Register | Log in

php7.4

Choose email to subscribe with

general

source: php7.4 (main)
version: 7.4.33-1+deb11u8
maintainer: Debian PHP Maintainers (DMD)
uploaders: Ondřej Surý [DMD] – Lior Kaplan [DMD]
arch: all any
std-ver: 4.5.0.0
VCS: Git (Browse)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 7.4.33-1+deb11u5
old-sec: 7.4.33-1+deb11u8

versioned links

7.4.33-1+deb11u5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
7.4.33-1+deb11u8: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

package is gone

This package is not in any development repository. This probably means that the package has been removed (or has been renamed). Thus the information here is of little interest ... the package is going to disappear unless someone takes it over and reintroduces it.

action needed

Debci reports failed tests high

unstable: fail (log)
The tests ran in 0:02:02
Last run: 2022-01-18T01:18:30.000Z
Previous status: unknown

testing: pass (log)
The tests ran in 0:02:54
Last run: 2022-01-21T20:16:26.000Z
Previous status: unknown

stable: pass (log)
The tests ran in 0:01:52
Last run: 2023-05-21T16:22:03.000Z
Previous status: unknown

Created: 2022-01-03 Last update: 2025-07-14 22:05

4 security issues in bullseye high

There are 4 open security issues in bullseye.

3 important issues:

CVE-2025-1220: In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.
CVE-2025-1735: In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
CVE-2025-6491: In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.

1 issue postponed or untriaged:

CVE-2024-2408: (postponed; to be fixed through a stable update) The openssl_private_decrypt function in PHP, when using PKCS1 padding (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack unless it is used with an OpenSSL version that includes the changes from this pull request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection). These changes are part of OpenSSL 3.2 and have also been backported to stable versions of various Linux distributions, as well as to the PHP builds provided for Windows since the previous release. All distributors and builders should ensure that this version is used to prevent PHP from being vulnerable. PHP Windows builds for the versions 8.1.29, 8.2.20 and 8.3.8 and above include OpenSSL patches that fix the vulnerability.

Created: 2025-07-04 Last update: 2025-07-14 06:02

1 bug tagged patch in the BTS normal

The BTS contains patches fixing 1 bug, consider including or untagging them.

Created: 2025-01-06 Last update: 2025-07-14 22:01

news

[2025-03-20] Accepted php7.4 7.4.33-1+deb11u8 (source) into oldstable-security (Guilhem Moulin)
[2024-12-08] Accepted php7.4 7.4.33-1+deb11u7 (source) into oldstable-security (Guilhem Moulin)
[2024-10-14] Accepted php7.4 7.4.33-1+deb11u6 (source) into oldstable-security (Guilhem Moulin)
[2024-04-20] Accepted php7.4 7.4.33-1+deb11u5 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2024-04-15] Accepted php7.4 7.4.33-1+deb11u5 (source) into oldstable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-06-16] Accepted php7.4 7.4.33-1+deb11u4 (source) into oldstable-proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-06-13] Accepted php7.4 7.4.33-1+deb11u4 (source) into oldstable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-02-25] Accepted php7.4 7.4.33-1+deb11u3 (source) into proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2023-02-24] Accepted php7.4 7.4.33-1+deb11u3 (source) into stable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2022-11-19] Accepted php7.4 7.4.33-1+deb11u1 (source) into proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2022-11-13] Accepted php7.4 7.4.33-1+deb11u1 (source) into stable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2022-07-11] Accepted php7.4 7.4.30-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2022-07-08] Accepted php7.4 7.4.30-1+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2022-02-26] Accepted php7.4 7.4.28-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2022-02-18] Accepted php7.4 7.4.28-1+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2022-01-26] Removed 7.4.26-1 from unstable (Debian FTP Masters)
[2022-01-23] php7.4 REMOVED from testing (Debian testing watch)
[2021-12-17] php7.4 7.4.26-1 MIGRATED to testing (Debian testing watch)
[2021-12-11] Accepted php7.4 7.4.26-1 (source) into unstable (Ondřej Surý)
[2021-10-30] Accepted php7.4 7.4.25-1+deb11u1 (source) into proposed-updates->stable-new, proposed-updates (Debian FTP Masters) (signed by: Ondřej Surý)
[2021-10-25] Accepted php7.4 7.4.25-1+deb11u1 (source) into stable-security->embargoed, stable-security (Debian FTP Masters) (signed by: Ondřej Surý)
[2021-07-22] php7.4 7.4.21-1+deb11u1 MIGRATED to testing (Debian testing watch)
[2021-07-02] Accepted php7.4 7.4.21-1+deb11u1 (source) into unstable (Ondřej Surý)
[2021-06-04] Accepted php7.4 7.4.20-1 (source) into unstable (Ondřej Surý)
[2021-05-01] Accepted php7.4 7.4.18-1 (source) into unstable (Ondřej Surý)
[2021-03-05] Accepted php7.4 7.4.16-1 (source) into unstable (Ondřej Surý)
[2021-03-02] php7.4 7.4.15-5+deb11u1 MIGRATED to testing (Debian testing watch)
[2021-02-20] Accepted php7.4 7.4.15-5+deb11u1 (source) into unstable (Ondřej Surý)
[2021-02-14] Accepted php7.4 7.4.15-3 (source) into unstable (Ondřej Surý)
[2021-02-13] Accepted php7.4 7.4.15-2 (source) into unstable (Ondřej Surý)

1
2

bugs [bug history graph]

all: 4
RC: 0
I&N: 4
M&W: 0
F&P: 0
patch: 1

links

homepage
buildd: logs, cross
popcon
browse source code
edit tags
other distros
security tracker
screenshots
debci

Debian Package Tracker — Copyright 2013-2025 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing