[SECURITY] [DSA 5878-1] php8.2 security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5878-1] php8.2 security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 14 Mar 2025 19:10:55 +0000
Message-id: <Z9R/P8tu/5rDQPbT@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5878-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 14, 2025                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php8.2
CVE ID         : CVE-2025-1217 CVE-2025-1219 CVE-2025-1734 CVE-2025-1736 
                 CVE-2025-1861

Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in denial of
service or HTTP request smuggling.

For the stable distribution (bookworm), these problems have been fixed in
version 8.2.28-1~deb12u1.

We recommend that you upgrade your php8.2 packages.

For the detailed security status of php8.2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php8.2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmfUfhsACgkQEMKTtsN8
TjZGCBAAn8nVFh9VJEv7zQQBTPvzr3vbg+h/3iy10MceOjgT6g9YZNvIwoa7f+y+
ZHk/KGN5eyzTl1ddov2WiFTuauRnuzaAdZA0EQCSofg5U/LcFH3tukdg4NezfV9K
yeadoM3OLTMp6SfQ5pr7/+ttzLM+X4uozvV0gODG19555iwW9vlMOupHvMksYAUN
k1iqTENc6/efxtEch02UMTZIufUCvusX+SX1TTo8MRH/n3gfRmhB+GSJPR/tXaFW
Qj/0OMjUtNwb7SqAJ1njhdhP7clKaIUzAcMoJ47ov+tnVdTp2vTN+noAR1FEt0q+
wShzWDVchtNXiZRsmpzRTJERRE63YFrQwykYtWrVF9786QcTRS/dWN4RdkBB9M1W
V4etRloCC1wwD2OBYLGFMIaTHFZ86cKE5ykdRIMHqY1kycWfxp1EbyHDdSrxzCeC
2o5RouRJ60YiDWEcGLterEZA6m5NWU4h+mUUANrtBqio+OwrP30LGF46O/N/eWsU
lvG7rDa5Pu7f4aV1QwTbleOOvU7yRefj0P7GoLAI9SRV4ky6H0hSq3u9fZNmSZEU
a5r+vd2mRvS/lpO3Sx0oOXdrGMQ9qQfGHCMTAza38aFVdiwcVuUvLZtzNftgMv/+
85IwWWwIwXxZMrjbBVRs/iKE9MxQjK6JwBr2hEttdgsdkwiwj3s=
=fIH4
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5877-1] chromium security update
Next by Date: [SECURITY] [DSA 5879-1] opensaml security update
Previous by thread: [SECURITY] [DSA 5877-1] chromium security update
Next by thread: [SECURITY] [DSA 5879-1] opensaml security update
Index(es):
- Date
- Thread