Accepted php7.4 7.4.33-1+deb11u8 (source) into oldstable-security

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted php7.4 7.4.33-1+deb11u8 (source) into oldstable-security
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 20 Mar 2025 08:10:21 +0000
Message-id: <[🔎] E1tvAyr-007rfb-5O@seger.debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 19 Mar 2025 20:57:26 +0100
Source: php7.4
Architecture: source
Version: 7.4.33-1+deb11u8
Distribution: bullseye-security
Urgency: high
Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Changes:
 php7.4 (7.4.33-1+deb11u8) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * Fix CVE-2025-1217: Header parser of `http` stream wrapper does not handle
     folded headers.
   * Fix CVE-2025-1219: libxml streams use wrong `content-type` header when
     requesting a redirected resource.
   * Fix CVE-2025-1734: Streams HTTP wrapper does not fail for headers with
     invalid name and no colon.
   * Fix CVE-2025-1736: Stream HTTP wrapper header check might omit basic auth
     header.
   * Fix CVE-2025-1861: Stream HTTP wrapper truncate redirect location to 1024
     bytes.
   * Fix GHSA-wg4p-4hqh-c3g9: Possible out of bounds read when
     XML_OPTION_SKIP_TAGSTART is set.
Checksums-Sha1:
 518505af4c1ed46d764a98d86e0b815058e0e4cc 5699 php7.4_7.4.33-1+deb11u8.dsc
 03409dc64287d064abb77f2d74324d51cff9eb6c 117512 php7.4_7.4.33-1+deb11u8.debian.tar.xz
 08ff318c6b1937b70dbbf375ef0333afaa784e0f 35551 php7.4_7.4.33-1+deb11u8_amd64.buildinfo
Checksums-Sha256:
 91852b286f81ed94e276af8f401b9662e830bb1de1f4bcb54743be94ce3063e0 5699 php7.4_7.4.33-1+deb11u8.dsc
 9d48b1478768827608dfee866ab1f14ba920f3cebb01fe92f15d571afd5f538d 117512 php7.4_7.4.33-1+deb11u8.debian.tar.xz
 fbeff650f57d0b97fcde70e989e7d276cedaedcfecbc0d08355800189eca8439 35551 php7.4_7.4.33-1+deb11u8_amd64.buildinfo
Files:
 8b8dd7bd35a6d4e1b9de7ee229d53b83 5699 php optional php7.4_7.4.33-1+deb11u8.dsc
 2566df7230ba2025440abc673e1d6950 117512 php optional php7.4_7.4.33-1+deb11u8.debian.tar.xz
 0450bc81b1a527e54dd484078e2273e1 35551 php optional php7.4_7.4.33-1+deb11u8_amd64.buildinfo


-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmfbPukACgkQ05pJnDwh
pVJvZg/+J6uwcjIbVnvgqpXat871zm2L9OkCXagPTWM4YjaJ/EiE5gU7IIVB8LE7
CWYxx70ouqmfkC9qWTh+CQEMWoKPaetcoNyD2PsK+Klx95S8+DlQcVsolTc1BW+b
Me25GFyl+xzDc0Uhi6XCCRzbfweXYkFSeHMb5luSZLQAtYqUsa9XIf2de8V8aW3V
F/uonJRlDLE2W+RUhRMXpItfz5Ws61d0tZFZ4ti/s/F3/EbEe2pzZhhHYaGSDd1E
6qST980w6RBppTb7iK97Cpxs6kxBD7Jj0eE6xK1l9zdzYWfpIu1+YS1hq2O7I3zC
CXRhQxSVQDdcWGQANClD1jk5TNeKVQH1plGJkxmy4OyTN8k553wDf2MqFEspmeSJ
X5uc2/C/w1TWQcv3zu2eQgGBimV8hl6Me8iHCEnePhbPfGjRl1wVboej8vhG+ovz
IwzBdn/aslSEaRzTMVWxsLp6aJvvtCQnNt49itqpJ70vGXkMttv57iPNA3rmQOwE
9VoKJkQaNd4Lzx3TF6MlTl/jr+mkykcWZG8qw+2qcIjHkiwYj9zEbpy5oaw2VJxq
Fs0CBIi2Q+t2JbpNFjGxARm8lsW5M93H9JCTJurruGn/w36qyPRcEZhNWBzK9ODi
xSzYWbOpQ4aCYUDi0Ft66DgIJrjg+Z3OIQjZXqyzCQi6/xRFL3Y=
=XaMG
-----END PGP SIGNATURE-----

Attachment: pgpFDV2hFhAwV.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted python3.9 3.9.2-1+deb11u3 (source) into oldstable-security
Next by Date: Accepted libxslt 1.1.34-4+deb11u2 (source) into oldstable-security
Previous by thread: Accepted python3.9 3.9.2-1+deb11u3 (source) into oldstable-security
Next by thread: Accepted libxslt 1.1.34-4+deb11u2 (source) into oldstable-security
Index(es):
- Date
- Thread