-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 25 Nov 2024 18:21:51 +0100 Source: php8.2 Architecture: source Version: 8.2.26-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Changes: php8.2 (8.2.26-1~deb12u1) bookworm-security; urgency=high . * New upstream version 8.2.26 + Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface. + [CVE-2024-8929]: Leak partial content of the heap through heap buffer over-read. + [CVE-2024-8932]: OOB access in ldap_escape. + [CVE-2024-11233]: Single byte overread with convert.quoted-printable-decode filter. + [CVE-2024-11234]: Configuring a proxy in a stream context might allow for CRLF injection in URIs. + [CVE-2024-11236]: Integer overflow in the dblib quoter causing OOB writes. + [CVE-2024-11236]: Integer overflow in the firebird quoter causing OOB writes. * Revert "ext/gmp: gmp_pow fix FPE with large values" upstream patch Checksums-Sha1: d7a665d5468c2642ddabf1563c35633441366407 5726 php8.2_8.2.26-1~deb12u1.dsc 6d930bd37b7e513bbc8e27da03f478168a960614 12138868 php8.2_8.2.26.orig.tar.xz 6bdf7052a3d85882d8ccb4b359d6555474f13d57 858 php8.2_8.2.26.orig.tar.xz.asc 89272e76bf7e7a751ac022474e75aa33c2c4bbc8 71316 php8.2_8.2.26-1~deb12u1.debian.tar.xz a96864e146e729f179d1a9fa40d521dbc0af9336 34628 php8.2_8.2.26-1~deb12u1_amd64.buildinfo Checksums-Sha256: bfe887c4418c62e47038a065c82f5090927827dcd90e9af1565a46eac7bb6564 5726 php8.2_8.2.26-1~deb12u1.dsc 54747400cb4874288ad41a785e6147e2ff546cceeeb55c23c00c771ac125c6ef 12138868 php8.2_8.2.26.orig.tar.xz ea2ef0dcdcec97a56fe23b8a5ab00033029548e0a45dbdbc1fcb45a89e62f41d 858 php8.2_8.2.26.orig.tar.xz.asc d941806f1eca3c322ff7d89602493c9a87166e498b75339885f0040131eec181 71316 php8.2_8.2.26-1~deb12u1.debian.tar.xz 7c41963e984fdad40f431bfe1fa69c80c43d1fafa3e7e409fcf00dc583b24662 34628 php8.2_8.2.26-1~deb12u1_amd64.buildinfo Files: 224a7840af709edfdc2a9b8ed38b1e0a 5726 php optional php8.2_8.2.26-1~deb12u1.dsc 8c3b0663f8ab02464a0c64bbd5a4b877 12138868 php optional php8.2_8.2.26.orig.tar.xz 2b17755eab5f4db6005c12cacf91b781 858 php optional php8.2_8.2.26.orig.tar.xz.asc 5d0ecedf9a1b6af2770c976a15bdc6aa 71316 php optional php8.2_8.2.26-1~deb12u1.debian.tar.xz a951c98e5879ca1ef74347a108378a76 34628 php optional php8.2_8.2.26-1~deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmdFiAFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcJdwxAAkeItFg7ViIfJ9ysLWajG8Vs9YeJoO6mO15XPQVLJ/mwZ7ML5t9//APIS biU0bDGBM5t1VS+MdtjIHV5Zd8/u7oAz+IhD/BZnBxwlo2pqSwZBCEMyNNnrBCeW c4guSkY7lQJWPYQws3YRNs29XBPuV7dTXFe/Td1a0J16RmCGb32n2ndfHyjUWgDH oGmIVYbAb2iyqN8P57uq5H1K0wtLO3Au2PA0r+9pgQdCRWBrBvbaZDEQkLjuq19w a5Me3zlN2ocFWlwa7e2VhHSZCluYwEFC5UXazlRuIAuPf7nL6YP11ECKExJUrhV7 p3Th1R05uvnpzGWn5w/AcJDM1a8sXQXbemxlNHRtOBOdIryPrsNKsYJXkHoEVyrN ud8FbKgAEQWhpQc3ysCi1woiibx6+Uo63G9ZvU4NKQRiKCyy5YySjdlthY33YoW1 u9qoI0omxrWK5jVIjjdnJMt2JLHSAgihMPmpd7+GPJWLXoOVTMl8x//qAoklIjWs Zq1bYgzT4Zo7OIaPeo7DOi2smtBL4+sMD/6q1vxR9PWuPqHGpEEoXXN8hQ8MxBp4 4FZuhubYlhLDG8D7nRt7ELTCWj3oj7RZ+CZGXxnnJrsMEDXOx+ASqRH5UQTFLuch nTasgSbSRWcMyKpmzw8NyRwSQ6dbu6dgZkxEFs7LaMXJCBKtL0s= =4WxE -----END PGP SIGNATURE-----