-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 27 Sep 2024 06:16:10 +0200 Source: php8.2 Architecture: source Version: 8.2.24-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian PHP Maintainers Changed-By: Ondřej Surý Changes: php8.2 (8.2.24-1~deb12u1) bookworm-security; urgency=high . * New upstream version 8.2.24 + [CVE-2024-8926]: Bypass of CVE-2024-4577, Parameter Injection Vulnerability + [CVE-2024-8927]: cgi.force_redirect configuration is bypassable due to the environment variable collision + [CVE-2024-8927]: Logs from FPM childrens may be altered + [CVE-2024-8925]: Erroneous parsing of multipart form data Checksums-Sha1: 55d65f97602743a30724b0b9e7ca52059feefcf8 5726 php8.2_8.2.24-1~deb12u1.dsc 02297c35cca13de4a5d1aee841f1faeb70740c9f 12110000 php8.2_8.2.24.orig.tar.xz 94083664dafa297e200c8ad781d84de41cbe36ca 858 php8.2_8.2.24.orig.tar.xz.asc d20573e65da7524c8d7876b3fb6d09d241212ec1 70008 php8.2_8.2.24-1~deb12u1.debian.tar.xz 540a6a4a613ffa41cc9ee7ec0aa60c1010a885e6 34586 php8.2_8.2.24-1~deb12u1_amd64.buildinfo Checksums-Sha256: 01b8bc0e7d6ff502f49ee296cf2c0104e4121444a8d8c8a3d73c589282f977a3 5726 php8.2_8.2.24-1~deb12u1.dsc 80a5225746a9eb484475b312d4c626c63a88a037d8e56d214f30205e1ba1411a 12110000 php8.2_8.2.24.orig.tar.xz e9772a68ba37080260ec8a839074b46552db807bb8dfc18a00d7a47f46edbc50 858 php8.2_8.2.24.orig.tar.xz.asc 83a301e2306dcae6916d021d07a08ed88c6a90a8a315e94948b866c5e9a70a38 70008 php8.2_8.2.24-1~deb12u1.debian.tar.xz 13b9db91575769cb245092151c5c1153454ef4770aeb02e95548334890957e02 34586 php8.2_8.2.24-1~deb12u1_amd64.buildinfo Files: 157e7dfd329bd038be7a55104b1c6528 5726 php optional php8.2_8.2.24-1~deb12u1.dsc fff29ce84f5b4ddfc2063f7b2021fce2 12110000 php optional php8.2_8.2.24.orig.tar.xz 79cd78f08e27826f00e81389b5962b15 858 php optional php8.2_8.2.24.orig.tar.xz.asc a0fb44a95c02952c6d8321de7d2a38d2 70008 php optional php8.2_8.2.24-1~deb12u1.debian.tar.xz c1f41641c92f832e49835cdc942aa9ea 34586 php optional php8.2_8.2.24-1~deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmb2dVtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcIO8hAApV/eAROelDeXOkBFkaSh6Mi+tA3yuyFXmIPWzBQmtDrTDad5sxRzKEoL Gt4TPuvUQscV1XVhdMX3Ty/hgbJs2rhPmQQUARY7d0q3tTUeQ90PnBP/Mx76FTCR M9Hq+UmKqGliPm824SkQV2ENWZTjd50+7ZUjYTKLflSTpsYKKjJYvVM8MIRrF7qp 5e7L0JiR7k8gSpO8EXwqSwfHlcNew7Cz4ltzaOzQSFQc7xoIyD8U3mk4rHoKvGqj 27Paw/Rq757jkQxtisokgTaL73NEbIPilKqhBBiqBTxKdpSyany3btB/SnhQVo7Y MREQ1Pj+DEAS/Bg5Osm6bResEDGxOGcgw+QNvQeXduvTtbJXz2G+aNeEjUn9BbQg Zq/nvadHnVk1CHSlU+e8mwUd7w3Edz+rZhx3asyi7VJwhcG33DT/IopAemJrhoQX AVgJSmjsrxZjxvPf2jAFyj6Ic99ESPsjuzEntkFlVk970qCKR7HvE0HhYHsBiphJ cRsFsbsBAWn0jZzvUqz/FpAxBV7AKCTB+z/2bUWDXP9NDY/A/ET7I07czpqpOgH4 j7oLzlvWAV5BGCNipv6y0IlY3ViS+voNlGGnMyFuP6KTgY3jhC79DVeXf4SbydCl eaf8S4X/PHkwvvKqBW5WYvotDLXy+MzLJdlMIj+OzkkkK3B/vOg= =gNWG -----END PGP SIGNATURE-----