dgit.raspbian.org Git - php8.4.git/commit

author	Ondřej Surý <ondrej@debian.org>
	Fri, 8 May 2026 05:56:48 +0000 (07:56 +0200)
committer	Ondřej Surý <ondrej@debian.org>
	Fri, 8 May 2026 05:56:48 +0000 (07:56 +0200)
commit	c667b061fe09023eaa9b992ccc14bff935dec257
tree	6065e8b419dccb707922fa2160a4f23e3775892b	tree \| snapshot
parent	15d105e78e44b1f20abcfa958359ee5d7e7244cc	commit \| diff
parent	df3d08a153462f23096a911ba042cf32a4ad895b	commit \| diff

php8.4 (8.4.21-1~deb13u1) trixie-security; urgency=high

  * New upstream version 8.4.21
   + [CVE-2026-7263]: Dom\XMLDocument::C14N() emits duplicate xmlns
     declarations after setAttributeNS()
   + [CVE-2026-29078, CVE-2026-29079]: Upgrade to lexbor v2.7.0
   + [CVE-2026-6735]: XSS within status endpoint
   + [CVE-2026-7259]: Null pointer dereference in php_mb_check_encoding()
     via mb_ereg_search_init()
   + [CVE-2026-6104]: Out-of-bounds access in mbfl_name2encoding_ex()
   + [CVE-2025-14179]: SQL injection via NUL bytes in quoted strings
   + [CVE-2026-6722]: Stale SOAP_GLOBAL(ref_map) pointer with Apache Map
   + [CVE-2026-7261]: Use-after-free after header parsing failure with
     SOAP_PERSISTENCE_SESSION
   + [CVE-2026-7262]: Broken Apache map value NULL check
   + [CVE-2026-7568]: Signed integer overflow of char array offset
   + [CVE-2026-7258]: Consistently pass unsigned char to ctype.h functions

[dgit import unpatched php8.4 8.4.21-1~deb13u1]

180 files changed:

