Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted php7.4 7.4.33-1+deb11u9 (source) into oldstable-security
Date: Sun, 27 Jul 2025 14:50:28 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 27 Jul 2025 13:10:22 +0200
Source: php7.4
Architecture: source
Version: 7.4.33-1+deb11u9
Distribution: bullseye-security
Urgency: high
Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Changes:
 php7.4 (7.4.33-1+deb11u9) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2025-1220: fsockopen() doesn't regard hostname as well, hostname
     is terminated at the null byte. This can cause Server Side Request Forgery
     in general case.
   * Fix CVE-2025-1735: Missing error checking could result in SQL injection
     and missing error handling could lead to crashes due to null pointer
     dereferences.
   * Fix CVE-2025-6491: If a SoapVar instance is created with a fully qualified
     name larger than 2G, this will cause a NULL pointer dereference resulting
     in a segmentation fault, leading to a denial of service.
Checksums-Sha1:
 b6e9e8ee57f1c6a3c728afaa1e88f0fd01cc2564 5698 php7.4_7.4.33-1+deb11u9.dsc
 d520fe95ec91ca068b1c8cb77693c37ea1ba54b9 123144 php7.4_7.4.33-1+deb11u9.debian.tar.xz
 e5125a6d2bf34b54f2e78bdb9f93add006d82c63 35582 php7.4_7.4.33-1+deb11u9_amd64.buildinfo
Checksums-Sha256:
 1bc24d4ff525d55edf674cf916c0d71a45e1609f0d31e090c1a50a6956e914b3 5698 php7.4_7.4.33-1+deb11u9.dsc
 46a1072902d058515374efda7b0ef2d5ff3ca494879f3e2f5ad6ae4edcbc5a02 123144 php7.4_7.4.33-1+deb11u9.debian.tar.xz
 ed6af176e16107a9c9d96402d19bf9bb6baf85497d5a09ebe9895b821516bb8d 35582 php7.4_7.4.33-1+deb11u9_amd64.buildinfo
Files:
 2a15667189b7101dfb72032c993fe78a 5698 php optional php7.4_7.4.33-1+deb11u9.dsc
 4095e05045f7cc4cf82d2df91a95b79e 123144 php optional php7.4_7.4.33-1+deb11u9.debian.tar.xz
 0d50789b6bee71e427a8b98e5a669d77 35582 php optional php7.4_7.4.33-1+deb11u9_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmiGEnwACgkQ05pJnDwh
pVLfag/9Hvi5eEFQYUl1NHHLcKSsAr/SNY+uV2oJSUM7bILPGnZbR/xbuSdduwEj
eRRskPnsSlAi4YKztQlxWK0GCkXGdo68nb4PyrndWKpDcAr94QrOUkONZDMvczRb
WkthnpU1/7+Mv1+QbJqlNyHnvudeDFHE9cG3mTmvM/6jJP8sWK2HWiNDa5SmC7Xj
7Hl/hGsEzduq7K1HoJ6R2juPRiQtZER2P78uwiEu+QqyaHe+gyzdAC8yRM9Uc2DV
biJ+CNmMxl2EDLGWSulPGSTehb/tp99b5eXqx4dobisS53fZVtcIhTuJPJeIshX1
blVSNLseyvij/efNNdKNgS7ouOWAYSjnWxa7Te7YbGuaevfYJou5MLCt7zOOg/G7
ppgNN1Hf73EqSInn6w+MhLqypZoErJBAL6fHVAeChcMNrrUrBWUyp2z3nG9rQ2tk
RX9TmsJtXNEN/I9Oz8QaK2udFQQqjaJ+ajmAnQfjIgqz/X0zm+IWvyPeTjhhijCk
IQyVsDSHn2zaGNBEaK4y1c2wb4vv51XR9SjLT/mWsGm+uPiTtSINUYYpipa2gklb
Rwa4EsGsf8vcLgF+cb6wWcreO43y0UY/cq7lfbt+Dk2vb6Dg580fHbblJ+bnjHuq
BVs9Fmzh1zhQZwXY++nV00qSkKvQhDocFRo/lfY6Yk4vA+cuFWk=
=1nXw
-----END PGP SIGNATURE-----

News for package php7.4