Yes, I was kind of waiting for next CVE to do the update, but if that doesn’t happen soon, I’ll use the stable updates. -- Ondřej Surý (He/Him)
> On 2. 4. 2024, at 23:33, Andres Salomon <dilin...@queued.net> wrote: > > On Tue, 30 Jan 2024 13:53:49 +0100 Sebastian Kraetzig > <sebastian.kraet...@tradebyte.com> wrote: > [...] >> With PHP 8.2.11 and newer, this issue does not exist anymore as it has been >> fixed there. When it's fixed, the PHP script immediately exits without any >> error message. >> I suggest that the changes from >> https://github.com/php/php-src/commit/ffd7018fcdd13ca2966149e5141197a02707aff1 >> get backported to PHP 8.2.7 on Debian 12 (Bookworm). When I apply these >> changes on top of the above mentioned PHP version, the issue is resolved. >> At the bottom, you’ll find our tested patch. > > > I would rather see a proposed-stable-update happen with some newer version of > 8.2.x, which would additionally fix those low-priority CVEs from > https://bugs.debian.org/1043477 > <OpenPGP_0x645D0247C36E7637.asc>