Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted php7.3 7.3.31-1~deb10u3 (source) into oldstable
Date: Sun, 26 Feb 2023 19:50:21 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 26 Feb 2023 14:00:55 +0100
Source: php7.3
Architecture: source
Version: 7.3.31-1~deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1031368
Changes:
 php7.3 (7.3.31-1~deb10u3) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2022-31631: Uncaught integer overflow.
   * CVE-2023-0567: Malformatted BCrypt hashes that include a `$` within their
     salt part trigger a buffer overread and may erroneously validate any
     password as valid (closes: #1031368).
   * CVE-2023-0568: 1-byte array overrun in common path resolve code (closes:
     #1031368).
   * CVE-2023-0662: DoS vulnerability when parsing multipart request body
     (closes: #1031368).
Checksums-Sha1:
 9ab3569f07ec12c1accda90df3f49b2c73528665 5867 php7.3_7.3.31-1~deb10u3.dsc
 3bacd2d5cf46598d7f935a3e4aa9de57d7794582 78788 php7.3_7.3.31-1~deb10u3.debian.tar.xz
 2ee7e96db893ce21a606ae122a4a32d21c72ff85 35708 php7.3_7.3.31-1~deb10u3_amd64.buildinfo
Checksums-Sha256:
 8334c31f03d29a7016141cb168d7643abe3ea1068e6e54a42b051ab3ebc238bc 5867 php7.3_7.3.31-1~deb10u3.dsc
 5840abe340e7241c588f7c2465dbdf76ae4ee4796a60b2be799eee5583216082 78788 php7.3_7.3.31-1~deb10u3.debian.tar.xz
 6a121b87ceea63f40bc85cfb6f50f521d28b83b4802cd9a2aae4625cea5c807a 35708 php7.3_7.3.31-1~deb10u3_amd64.buildinfo
Files:
 b2a709b0213ba14aa5def512f966dfc7 5867 php optional php7.3_7.3.31-1~deb10u3.dsc
 c96c7f74f13256c4d9cfe4cfacbbd121 78788 php optional php7.3_7.3.31-1~deb10u3.debian.tar.xz
 13158b878a07ba41e5b37af95a412f83 35708 php optional php7.3_7.3.31-1~deb10u3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmP7dTIACgkQ05pJnDwh
pVIAYQ//XJxOvvPhWc2DKddfctZd/o/UUnfkn5XcfBCG1Gt/s5XcGn+krlujnPAH
aWXH/00u9lSCTWAlGt07haTapiz7KYnAt6cIAQ6x0sPoKmmM9NNSNmPJGQYZmq8W
HC1zSPF+96IyYn7+ywlSoNBNj+6vxh3SKe99YCgy4IGNrp3diHirg2hBoq8zmpdn
qPP5IVzWNDXpYB5BnCyFlNG6RgjrYUefa1n/IwywMghlyL0TgwKmbGcg6q93D4l3
gtEAuH39EqUwb7wwNXYJkF3+ARaZHQb04RvRcX/MGsdaUBqQrc7T2vz5Tv+tUlNl
qDoIeq/7TT3N7vV8pELRzKgEPasWDaNMhqeiGCFFwzmqjd/gzlvTw6dZOtLJGIAs
Xr/CX6TUnvoBua90pA7TkRZJjA53rKEnBEkCkcbqHjvkTVyADUgPrC+5t1fOJEQZ
MiuVatoYyziZoMm6b6BZFOsScjjvpkNx/QhwXjXmiNfn3yyhcnd8E/Cet4wqKdSV
PyZDNhJA1mRcKZCdJ+RBawwcqciF3rmwLVE7wLU4CGV0or0tXvp2nqy7GwyokYRM
N24hwmP1UBUg3KbDp7nbJYmauRA1xaw/cNhYfjtSrpnmm6vTtRdWXYtwxkdNBVkv
9+VLxeUcNfO641U3YRxEAMYhE7hMOUI8VkXJ58XdYxrF1bzOZgk=
=FiPQ
-----END PGP SIGNATURE-----

News for package php7.3