Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted php7.4 7.4.28-1+deb11u1 (source) into stable-security->embargoed, stable-security
Date: Fri, 18 Feb 2022 18:53:30 +0000
Signed by: Ondřej Surý <ondrej@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 17 Feb 2022 17:17:19 +0100
Source: php7.4
Architecture: source
Version: 7.4.28-1+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Changes:
 php7.4 (7.4.28-1+deb11u1) bullseye-security; urgency=high
 .
   * New upstream version 7.4.28
    + CVE-2021-21708: UAF due to php_filter_float() failing for ints
   * New upstream version 7.4.26
    + CVE-2021-21707: special character is breaking the path in xml
      function
Checksums-Sha1:
 dea564279475f98047dec36e4636b6e608750cc3 5825 php7.4_7.4.28-1+deb11u1.dsc
 5bfd4f8f2ee0a8432268a98a37e07db1761e95ab 10418352 php7.4_7.4.28.orig.tar.xz
 4cab13ff741197f9b07fe5f76a8ba2e9a9875ccd 833 php7.4_7.4.28.orig.tar.xz.asc
 0b691d089b926c56c038e5c0a48a6c4ab6ca7e5b 68540 php7.4_7.4.28-1+deb11u1.debian.tar.xz
 671607e9dddae58728d66a2fce6fd22877b2d0db 34994 php7.4_7.4.28-1+deb11u1_amd64.buildinfo
Checksums-Sha256:
 6cdcb63539da27586c1331c60fac70394ac21465c9d2aaa3f8e54623402675f5 5825 php7.4_7.4.28-1+deb11u1.dsc
 9cc3b6f6217b60582f78566b3814532c4b71d517876c25013ae51811e65d8fce 10418352 php7.4_7.4.28.orig.tar.xz
 5c6d8adb78332976c415eef34f692db4560d2fb1525f9fb3dff9643799b97e9a 833 php7.4_7.4.28.orig.tar.xz.asc
 347563dcfa17e0c1ae2f292f1838fb97900b93fed7b6b6b15bce2de8befff63f 68540 php7.4_7.4.28-1+deb11u1.debian.tar.xz
 a5b59a2d4d1b1865e278cea1d781d5e6dea49a829eab87e010319e16484c4bb7 34994 php7.4_7.4.28-1+deb11u1_amd64.buildinfo
Files:
 4f1d532fb395e25248644532cddfd5ad 5825 php optional php7.4_7.4.28-1+deb11u1.dsc
 ca4f40f41d028465bc810c007c3ed935 10418352 php optional php7.4_7.4.28.orig.tar.xz
 5727068ecd4e2dfcfa80fb97e9e43bf0 833 php optional php7.4_7.4.28.orig.tar.xz.asc
 58f54980fc76f6332f70913d8e4cc6f0 68540 php optional php7.4_7.4.28-1+deb11u1.debian.tar.xz
 e4b49564b85aa970c4f4f57fe1c8c15a 34994 php optional php7.4_7.4.28-1+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmIOtY5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz
NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u
WcJZ7A/7Byr/SqaMzKVmzIqFnSESAMmSBuaIAic01vJQIXBQtUCcWMGDSD5XFyth
6lTFmp/cMv2FBI/P4Aq40zaiBTSxeTt4xvMJ2qIK9aODwqXVclwyDhZXkci1O0J7
6W7YZOYgHL+dWPXhmGZMtchrydw3yCxSSjcTpTxCrjD/9NwRgxL9Z8KccIMaODpp
/JPv29NtR76XmVtulbLwlC+sl9C8wuxTX5rQWtZ0zXE9xu4gUdaIFbUlcxxveyg3
kErjVV1imis3E+eOJuvLIT2RZvyt7I9ZU04tc03E/8GwzIG1S3T6HiwaakMNWqOl
RhW2+TSmBg/KjsWwGzzkNTKGdMKDXSDI1EJ4Upqj2MPjzyJ3wM2flMB3SXcriwPD
+GMRRCz7h8G9pGgskW/L24KAplhLDa/ft9+5EFGDfyu2zhKNPXNP9aGCUIHNe+B1
69g6cNPeC8XC5qS6aU75NLI/7qgg0WRcQUsWXOR55VJKxaShwcXUCf3Pij2mCz01
59wVvlogFqccOuT1yZaW3JbU7P+Rg63VpcRc0jjCNCg4t39gTkbigE5I+kTF6miq
xDnwHA0DTllWW8v2Jm9h/yBd5J20fbOm/muFVvvcmypkKi44wK22uxCprjLfuYEc
Yw+DQikjNC/yb4rM+TmQXKiGlFhdSBzs8JOXs5RkNzkcv8Gf9fw=
=vtD3
-----END PGP SIGNATURE-----
News for package php7.4
