- php8.4 (8.4.16-1~deb13u1+rpi1) trixie-staging; urgency=medium
++php8.4 (8.4.21-1~deb13u1+rpi1) trixie-staging; urgency=medium
+
+ [changes brought forward from 8.4.11-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Fri, 17 Oct 2025 01:23:38 +0000]
+ * Fix fpu setting for raspbian.
+
- -- Raspbian forward porter <root@raspbian.org> Fri, 09 Jan 2026 21:25:00 +0000
++ -- Raspbian forward porter <root@raspbian.org> Thu, 21 May 2026 06:14:58 +0000
++
+ php8.4 (8.4.21-1~deb13u1) trixie-security; urgency=high
+
+ * New upstream version 8.4.21
+ + [CVE-2026-7263]: Dom\XMLDocument::C14N() emits duplicate xmlns
+ declarations after setAttributeNS()
+ + [CVE-2026-29078, CVE-2026-29079]: Upgrade to lexbor v2.7.0
+ + [CVE-2026-6735]: XSS within status endpoint
+ + [CVE-2026-7259]: Null pointer dereference in php_mb_check_encoding()
+ via mb_ereg_search_init()
+ + [CVE-2026-6104]: Out-of-bounds access in mbfl_name2encoding_ex()
+ + [CVE-2025-14179]: SQL injection via NUL bytes in quoted strings
+ + [CVE-2026-6722]: Stale SOAP_GLOBAL(ref_map) pointer with Apache Map
+ + [CVE-2026-7261]: Use-after-free after header parsing failure with
+ SOAP_PERSISTENCE_SESSION
+ + [CVE-2026-7262]: Broken Apache map value NULL check
+ + [CVE-2026-7568]: Signed integer overflow of char array offset
+ + [CVE-2026-7258]: Consistently pass unsigned char to ctype.h functions
+
+ -- Ondřej Surý <ondrej@debian.org> Fri, 08 May 2026 07:56:48 +0200
php8.4 (8.4.16-1~deb13u1) trixie-security; urgency=high
projects / php8.4.git / commitdiff