Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted php7.4 7.4.33-1+deb11u11 (source) into oldoldstable-security
Date: Fri, 15 May 2026 21:28:54 +0000
Signed by: Guilhem Moulin <guilhem@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 15 May 2026 18:25:33 +0200
Source: php7.4
Architecture: source
Version: 7.4.33-1+deb11u11
Distribution: bullseye-security
Urgency: high
Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1136054
Changes:
 php7.4 (7.4.33-1+deb11u11) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2026-6722: Use-After-Free in SOAP using Apache map with Remote
     Code Execution. (Closes: #1136054)
   * Fix CVE-2026-6735: XSS within PHP-FPM status endpoint. (Closes: #1136054)
   * Fix CVE-2026-7258: Out-of-bounds read in urldecode(). (Closes: #1136054)
   * Fix CVE-2026-7261: SoapServer session-persisted object use-after-free via
     SOAP header fault. (Closes: #1136054)
   * Fix CVE-2026-7262: NULL pointer dereference in SOAP apache:Map decoder
     with missing <value>. (Closes: #1136054)
   * Fix CVE-2026-7568: Signed integer overflow in metaphone(). (Closes:
     #1136054)
Checksums-Sha1:
 d3c0ad648c0f808e72f7001f6c77a73f11f64b2a 5702 php7.4_7.4.33-1+deb11u11.dsc
 4d3152b2339332b4eef2c12931931d4a1245fdab 10420144 php7.4_7.4.33.orig.tar.xz
 1701962351f13c1af1f29bde45eb9515747bc4ee 833 php7.4_7.4.33.orig.tar.xz.asc
 d7363864bee9527b3fb0294b6db9f2d2c6fdac91 143124 php7.4_7.4.33-1+deb11u11.debian.tar.xz
 f6bd182628951f16e3ad0c234f54e245df86f4f8 7474 php7.4_7.4.33-1+deb11u11_source.buildinfo
Checksums-Sha256:
 c466b9ef8d2b8500bfdc66073af64a923df5096e4b9332d4b00b0ae458078fc0 5702 php7.4_7.4.33-1+deb11u11.dsc
 924846abf93bc613815c55dd3f5809377813ac62a9ec4eb3778675b82a27b927 10420144 php7.4_7.4.33.orig.tar.xz
 569a01c7c605a4571fdf7dfadfff4215cc4a63ea5d474c7ec92bd7b4fecfffcb 833 php7.4_7.4.33.orig.tar.xz.asc
 0b7bb35191a91ec7752f023dcba18c5f96395804df8adc0f32cc98499c08d94c 143124 php7.4_7.4.33-1+deb11u11.debian.tar.xz
 6b60d13bef165048596103f2415c2bdb22e06b257bd9f048be0aa813f0cfcf60 7474 php7.4_7.4.33-1+deb11u11_source.buildinfo
Files:
 3ef8e249fe4df1948ddc75246ce30203 5702 php optional php7.4_7.4.33-1+deb11u11.dsc
 f098632163cd47f2c1ffe2bdc6ef1ff2 10420144 php optional php7.4_7.4.33.orig.tar.xz
 306dca821388f20fa55324960d82f427 833 php optional php7.4_7.4.33.orig.tar.xz.asc
 1c8a3b234573f69d735fc0a7d0667a35 143124 php optional php7.4_7.4.33-1+deb11u11.debian.tar.xz
 a81bbe0ba12734c03409c76e9eac7b96 7474 php optional php7.4_7.4.33-1+deb11u11_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmoHi3EACgkQ05pJnDwh
pVJDzxAAlQyr7v1TLtPCsOelR0tZLMS07X5O5vDGRuWp+3faJcJgXu1F9Cc/TdlU
tRzDNuIDS4tpEt703roYOfSrWrLsObMvLmEBBcUIq1XZt9LcGJVwv1oVGZmaue97
/DpY3yPVYV/TKqk96EZwHEhYS1Jx60y2CzU3WifF9SyzoXtvLGNdMrA2fr4evBhp
PZopH84Yn6RtdH+eeKCRxZCrb4Jaes8oj/rHgOMRU16CWQA/Q8aaid09XjN2uX2x
mTnUFZi95uwEaU/6ytAHyBjMkPojBs6Mqjn29rr2laiPb8dT/6W5h8BFo6Bf1dAb
n+S3Z8LxPk499QVL3PMTn/pcxtJeDsArMFHR8kFWV2xIYPWw2nD5ZRgZ49RwurPK
ZyijAgPqd1fgInzKWAtEg0Ty6+RWGjP9ACiLlWNzdF58zZvYylCQ6HSDa/3y3GQ2
771hSQzNwg5a5zpFVhiLVZErz4GlZwYH6eMuCcp51VDAZvgBce56tGGIVef8STu/
TYVPAKY87i3XX92cN4x0ofE6XU+pXDGX0VTNdX2R1hhC5GjJL+skl6E7B0J1N1q+
DVy/s3tbXOz1mvRgAoILkL0A+jmumn8NOWu/fo/jd2IineMM0WtzFskloKMYOQRd
x9GJpvFtCyx0GXrW+TwmkpIjCGGf0/ML9eodGR0dzoVcs37qjPI=
=1Oo5
-----END PGP SIGNATURE-----
News for package php7.4