debian/PEAR-Builder-print-info-about-php-dev.patch	\|	\|	blob
debian/README.Debian.security	\|	\|	blob
debian/README.source	\|	\|	blob
debian/changelog	\|	\|	blob
debian/compat	\|	\|	blob
debian/control	\|	\|	blob
debian/control.in	\|	\|	blob
debian/copyright	\|	\|	blob
debian/freexian-dists	\|	\|	blob
debian/gbp.conf	\|	\|	blob
debian/libapache2-mod-php.apache2	\|	\|	blob
debian/libapache2-mod-php.dirs.extra	\|	\|	blob
debian/libapache2-mod-php.install.extra	\|	\|	blob
debian/libapache2-mod-php.postinst.extra	\|	\|	blob
debian/libphp-embed.dirs.extra	\|	\|	blob
debian/libphp-embed.install.extra	\|	\|	blob
debian/libphp-embed.postinst.extra	\|	\|	blob
debian/libphp-embed.postrm.extra	\|	\|	blob
debian/libphp-embed.prerm.extra	\|	\|	blob
debian/patches/0001-libtool_fixes.patch	\|	\|	blob
debian/patches/0002-debian_quirks.patch	\|	\|	blob
debian/patches/0003-php-5.4.9-phpinfo.patch	\|	\|	blob
debian/patches/0004-extension_api.patch	\|	\|	blob
debian/patches/0005-php.ini_securitynotes.patch	\|	\|	blob
debian/patches/0006-Add-support-for-use-of-the-system-timezone-database.patch	\|	\|	blob
debian/patches/0007-strcmp_null-OnUpdateErrorLog.patch	\|	\|	blob
debian/patches/0008-qdbm-is-usr_include_qdbm.patch	\|	\|	blob
debian/patches/0009-session_save_path.patch	\|	\|	blob
debian/patches/0010-php-fpm-man-section-and-cleanup.patch	\|	\|	blob
debian/patches/0011-fpm-config.patch	\|	\|	blob
debian/patches/0012-php-fpm-sysconfdir.patch	\|	\|	blob
debian/patches/0013-lp564920-fix-big-files.patch	\|	\|	blob
debian/patches/0014-temporary-path-fixes-for-multiarch.patch	\|	\|	blob
debian/patches/0015-hurd-noptrace.patch	\|	\|	blob
debian/patches/0016-php-5.3.3-macropen.patch	\|	\|	blob
debian/patches/0017-php-5.2.4-embed.patch	\|	\|	blob
debian/patches/0018-php-fpm-m68k.patch	\|	\|	blob
debian/patches/0019-expose_all_built_and_installed_apis.patch	\|	\|	blob
debian/patches/0020-Use-system-timezone.patch	\|	\|	blob
debian/patches/0021-php-fpm-do-reload-on-SIGHUP.patch	\|	\|	blob
debian/patches/0022-php-5.4.8-ldap_r.patch	\|	\|	blob
debian/patches/0023-php-5.4.9-fixheader.patch	\|	\|	blob
debian/patches/0024-php-5.6.0-noNO.patch	\|	\|	blob
debian/patches/0025-php-5.6.0-oldpcre.patch	\|	\|	blob
debian/patches/0026-hack-phpdbg-to-explicitly-link-with-libedit.patch	\|	\|	blob
debian/patches/0027-Don-t-put-INSTALL_ROOT-into-phar.phar-exec-stanza.patch	\|	\|	blob
debian/patches/0028-Really-expand-libdir-datadir-into-EXPANDED_LIBDIR-DA.patch	\|	\|	blob
debian/patches/0029-Fix-ext-date-lib-parse_tz-PATH_MAX-HURD-FTBFS.patch	\|	\|	blob
debian/patches/0030-Add-patch-to-install-php7-module-directly-to-APXS_LI.patch	\|	\|	blob
debian/patches/0031-libtool2.2.patch	\|	\|	blob
debian/patches/0032-Include-all-libtool-files-from-phpize.m4.patch	\|	\|	blob
debian/patches/0033-In-phpize-also-copy-config.guess-config.sub-ltmain.s.patch	\|	\|	blob
debian/patches/0034-Show-packaging-credits.patch	\|	\|	blob
debian/patches/0035-Allow-printing-credits-buffer-larger-than-4k.patch	\|	\|	blob
debian/patches/0036-Don-t-close-the-credits-buffer-file-descriptor-too-e.patch	\|	\|	blob
debian/patches/0037-Lower-the-OpenSSL-requirement-to-1.0.1.patch	\|	\|	blob
debian/patches/0038-Override-result-of-AC_PROG_LN_S-to-fix-FTBFS-on-ppc6.patch	\|	\|	blob
debian/patches/0039-Update-gcc-func-attr-macro.patch	\|	\|	blob
debian/patches/0040-scripts-php-.in-Explicitly-define-the-path-to-sed.patch	\|	\|	blob
debian/patches/0041-Remove-timestamps-from-phar.patch	\|	\|	blob
debian/patches/0042-Disable-assembly-detection-in-Zend-arithmetic-with-g.patch	\|	\|	blob
debian/patches/0043-Disable-avx-detection-with-gcc-6.patch	\|	\|	blob
debian/patches/0044-Disable-garbage-collection-routine.patch	\|	\|	blob
debian/patches/0045-Add-missing-header-includes.patch	\|	\|	blob
debian/patches/0046-Add-enable-rtld-deepbind-configure-flag.patch	\|	\|	blob
debian/patches/series	\|	\|	blob
debian/php-cgi.apache2	\|	\|	blob
debian/php-cgi.conf	\|	\|	blob
debian/php-cgi.dirs.extra	\|	\|	blob
debian/php-cgi.install.extra	\|	\|	blob
debian/php-cgi.postinst.extra	\|	\|	blob
debian/php-cgi.prerm.extra	\|	\|	blob
