-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 12 Apr 2024 00:07:45 +0200 Source: php8.2 Architecture: source Version: 8.2.18-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Changes: php8.2 (8.2.18-1~deb12u1) bookworm-security; urgency=high . * New upstream version 8.2.18 + CVE-2024-1874: Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). + CVE-2024-2756: Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). + CVE-2024-3096: Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). Checksums-Sha1: 86c6438c71d33925cdb2574d525fc39359bdea69 5726 php8.2_8.2.18-1~deb12u1.dsc 7fbc6abd72661a8551de777606304f70d08ad3a5 12089400 php8.2_8.2.18.orig.tar.xz ee8f9f0c99a8c9d84ab158c4c2651cd9906b39c6 858 php8.2_8.2.18.orig.tar.xz.asc f859589bd90ad4b48a0ba153480371e29833a40a 69652 php8.2_8.2.18-1~deb12u1.debian.tar.xz cc0b5506bd3c121b20a7de0f6baa2fe0a18ca1eb 34460 php8.2_8.2.18-1~deb12u1_amd64.buildinfo Checksums-Sha256: 1c3e63e83b3bb4e059f94b1a1d577ae11b74ed8c2254a7a7de7e90ca4f472cab 5726 php8.2_8.2.18-1~deb12u1.dsc 44b306fc021e56441f691da6c3108788bd9e450f293b3bc70fcd64b08dd41a50 12089400 php8.2_8.2.18.orig.tar.xz bba546e9d809e955a141548562519d6e5ce38b2c3b00f744ba0ed7347e1dea0d 858 php8.2_8.2.18.orig.tar.xz.asc d42d0690dfff58c13da7b92b358e674df32e64cd892a2666bf749c0330a92c4e 69652 php8.2_8.2.18-1~deb12u1.debian.tar.xz 3a1ef7a80d831db7bfb8e3f7cc0805d4d6a28fb5b4a15ea386b668f062349e9d 34460 php8.2_8.2.18-1~deb12u1_amd64.buildinfo Files: c627c17896a399d8ac91e073fc1f2ae3 5726 php optional php8.2_8.2.18-1~deb12u1.dsc dc3afc0addb388cf9caf380488b6a689 12089400 php optional php8.2_8.2.18.orig.tar.xz 4ade57aab2c40594a52e3956b158b1c1 858 php optional php8.2_8.2.18.orig.tar.xz.asc 84201327e71a40a50190783837447f65 69652 php optional php8.2_8.2.18-1~deb12u1.debian.tar.xz 50b7e376576794777e7ed44d840110e9 34460 php optional php8.2_8.2.18-1~deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmYYd7dfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcLPZw/+KbtBfElXOImuATOjRmzAdzItYlfRVfG5rIRXnAC7I408SPoAnf0HhjE7 piBKhovhbb7DU9Ytret7/oeiAe9VQTyTwVq+tBUPsPinYV1C/2QRUcuuSB6C00oi A3nNvCXAgD4bPBufsfmhlYM1aY0i0d+Kfdre63CkYwl7iFfRaXqzOesTkhX4nG9O p+Fzf8y+37IVGFwm+WlAV3jI6L97p/YQ7msvLKYGLjaO3r/7M7xyfRGT5l4ARZHN 9TIx1hG/uiu5qagSFQ7L5KnHpLdm1LUbbpppZQyoD5jNNfGvZecban0TuMQw6MeI atXqR/lIFuN+RjrD6XZ3aTF5VizLGJ7hFmhwKlqwae0xV6blnI90ZdMQXvOpBmh3 BOApYV+0RXH1jayWRfw8dNYl5i03It05Lgf7BAMDWeh/E2QOumLVUfGmqN/H835n 8YLceTxmnWXWjjoIeFqe5c4WuDPViX7KyUZ5QqQQKlXSaTMa9DBeODYIdvmkXbhH dRztDfNqYyVom9xbw/WJIALEgJXyPNbI6Rm9ShOS9wgXpp0oRTbTvu5pDIkKe2HM 9CH5dsoqL6QXiXEpiecRnDyMDtC9zo9b4DcgDAa9umJWm0fB1xhFULQLj3zzQqEv gilw6fLx3FW+RsIiww17aq9q6T4RVNfzFxyJQISKBVDKKL7v1aU= =nbfJ -----END PGP SIGNATURE-----