-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 08 Nov 2022 12:40:37 +0100 Source: php7.4 Architecture: source Version: 7.4.33-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Changes: php7.4 (7.4.33-1+deb11u1) bullseye-security; urgency=high . * New upstream version 7.4.33 + CVE-2022-37454: buffer overflow in hash_update() on long parameter + CVE-2022-31630: OOB read due to insufficient input validation in imageloadfont() Checksums-Sha1: 96b9e4369a08dc34afa1b85721e3522677b77638 5825 php7.4_7.4.33-1+deb11u1.dsc 4d3152b2339332b4eef2c12931931d4a1245fdab 10420144 php7.4_7.4.33.orig.tar.xz 1701962351f13c1af1f29bde45eb9515747bc4ee 833 php7.4_7.4.33.orig.tar.xz.asc c62e3db45d7a688be47a4351ff085135bb8ebc24 68684 php7.4_7.4.33-1+deb11u1.debian.tar.xz ff5587e1e46337033c148e47d305c47bc1f28906 35320 php7.4_7.4.33-1+deb11u1_amd64.buildinfo Checksums-Sha256: c0ae0def44ccc2e04d4ab25248d4cc8142cdfcc254a4b7a44a8c6e727b56ce1a 5825 php7.4_7.4.33-1+deb11u1.dsc 924846abf93bc613815c55dd3f5809377813ac62a9ec4eb3778675b82a27b927 10420144 php7.4_7.4.33.orig.tar.xz 569a01c7c605a4571fdf7dfadfff4215cc4a63ea5d474c7ec92bd7b4fecfffcb 833 php7.4_7.4.33.orig.tar.xz.asc b848e074b010e38b026bd887c2a680b26031d460486c4773b80075088a9af490 68684 php7.4_7.4.33-1+deb11u1.debian.tar.xz 03bf4d58903dc449bd9b2dea21e25f8a4da8d31e461e8661d3fe7aa46aca48ca 35320 php7.4_7.4.33-1+deb11u1_amd64.buildinfo Files: a183b8b7b4de9cb73c321167ccba6661 5825 php optional php7.4_7.4.33-1+deb11u1.dsc f098632163cd47f2c1ffe2bdc6ef1ff2 10420144 php optional php7.4_7.4.33.orig.tar.xz 306dca821388f20fa55324960d82f427 833 php optional php7.4_7.4.33.orig.tar.xz.asc 2a746fc2f633bb431d4cc5dbae89d872 68684 php optional php7.4_7.4.33-1+deb11u1.debian.tar.xz 60605a37f9d43d4dfb1d2e0518105c01 35320 php optional php7.4_7.4.33-1+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmNqSe9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcLJjg/+Pb9KO5TZxic0W2OP/eoUI5n2Rw2esCl3wMaseEcYKcmCIGHkiBQGZUcJ s3xOeXEFFSpm4ZWqeb/x12CTa6gu7LiQ9uri7N2kSb5oZQnAp19z3als47Awaf9B mRpFH1PWVg2UyhJMpCdJcP9jEgtOSqeUfzMrjYV8Sv+vz5iyeTq9GenDSZPcTmLI WGrtDkCHqtB3FuPivnG+VVdxqobPGxGxUYxAKn+73C70610ykKETba65LKc+3u7E Q1SGO7zQYWRtHBaTakFQiOi81esbR0iKuCTLGmFiFC4U/85mdLY7i3A9GbOHh0XA BK3DCHcL2FMylnDO451Tr1jGyahOsLLgGbRi9j9pk5G2MkDzaF6Nhqeypz75O622 c7PoVMnuCgCW0VM7ch9sQjs3ATe1S+03OWn6aJnqaaU1FUoySTHJG1XLHIzLYWaH zGu3c5uGud8yVUcvaklUqX41Ju/xPKpRtZts38yDMzM8QlDEvK7UlrleVtV7Cqf0 yzMKYLl+t9hSRc20H0chnIFIghsIQCJZJ8mXGSAESJqs/xVHelIZrrRynDYwLk16 IYbBRREW75v7qpu7T2fzyQH3KndsvddSjMHqvEEmMS26ElhJVVvQiruXocRXSgov upenb0H3rwcBHW7nx9hmEPxPqWSY5ScikEUw+Z4y+sSgoIFSn4o= =p1nw -----END PGP SIGNATURE-----