Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted php7.3 7.3.31-1~deb10u7 (source) into oldoldstable
Date: Tue, 18 Jun 2024 07:10:20 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 17 Jun 2024 23:48:38 +0200
Source: php7.3
Architecture: source
Version: 7.3.31-1~deb10u7
Distribution: buster-security
Urgency: high
Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Changes:
 php7.3 (7.3.31-1~deb10u7) buster-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2024-5458:
     Due to a code logic error, filtering functions such as filter_var when
     validating URLs (FILTER_VALIDATE_URL) for certain types of URLs the
     function will result in invalid user information (username + password part
     of URLs) being treated as valid user information. This may lead to the
     downstream code accepting invalid URLs as valid and parsing them
     incorrectly. The problem is related to CVE-2020-7071, but affects IPv6 host
     parts.
Checksums-Sha1:
 9a02746ba263cff35adc9d0f618390503d210177 5774 php7.3_7.3.31-1~deb10u7.dsc
 72a709063f13e4639729ebad27e937b885e99df9 88240 php7.3_7.3.31-1~deb10u7.debian.tar.xz
 b8c6a5a0583f27a9689713fdca2713ff4febdf1c 14665 php7.3_7.3.31-1~deb10u7_source.buildinfo
Checksums-Sha256:
 73980a331e35057b5325b3fb5f85d616286f603122ff5fce2a9dd8a8cd53fbe5 5774 php7.3_7.3.31-1~deb10u7.dsc
 54a61d282eee61599400be8cf7eb8eff3474ad8be20e84ba22aa9d80fef3907a 88240 php7.3_7.3.31-1~deb10u7.debian.tar.xz
 b2fdc7ed954ef00b54575a53940fda95f6c62156102ef720a8526baa94048641 14665 php7.3_7.3.31-1~deb10u7_source.buildinfo
Files:
 ea9c8e33cfea433f6e87dea2974cd904 5774 php optional php7.3_7.3.31-1~deb10u7.dsc
 deab91efaaf82c146d5a593fcb9b4d46 88240 php optional php7.3_7.3.31-1~deb10u7.debian.tar.xz
 2409566d0a59a701370c9435906c2ea0 14665 php optional php7.3_7.3.31-1~deb10u7_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmZxLmFfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkzgwP/3AlF1FR+6/gppqq7haYNUE90Q6OBM1AxNDj
xhELxCab/Akg4ZrmWtN2z2h+3lv7Dbjsdo2nV+n/dkBVdRuYM+wrZOwAImWjwdQw
un8I3VmLXeBAoriaHp3Nnj40A163ZK5YZi19M9cCatUVDv5YyhXD8iXZ/821xwVO
wD28vVwdI50vjMa/s6qQkHWfL8fByGGWfcpAbSU1J1aGubh95uagbFg/c8e3Ls0W
+YFw5MQOh5h0WHZeIrcDMO2FHCEbbMKA0yZX5zU/WjexFdBrFt7DA1iQHxDZRGEW
PWNhueaXT/NKV4AZjdLeaAWMpUVcpqAs4PcgVP2+tz8jN5qQjKlYLkX4T/Oc+TWv
Um4CkfWYrw7rx6rYL0Ei6FBPd4PlBWjBw1bwuFZWMdiIiASr28yx1NvseegJ+AZy
75xcoElPihO878phn0jafPMrEEd/1zx3CDrIDYEAqTGdswzVomC+xCnOZWJtUl+/
qtQNFDpGemOf0Ov1NOdZZJumnoFPF6fS+nbZ+WZQwmThTiDtf6mZOrnIG1OroSqM
AjObw9/Wzi5Nhp5cTjYBdzKGp8fbxBFZLaHMKpbsTL4TVmtE78oNGPu94kiZYMmA
3gpIbi4aGSAjDKNn4igUjSHCJVaTxZti/1ryjaxa8wsYV3wEc5qtncnfSncP+MQa
OEWOS673
=iH3G
-----END PGP SIGNATURE-----

News for package php7.3