-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6377-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff July 04, 2026 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : php8.4 CVE ID : CVE-2026-14355 It was discovered that a buffer overflow in the implementation of AES Key Wrap with Padding in the openssl extension of PHP, a widely-used open source general purpose scripting language, could result in memory corruption. For the stable distribution (trixie), this problem has been fixed in version 8.4.23-1~deb13u1. We recommend that you upgrade your php8.4 packages. For the detailed security status of php8.4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php8.4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: [email protected] -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmpJABkACgkQEMKTtsN8 TjYweA//ftETM5Y8LcRgl8BWqTRdt5n82ycT6RRNVL6kHVX8ncDOl1RhXXl4Fvmd 6BRB0y/DSxbCzPAdI2Iko97xi/Rf8XlPp2HT3TtjyvlFTkwcDTinFeLP0Oi22yBK TGF7dPu/WTjnLThKf3/zc54uzAT4R3iyRtqz+WLpzrPIkyzQrnoY6KWXfGHinFNg 4eXEuDeOV4vlE1Jsi7rSmp0w6ohws1PaZQvwK13YHELFo1bYqWe3YwXgwQu412ZT UhDQrEeLZBrt8wpo5FC9h9m6fW1ZP/U/I4yNtNYBJOCSSw60cGSENH01tqb+VVmp GZDE2eIPoyslZo7eTUc8rgypma92vIlSz9qKzET1V7RRhWlGbHiCZOsOg3G2ssNV g0y0Iy1yVJ2cSi460pNXz3ryRKsnKEoq+tSstoc5y+LC3gcqzoKZ6nugkeCPTbw/ 4Q3npj91+DmiDSe3KrRQ0j0AQvFtoEQTmXB4DL8rqMYTKuIfXRmAooZlppx7h2eM 4IRzAQ4Unxwq3RwX+mOPIeoPlOJ1DxyIceAS5k97CxMAYQBqyCRhBJ5fxxoFeerq uZLi7aHMK58fDs/GbDF2fuc3T/D8Nv5ZvMDCQK442W+xUzn5k089QgTuZwytXsJN 4Ky2CcnY/kf//ilWMYdjqXbFnyn3/OUlXFfYRpzwXQMaUHFwHGQ= =7fXb -----END PGP SIGNATURE-----

