-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 27 Jul 2025 13:10:22 +0200 Source: php7.4 Architecture: source Version: 7.4.33-1+deb11u9 Distribution: bullseye-security Urgency: high Maintainer: Debian PHP Maintainers <[email protected]> Changed-By: Guilhem Moulin <[email protected]> Changes: php7.4 (7.4.33-1+deb11u9) bullseye-security; urgency=high . * Non-maintainer upload by the LTS Team. * Fix CVE-2025-1220: fsockopen() doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. * Fix CVE-2025-1735: Missing error checking could result in SQL injection and missing error handling could lead to crashes due to null pointer dereferences. * Fix CVE-2025-6491: If a SoapVar instance is created with a fully qualified name larger than 2G, this will cause a NULL pointer dereference resulting in a segmentation fault, leading to a denial of service. Checksums-Sha1: b6e9e8ee57f1c6a3c728afaa1e88f0fd01cc2564 5698 php7.4_7.4.33-1+deb11u9.dsc d520fe95ec91ca068b1c8cb77693c37ea1ba54b9 123144 php7.4_7.4.33-1+deb11u9.debian.tar.xz e5125a6d2bf34b54f2e78bdb9f93add006d82c63 35582 php7.4_7.4.33-1+deb11u9_amd64.buildinfo Checksums-Sha256: 1bc24d4ff525d55edf674cf916c0d71a45e1609f0d31e090c1a50a6956e914b3 5698 php7.4_7.4.33-1+deb11u9.dsc 46a1072902d058515374efda7b0ef2d5ff3ca494879f3e2f5ad6ae4edcbc5a02 123144 php7.4_7.4.33-1+deb11u9.debian.tar.xz ed6af176e16107a9c9d96402d19bf9bb6baf85497d5a09ebe9895b821516bb8d 35582 php7.4_7.4.33-1+deb11u9_amd64.buildinfo Files: 2a15667189b7101dfb72032c993fe78a 5698 php optional php7.4_7.4.33-1+deb11u9.dsc 4095e05045f7cc4cf82d2df91a95b79e 123144 php optional php7.4_7.4.33-1+deb11u9.debian.tar.xz 0d50789b6bee71e427a8b98e5a669d77 35582 php optional php7.4_7.4.33-1+deb11u9_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmiGEnwACgkQ05pJnDwh pVLfag/9Hvi5eEFQYUl1NHHLcKSsAr/SNY+uV2oJSUM7bILPGnZbR/xbuSdduwEj eRRskPnsSlAi4YKztQlxWK0GCkXGdo68nb4PyrndWKpDcAr94QrOUkONZDMvczRb WkthnpU1/7+Mv1+QbJqlNyHnvudeDFHE9cG3mTmvM/6jJP8sWK2HWiNDa5SmC7Xj 7Hl/hGsEzduq7K1HoJ6R2juPRiQtZER2P78uwiEu+QqyaHe+gyzdAC8yRM9Uc2DV biJ+CNmMxl2EDLGWSulPGSTehb/tp99b5eXqx4dobisS53fZVtcIhTuJPJeIshX1 blVSNLseyvij/efNNdKNgS7ouOWAYSjnWxa7Te7YbGuaevfYJou5MLCt7zOOg/G7 ppgNN1Hf73EqSInn6w+MhLqypZoErJBAL6fHVAeChcMNrrUrBWUyp2z3nG9rQ2tk RX9TmsJtXNEN/I9Oz8QaK2udFQQqjaJ+ajmAnQfjIgqz/X0zm+IWvyPeTjhhijCk IQyVsDSHn2zaGNBEaK4y1c2wb4vv51XR9SjLT/mWsGm+uPiTtSINUYYpipa2gklb Rwa4EsGsf8vcLgF+cb6wWcreO43y0UY/cq7lfbt+Dk2vb6Dg580fHbblJ+bnjHuq BVs9Fmzh1zhQZwXY++nV00qSkKvQhDocFRo/lfY6Yk4vA+cuFWk= =1nXw -----END PGP SIGNATURE-----
pgplPXngbOfL3.pgp
Description: PGP signature
