Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted php8.4 8.4.5-1 (source) into unstable
Date: Thu, 13 Mar 2025 21:02:21 +0000
Signed by: Ondřej Surý <ondrej@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 13 Mar 2025 16:28:14 +0100
Source: php8.4
Architecture: source
Version: 8.4.5-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Changes:
 php8.4 (8.4.5-1) unstable; urgency=medium
 .
   * New upstream version 8.4.5
    - [CVE-2024-11235]: Reference counting in php_request_shutdown
      causes Use-After-Free.
    - [CVE-2025-1219]: libxml streams use wrong `content-type` header
      when requesting a redirected resource.
    - [CVE-2025-1736]: Stream HTTP wrapper header check might omit
      basic auth header.
    - [CVE-2025-1861]: Stream HTTP wrapper truncate redirect location
      to 1024 bytes.
    - [CVE-2025-1734]: Streams HTTP wrapper does not fail for headers
      without colon.
    - [CVE-2025-1217]: Header parser of `http` stream wrapper does not
      handle folded headers.
Checksums-Sha1:
 0a94e7c0c485162a39ce80fe60a3dea30ba73750 5593 php8.4_8.4.5-1.dsc
 22632647ab0e0a71b33231b3de4fc3787abb6c0f 13604056 php8.4_8.4.5.orig.tar.xz
 589f9a0ab5f2d734c8f8e180ffdcf0007fbe57cc 833 php8.4_8.4.5.orig.tar.xz.asc
 7a3fe5d9ee4d03d5d31142bd3f3433e6d1543f2d 73828 php8.4_8.4.5-1.debian.tar.xz
 5ff21f12018323c902ceb0ec292fbc9dc3c09f15 33112 php8.4_8.4.5-1_amd64.buildinfo
Checksums-Sha256:
 657c3920f76dd1839ec68bb99575c364df3a4ff18e4f06fa61b365297cb07e4c 5593 php8.4_8.4.5-1.dsc
 0d3270bbce4d9ec617befce52458b763fd461d475f1fe2ed878bb8573faed327 13604056 php8.4_8.4.5.orig.tar.xz
 8890106d7628dca5a05c284d5ac9f124a2966da3398e35ec8ab70cd2d37542b4 833 php8.4_8.4.5.orig.tar.xz.asc
 d209efb029c80b9da3656c8677b186eff57f92ed09d57837f4a2f6e4ddbfd7ff 73828 php8.4_8.4.5-1.debian.tar.xz
 a35b239998dd6bc1e3c57cfc2fdaaa6cbb9fb2a36cbb977b49e4dae3470c8cba 33112 php8.4_8.4.5-1_amd64.buildinfo
Files:
 b71ed7b1491e3d9a3d5e4faf970cfa6e 5593 php optional php8.4_8.4.5-1.dsc
 fa5b55bc7111988bf0455ed45797742e 13604056 php optional php8.4_8.4.5.orig.tar.xz
 08025c9098b8655fb7d4c020a91bb447 833 php optional php8.4_8.4.5.orig.tar.xz.asc
 3f1db64be0556f5964864d50ceedd78d 73828 php optional php8.4_8.4.5-1.debian.tar.xz
 32f2497be5d0c777bd4c8c5ace29493c 33112 php optional php8.4_8.4.5-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmfTPx5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz
NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u
WcIBfxAAhS1LSWDJUcmha+LKx8BzCasb6feDch74At86OwO9juzoDkfLUJW6A5zc
Tx+gqpGaZ5nFSVuhPAIPYtLiF7YZJTvdIwRvjW7C/F8idbCo23M+uJ1uUkWzg9iR
TDTS6chkGu02ECQE5rPM/QB1HYr0HQtbgRVmRA24fQ7cKzYnkZ0YlheDhADIS49r
LhHOhmXVGez4Z/GELmC/BaNqJ6CpJyxGXoC6+Amm0q307wINOvOFrSLw03/U9rwc
10nDwO7X9HPWor0agkVpnXYLHXx/5etETQxFPJlxMJzyyzUxev2+BiHs3mJVFN+t
FLoCXDJBOciE2Y8guHiiJpXnems6IO1XKn9kvE7r5OS8dsoJ49FbSZsQnIoXFQh2
zT1BL/0X+i4iiDXLb8Txg8ph6hDtLZczwDJwDnmc80Xj4hXnhTAxYhnyFJzl4r9P
TY0czNMxHUT2nwSVyVPy6ktWDHsO9QeBDYrYYfkm7H3Yq89SjiLESGLdUobT0Zud
36F1EjTU9QH3NOwz0aWjtEbN/0sURGM8SRt85hEaZrathbtt2LDWxcHMCGlSdf5E
mUzduNVQhgkg++ShZiobWsQIH8Os5/ri2tx9vOVxhumZBruSyPvLja25k/kwcYPr
mnaGLt6nhaS4O1QBHoVoQ4reb3nfqFdvYgWMbx5ImX8UZUti+BY=
=PoFZ
-----END PGP SIGNATURE-----
News for package php8.4
