overflow (4-byte out-of-bounds write).
   * CVE-2020-7071: when validating URL with functions like
     filter_var($url, FILTER_VALIDATE_URL), PHP will accept an URL with
     invalid password as valid URL. This may lead to functions that rely on
     URL being valid to mis-parse the URL and produce wrong data as
     components of the URL.
   * CVE-2021-21702: when using SOAP extension to connect to a SOAP server,
     a malicious SOAP server could return malformed XML data as a response
     that would cause PHP to access a null pointer and thus cause a crash.
   * Backport Firebird test server.
   * CVE-2021-21704: multiple firebird issues.
   * CVE-2021-21705: SSRF bypass in FILTER_VALIDATE_URL.
Checksums-Sha1:
 70e0aa32b969984d336573603a9eb01d54418369 5667 php7.0_7.0.33-0+deb9u11.dsc
 11e51f1c3c053e6713ac7f205f06d173f924935e 846024 php7.0_7.0.33-0+deb9u11.debian.tar.xz
 c85dc9f712c89e633de0089b85b9c7c3d9b76855 35539 php7.0_7.0.33-0+deb9u11_amd64.buildinfo
Checksums-Sha256:
 8262ebb19b4c98e071def97d49c87eaf3ed287e2b20a05946c1510ba4008a30b 5667 php7.0_7.0.33-0+deb9u11.dsc
 36f26dba57eaa27985d1dee315be32d45985c2d52f19d8e0770b6dd76261469a 846024 php7.0_7.0.33-0+deb9u11.debian.tar.xz
 0084169459d07bf3f51732a0d39607a6f0ceaea2a217c10080b663d9cd115319 35539 php7.0_7.0.33-0+deb9u11_amd64.buildinfo
Files:
 07bb56e589cb4919b4f5b0de2e93c098 5667 php optional php7.0_7.0.33-0+deb9u11.dsc
 8e148ddd62414828bfd69b30bc6512a3 846024 php optional php7.0_7.0.33-0+deb9u11.debian.tar.xz
 ab890990074a2815ada0399b9ba96c3e 35539 php optional php7.0_7.0.33-0+deb9u11_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmDv7zoACgkQDTl9HeUl
XjD9ww/+LvPQyD1GE9OrcNNjYR/FDwqKT212dAoZZgeuxSQXYg0X1NewjfqCo1TS
2QvcGMg1l4gj5p1IRkuWLH0DLci+/njzkg3F80em9yscG1Znw0a3MKQ1fTvnyhx3
Z6ksHc4PndNuWH9l9Nqz/FbVx8u70bQ94mKlP6NjclGNg6FdOnhUnT42N8gQCoCk
xBXH/Ti2nzVq5DEE/JlcgqQ2jCYCT7mXQa2PCwcw2XH9FroEocGVY+9O24JqrVAs
eWhNpa1SB1rDlOSp5XwDoA/zD0iZxrcIKKs4cu8qPOOM2my8LIrNN3TjOW4NYdcc
fKXbPC3GYJQA5TfYnJJ3E/gIj2be1nSVh8sChBViYZi5JbJHBqrnP3K5ZQxiw3cI
8mztQgy2Q2ihxDvAngLqAf/428X8XQqPZnZapzNQdTh/qOVNk9uIle3pDhampjp0
8gT6bPMfAg2rJxGajyRQxux+Tqm+LYmOUKuo7JjKWT0n+gfGodbuJ5S9+V12dL8f
5bTUPR1kt5beFKObpivwrimdBwzQeXqJqXl8MNny1Exxf23xGp6YFBBU4BOZnBHY
yHAVmQ45hYs6/rm4B028rzizyuQfSMV4TplXDzuerRfwr9ADurm6NRK7LcP3jNsn
6gyxYWAYhG3LBXRYDfFefjtRra6Ns2g61iqo9FcB8ZbUzG2exkw=
=kph3
-----END PGP SIGNATURE-----
News for package php7.0
