-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 25 Nov 2024 18:21:51 +0100
Source: php8.2
Architecture: source
Version: 8.2.26-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian PHP Maintainers <team+pkg-...@tracker.debian.org>
Changed-By: Ondřej Surý <ond...@debian.org>
Changes:
php8.2 (8.2.26-1~deb12u1) bookworm-security; urgency=high
.
* New upstream version 8.2.26
+ Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI
Interface.
+ [CVE-2024-8929]: Leak partial content of the heap through heap buffer
over-read.
+ [CVE-2024-8932]: OOB access in ldap_escape.
+ [CVE-2024-11233]: Single byte overread with
convert.quoted-printable-decode filter.
+ [CVE-2024-11234]: Configuring a proxy in a stream context might allow
for CRLF injection in URIs.
+ [CVE-2024-11236]: Integer overflow in the dblib quoter causing OOB
writes.
+ [CVE-2024-11236]: Integer overflow in the firebird quoter causing OOB
writes.
* Revert "ext/gmp: gmp_pow fix FPE with large values" upstream patch
Checksums-Sha1:
d7a665d5468c2642ddabf1563c35633441366407 5726 php8.2_8.2.26-1~deb12u1.dsc
6d930bd37b7e513bbc8e27da03f478168a960614 12138868 php8.2_8.2.26.orig.tar.xz
6bdf7052a3d85882d8ccb4b359d6555474f13d57 858 php8.2_8.2.26.orig.tar.xz.asc
89272e76bf7e7a751ac022474e75aa33c2c4bbc8 71316
php8.2_8.2.26-1~deb12u1.debian.tar.xz
a96864e146e729f179d1a9fa40d521dbc0af9336 34628
php8.2_8.2.26-1~deb12u1_amd64.buildinfo
Checksums-Sha256:
bfe887c4418c62e47038a065c82f5090927827dcd90e9af1565a46eac7bb6564 5726
php8.2_8.2.26-1~deb12u1.dsc
54747400cb4874288ad41a785e6147e2ff546cceeeb55c23c00c771ac125c6ef 12138868
php8.2_8.2.26.orig.tar.xz
ea2ef0dcdcec97a56fe23b8a5ab00033029548e0a45dbdbc1fcb45a89e62f41d 858
php8.2_8.2.26.orig.tar.xz.asc
d941806f1eca3c322ff7d89602493c9a87166e498b75339885f0040131eec181 71316
php8.2_8.2.26-1~deb12u1.debian.tar.xz
7c41963e984fdad40f431bfe1fa69c80c43d1fafa3e7e409fcf00dc583b24662 34628
php8.2_8.2.26-1~deb12u1_amd64.buildinfo
Files:
224a7840af709edfdc2a9b8ed38b1e0a 5726 php optional php8.2_8.2.26-1~deb12u1.dsc
8c3b0663f8ab02464a0c64bbd5a4b877 12138868 php optional
php8.2_8.2.26.orig.tar.xz
2b17755eab5f4db6005c12cacf91b781 858 php optional php8.2_8.2.26.orig.tar.xz.asc
5d0ecedf9a1b6af2770c976a15bdc6aa 71316 php optional
php8.2_8.2.26-1~deb12u1.debian.tar.xz
a951c98e5879ca1ef74347a108378a76 34628 php optional
php8.2_8.2.26-1~deb12u1_amd64.buildinfo-----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmdFiAFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcJdwxAAkeItFg7ViIfJ9ysLWajG8Vs9YeJoO6mO15XPQVLJ/mwZ7ML5t9//APIS biU0bDGBM5t1VS+MdtjIHV5Zd8/u7oAz+IhD/BZnBxwlo2pqSwZBCEMyNNnrBCeW c4guSkY7lQJWPYQws3YRNs29XBPuV7dTXFe/Td1a0J16RmCGb32n2ndfHyjUWgDH oGmIVYbAb2iyqN8P57uq5H1K0wtLO3Au2PA0r+9pgQdCRWBrBvbaZDEQkLjuq19w a5Me3zlN2ocFWlwa7e2VhHSZCluYwEFC5UXazlRuIAuPf7nL6YP11ECKExJUrhV7 p3Th1R05uvnpzGWn5w/AcJDM1a8sXQXbemxlNHRtOBOdIryPrsNKsYJXkHoEVyrN ud8FbKgAEQWhpQc3ysCi1woiibx6+Uo63G9ZvU4NKQRiKCyy5YySjdlthY33YoW1 u9qoI0omxrWK5jVIjjdnJMt2JLHSAgihMPmpd7+GPJWLXoOVTMl8x//qAoklIjWs Zq1bYgzT4Zo7OIaPeo7DOi2smtBL4+sMD/6q1vxR9PWuPqHGpEEoXXN8hQ8MxBp4 4FZuhubYlhLDG8D7nRt7ELTCWj3oj7RZ+CZGXxnnJrsMEDXOx+ASqRH5UQTFLuch nTasgSbSRWcMyKpmzw8NyRwSQ6dbu6dgZkxEFs7LaMXJCBKtL0s= =4WxE -----END PGP SIGNATURE-----
pgpomKHGDbXBR.pgp
Description: PGP signature