debian/php-cli.dirs.extra	\|	\|	blob
debian/php-cli.install.extra	\|	\|	blob
debian/php-cli.links	\|	\|	blob
debian/php-cli.postinst.extra	\|	\|	blob
debian/php-cli.prerm.extra	\|	\|	blob
debian/php-common.README.Debian	\|	\|	blob
debian/php-common.dirs.extra	\|	\|	blob
debian/php-common.docs	\|	\|	blob
debian/php-common.lintian-overrides.extra	\|	\|	blob
debian/php-common.preinst.extra	\|	\|	blob
debian/php-common.substvars.extra	\|	\|	blob
debian/php-curl.substvars.extra	\|	\|	blob
debian/php-dev.dirs	\|	\|	blob
debian/php-dev.files	\|	\|	blob
debian/php-dev.install	\|	\|	blob
debian/php-dev.lintian-overrides	\|	\|	blob
debian/php-dev.postinst	\|	\|	blob
debian/php-dev.prerm	\|	\|	blob
debian/php-fpm-checkconf	\|	\|	blob
debian/php-fpm-reopenlogs	\|	\|	blob
debian/php-fpm.apache2	\|	\|	blob
debian/php-fpm.conf	\|	\|	blob
debian/php-fpm.dirs.extra	\|	\|	blob
debian/php-fpm.init	\|	\|	blob
debian/php-fpm.install.extra	\|	\|	blob
debian/php-fpm.logrotate	\|	\|	blob
debian/php-fpm.maintscript	\|	\|	blob
debian/php-fpm.postinst.extra	\|	\|	blob
debian/php-fpm.prerm.extra	\|	\|	blob
debian/php-fpm.service	\|	\|	blob
debian/php-fpm.tmpfile	\|	\|	blob
debian/php-module.bug-control.in	\|	\|	blob
debian/php-module.bug-script.in	\|	\|	blob
debian/php-module.control.in	\|	\|	blob
debian/php-module.dirs.in	\|	\|	blob
debian/php-module.ini.in	\|	\|	blob
debian/php-module.lintian-overrides.in	\|	\|	blob
debian/php-module.postinst.in	\|	\|	blob
debian/php-module.postrm.in	\|	\|	blob
debian/php-module.preinst.in	\|	\|	blob
debian/php-module.prerm.in	\|	\|	blob
debian/php-module.substvars.in	\|	\|	blob
debian/php-module.triggers.in	\|	\|	blob
debian/php-phpdbg.dirs.extra	\|	\|	blob
debian/php-phpdbg.install.extra	\|	\|	blob
debian/php-phpdbg.postinst.extra	\|	\|	blob
debian/php-phpdbg.prerm.extra	\|	\|	blob
debian/php-sapi.bug-control	\|	\|	blob
debian/php-sapi.bug-script	\|	\|	blob
debian/php-sapi.dirs	\|	\|	blob
debian/php-sapi.install	\|	\|	blob
debian/php-sapi.lintian-overrides	\|	\|	blob
debian/php-sapi.postinst	\|	\|	blob
debian/php-sapi.postrm	\|	\|	blob
debian/php-sapi.prerm	\|	\|	blob
debian/php-sapi.triggers	\|	\|	blob
debian/php-snmp.substvars.extra	\|	\|	blob
debian/php-xml.postinst.extra	\|	\|	blob
debian/php-xml.substvars.extra	\|	\|	blob
debian/php.bug-control	\|	\|	blob
debian/php.conf	\|	\|	blob
debian/php.load	\|	\|	blob
debian/phpapi	\|	\|	blob
debian/phpdbg.1	\|	\|	blob
debian/prepare-files	\|	\|	blob
debian/rules	\|	\|	blob
debian/rules.d/ext-bcmath.mk	\|	\|	blob
debian/rules.d/ext-bz2.mk	\|	\|	blob
debian/rules.d/ext-common.mk	\|	\|	blob
debian/rules.d/ext-curl.mk	\|	\|	blob
debian/rules.d/ext-dba.mk	\|	\|	blob
debian/rules.d/ext-enchant.mk	\|	\|	blob
debian/rules.d/ext-gd.mk	\|	\|	blob
debian/rules.d/ext-gmp.mk	\|	\|	blob
debian/rules.d/ext-interbase.mk	\|	\|	blob
debian/rules.d/ext-intl.mk	\|	\|	blob
debian/rules.d/ext-ldap.mk	\|	\|	blob
debian/rules.d/ext-mbstring.mk	\|	\|	blob
debian/rules.d/ext-mysql.mk	\|	\|	blob
debian/rules.d/ext-odbc.mk	\|	\|	blob
debian/rules.d/ext-pgsql.mk	\|	\|	blob
debian/rules.d/ext-readline.mk	\|	\|	blob
debian/rules.d/ext-snmp.mk	\|	\|	blob
debian/rules.d/ext-soap.mk	\|	\|	blob
debian/rules.d/ext-sqlite3.mk	\|	\|	blob
debian/rules.d/ext-sybase.mk	\|	\|	blob
debian/rules.d/ext-tidy.mk	\|	\|	blob
debian/rules.d/ext-xml.mk	\|	\|	blob
debian/rules.d/ext-zip.mk	\|	\|	blob
debian/rules.d/opcache.mk	\|	\|	blob
debian/rules.d/prepare-fpm-pools.mk	\|	\|	blob
debian/sedsed	\|	\|	blob
debian/source.lintian-overrides	\|	\|	blob
debian/source.lintian-overrides.in	\|	\|	blob
debian/source/format	\|	\|	blob
debian/source/include-binaries	\|	\|	blob
debian/tests.in/cgi	\|	\|	blob
debian/tests.in/cli	\|	\|	blob
debian/tests.in/control	\|	\|	blob
debian/tests.in/fpm	\|	\|	blob
debian/tests.in/mod-php	\|	\|	blob
debian/tests/cgi	\|	\|	blob
debian/tests/cli	\|	\|	blob
debian/tests/control	\|	\|	blob
debian/tests/fpm	\|	\|	blob
debian/tests/mod-php	\|	\|	blob
debian/upstream/signing-key.asc	\|	\|	blob
debian/watch	\|	\|	blob

Unnamed repository; edit this file 'description' to name the repository.

RSS Atom