-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 22 Feb 2023 21:07:47 +0100
Source: php7.4
Architecture: source
Version: 7.4.33-1+deb11u3
Distribution: bullseye-security
Urgency: high
Maintainer: Debian PHP Maintainers <
team+pkg-php@tracker.debian.org> Changed-By: Ondřej Surý <
ondrej@debian.org>
Changes:
php7.4 (7.4.33-1+deb11u3) bullseye-security; urgency=high
.
* Fix GH-10187: Segfault in stripslashes() with arm64
* Backported from 8.0.28
+ CVE-2023-0567: Fixed bug #81744 (Password_verify() always return true
with some hash).
+ CVE-2023-0568: Fixed bug #81746 (1-byte array overrun in common path
resolve code).
+ CVE-2023-0662: Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when
parsing multipart request body).
Checksums-Sha1:
b4a4477a9e6c16a60744abb885e16c1519b7f18e 5825 php7.4_7.4.33-1+deb11u3.dsc
c6ec0235d005ec77a685ccdd276330a85c4cf4a3 75552 php7.4_7.4.33-1+deb11u3.debian.tar.xz
969a077d79d36767cbe0444e5ca4cca8711017c6 35328 php7.4_7.4.33-1+deb11u3_amd64.buildinfo
Checksums-Sha256:
a91c7cbcdc5a2528d1aaa13e2c82c6ef68b0548c163a9665b640e82a4059253b 5825 php7.4_7.4.33-1+deb11u3.dsc
5ab383611b38b05a838036a70bdfa7ba4970f2370f419a674ca8647cff511693 75552 php7.4_7.4.33-1+deb11u3.debian.tar.xz
cb74aa43b3aee1b6dc0628f67c517ae6b3a1f603c6b07242330425feb7b6d2da 35328 php7.4_7.4.33-1+deb11u3_amd64.buildinfo
Files:
8465847bd57b265424684abeac46cccc 5825 php optional php7.4_7.4.33-1+deb11u3.dsc
8b0c13ecfb8b322563698433b28b5ebd 75552 php optional php7.4_7.4.33-1+deb11u3.debian.tar.xz
3fe6a3397078f2ea488f1c457fbd60e0 35328 php optional php7.4_7.4.33-1+deb11u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmP2gldfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcKOYRAAjGEPjgfa9IcZiLyBe1ecdRGlWzmq+u27fdiuNOT5UlVO5U5WZuxFCVOa NYyrMFv7evqLNDS+OkisyaHSl6u4XTlW0RoW+Xa5cOG3tmIMrf3EaZGtVF0ghE9a j6yEa+M6k02bnjqTeIa3fp7IN5H+imq2ZpDSL7zZdh+wX2qgNU4m+VgnBvAr7hdn K9P2rml/nCx0e0QjSHgtdFY+kZoxyoPijlHR/N6E+q4bHRrZ8s43TPIDkuHsNNAp utTFsgl7fqztSH0+xYpIoSr/k6U5kORjA2CFACvGXtFlIhYgbfMVD2MfZ7FSH1AM 0E7csyIZufDHhFLiXgqNrVyuxnUqKomY0zfnjOLtCHEFDp7cFtBP9qhhFwtLKGp4 /Omx/5QqJGTZV6FV/88h2L8bIa7e+Ir1TIM6GCWCM5SRclTHz+YkJmbAcBhmrZK5 kESdEmOZ4aiyWp+29LfzTsDTwa/u1CqJXULgB8P0Lf/Sj1BKdKf7OjYj3E/a3E9O 3ajrbFJS4Z21xJKnrKNnNYIxw6URNxTfvB8Dc2G+nLpYQMW1cdSn+6PSkKbtJwL/ LfZmCWFIOBEWwJmXR9bIyJFHZfg0Bli8Ef+OrTE9S76OlSUSQPpCGfJ1SCS2T1Bg jgu5TNngVtlWQDNb17/tNn9DZX2Z9urKXj8Kochj88/e0P02J8Q=
=mpsc
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)