-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 12 Apr 2024 02:02:16 +0200 Source: php7.4 Architecture: source Version: 7.4.33-1+deb11u5 Distribution: bullseye-security Urgency: high Maintainer: Debian PHP Maintainers Changed-By: Ondřej Surý Changes: php7.4 (7.4.33-1+deb11u5) bullseye-security; urgency=high . * Backported from 8.0.30 + CVE-2023-3823: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). + CVE-2023-3824: Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()). * Backported from 8.1.28 + CVE-2024-1874: Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). + CVE-2024-2756: Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). + CVE-2024-3096: Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). Checksums-Sha1: 301bf3cc2628ee304cccb1f7dedbd32625fee9c9 5825 php7.4_7.4.33-1+deb11u5.dsc 4d3152b2339332b4eef2c12931931d4a1245fdab 10420144 php7.4_7.4.33.orig.tar.xz 1701962351f13c1af1f29bde45eb9515747bc4ee 833 php7.4_7.4.33.orig.tar.xz.asc cb805baa3a9b78314918ffe53441e0b5203fc6aa 86144 php7.4_7.4.33-1+deb11u5.debian.tar.xz f821bb4c5afdfb79ef53aabc5f726a4b65f91616 35600 php7.4_7.4.33-1+deb11u5_amd64.buildinfo Checksums-Sha256: 0f374b4b07791304f4b366a7526e69e0ba9d85d7a6612890b9d34be5193df269 5825 php7.4_7.4.33-1+deb11u5.dsc 924846abf93bc613815c55dd3f5809377813ac62a9ec4eb3778675b82a27b927 10420144 php7.4_7.4.33.orig.tar.xz 569a01c7c605a4571fdf7dfadfff4215cc4a63ea5d474c7ec92bd7b4fecfffcb 833 php7.4_7.4.33.orig.tar.xz.asc 21885cc1308575eb8661d1d58e8249b74254f3991ebf52b631863b09240c1c21 86144 php7.4_7.4.33-1+deb11u5.debian.tar.xz 125521a73fdf33b467902adc8ca4d036226dbb1a2ed6dd92bda6a7c608e315aa 35600 php7.4_7.4.33-1+deb11u5_amd64.buildinfo Files: 31e5306f6927b8062fd2b480abddaff6 5825 php optional php7.4_7.4.33-1+deb11u5.dsc f098632163cd47f2c1ffe2bdc6ef1ff2 10420144 php optional php7.4_7.4.33.orig.tar.xz 306dca821388f20fa55324960d82f427 833 php optional php7.4_7.4.33.orig.tar.xz.asc 796af6ecede1911e24b56eed838e5702 86144 php optional php7.4_7.4.33-1+deb11u5.debian.tar.xz 19ecc77951c3f76960a9d97aeedaa09c 35600 php optional php7.4_7.4.33-1+deb11u5_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmYYhIFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcLd4xAAsdFj9pIINSbb251PXGxILn5Jgg4FfZprFo5Gu1JsjEiE2zETB/o72x6V 6l8E0ga4YZvvomnPVmmRWI5hdYUwwA7eFrZ/tcLEH34LNMBOkMxaktlTZgPD/JkW O9Gnju6vF8KYlmXw9LdqU/62CpAGwsJ/sFiRoSUtX48eED9mpfaHFlcCEiDybHOd ibknvrFfIiyO+/pHzERp2eUppXGrKqB4sh1I1+6H7co3gHOhHj6VtIlGsFq/rAK1 09yuHRnO7L8teSfnKqfXYXluwLhlhxNCoK4qj1KQlDoJMhKD+F9fwN840U2E0ez9 kogO+7wTH8Nl/j8gFpUEYBy8xBnADesy/TVyMgGDSvxRHeL1JOsId1X8ewr67jcx zIVm9nk0UmCALh+AJELEqeJ9fQH/NAHO9fe692SOvz6g//iMl9S+F6TCksI50efg kV4cJPIqr0XdigdHwlLGobZ6pR92u3qBjwNsMDYh3SmNjxUoCmT+jLKRCY78VBIX hxqjAv6qiDYXJue4UV5FeVumCSpT4xyUKYV3BAE8/wl/JAYYwEXSNBoekiz0m2NH rmNdhuwy8hom1kQhQp7a7ZtnfS0I39ExjYWXqsYTush+uDaNBo1DyID648C/7G3r nsvvcXD9sJshHvisAHI2UN2atsiH6fbFhgPz9NygzTrIL81LA/Q= =BsZo -----END PGP SIGNATURE-----