-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Apr 2024 02:02:16 +0200
Source: php7.4
Binary: php7.4 php7.4-xsl
Architecture: all
Version: 7.4.33-1+deb11u5
Distribution: bullseye-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
 php7.4     - server-side, HTML-embedded scripting language (metapackage)
 php7.4-xsl - XSL module for PHP (dummy)
Changes:
 php7.4 (7.4.33-1+deb11u5) bullseye-security; urgency=high
 .
   * Backported from 8.0.30
    + CVE-2023-3823: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with
      external entity loading in XML without enabling it).
    + CVE-2023-3824: Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in
      phar_dir_read()).
   * Backported from 8.1.28
    + CVE-2024-1874: Fixed bug GHSA-pc52-254m-w9w7 (Command injection via
      array-ish $command parameter of proc_open).
    + CVE-2024-2756: Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure-
      cookie bypass due to partial CVE-2022-31629 fix).
    + CVE-2024-3096: Fixed bug GHSA-h746-cjrr-wfmr (password_verify can
      erroneously return true, opening ATO risk).
Checksums-Sha1:
 1a4b7465f8b5c318ecdef5e23c3ff1cff8196732 50904 php7.4-xsl_7.4.33-1+deb11u5_all.deb
 714a975d3a1fba730045b1d2b3ff3749a9a75d69 13841 php7.4_7.4.33-1+deb11u5_all-buildd.buildinfo
 bbbf5c6b98237f34efaa426647f4a9823d9b5f03 51236 php7.4_7.4.33-1+deb11u5_all.deb
Checksums-Sha256:
 3d2e3b7612fd9e51ad43f74decc719f317754afb9265aadfac6171679f4c7b83 50904 php7.4-xsl_7.4.33-1+deb11u5_all.deb
 71dfe4f781972a443803eb65f498c0706c52a088df776e36a48cdb8bf34a00f6 13841 php7.4_7.4.33-1+deb11u5_all-buildd.buildinfo
 1c6b4f4b5865f6bf0227340a76d63a2eaed77644dabf4e8637ae4144887bf3a3 51236 php7.4_7.4.33-1+deb11u5_all.deb
Files:
 668a78976305a135ea1ff0693254e9c1 50904 php optional php7.4-xsl_7.4.33-1+deb11u5_all.deb
 9d449cefbe7cddd833d3407a9ff81324 13841 php optional php7.4_7.4.33-1+deb11u5_all-buildd.buildinfo
 0c4d1f33a2de0cbdade208582894641a 51236 php optional php7.4_7.4.33-1+deb11u5_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEQsM0t1ygJv2xcx3e4cagXJhOTXsFAmYYijMACgkQ4cagXJhO
TXu4SA//fgO5UKfhrnFGKiyA0zG4R4WwCljswUpovaBVFseM5Z961nnKzzfL5sfd
IgE8bAt3psIWd0yYl0vom9/8gcN7Uq/12WpL3AEJsMAKDAIj9qjPvfjPaI0MD6W6
GI7CMPhOEKRF6zBSsMaWoWN9Q4OKxor6SyA+KllTf+4Wysiu74q6wZcJgOp9NW8A
Hh5ircQBe2rU2eG5WxDg4tLIUNX1/IgoiKzRmlgnkcDWr6ehjzpO7HUXRpcyJ/Jc
sI0nzplxx5EyoduEJ0vmA2PdkdTnjfSXMyb9WBajwCI061+x8MycbPMYEDpS1au6
wYjqKVl1kwbJ6JCm8wj4CVS90pIlrMrc6LTbFjXRXVEbBVX8kIVmTGTOPCtLoMOv
OVwBxGcJUlphiD/IzZB6nbkicE1Bg3C+s9a0ssjUpzEU81aJAYneVApbFIVfoRaT
UmH5Imh9Uc7qPomLMZB8FN0G6JLsoTnZcS5G6+2sMeY6yyUaIZFOrr8oFF8ZL3/d
eLzc7bISlHPqS8FqAHm/rB8EI5D4lA2ZSglAuRm9vHL+uP7oEztO+CeIhgBhT+mo
GV6OYy4Bu0crvmsr+3725u5g5YQzLmU1PmxBxPVUTnNEDxydH+8+bXWUII8dW3wq
EtJeOBUmyTqETqB9Ss420+O/SOUvvyujJw7rR+M5OFnVZsGVVGo=
=LwCD
-----END PGP SIGNATURE-----