From: Raspbian automatic forward porter <root@raspbian.org>
Date: Fri, 9 Jan 2026 21:25:00 +0000 (+0000)
Subject: Merge version 8.4.11-1+rpi1 and 8.4.16-1~deb13u1 to produce 8.4.16-1~deb13u1+rpi1
X-Git-Tag: archive/raspbian/8.4.16-1_deb13u1+rpi1^0
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=23953f97ba989babb296d33aac8bf0bf1a7a3ee5;p=php8.4.git

Merge version 8.4.11-1+rpi1 and 8.4.16-1~deb13u1 to produce 8.4.16-1~deb13u1+rpi1
---

23953f97ba989babb296d33aac8bf0bf1a7a3ee5
diff --cc debian/changelog
index 7e3523e7,486a7b15..b827506c
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,8 -1,14 +1,21 @@@
- php8.4 (8.4.11-1+rpi1) trixie-staging; urgency=medium
++php8.4 (8.4.16-1~deb13u1+rpi1) trixie-staging; urgency=medium
 +
++  [changes brought forward from 8.4.11-1+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Fri, 17 Oct 2025 01:23:38 +0000]
 +  * Fix fpu setting for raspbian.
 +
-  -- Peter Michael Green <plugwash@raspbian.org>  Fri, 17 Oct 2025 01:23:38 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Fri, 09 Jan 2026 21:25:00 +0000
++
+ php8.4 (8.4.16-1~deb13u1) trixie-security; urgency=high
+ 
+   * New upstream version 8.4.16
+    + [CVE-2025-14180]: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null
+      deref).
+    + [CVE-2025-14178]: Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in
+      array_merge()).
+    + [CVE-2025-14177]: Fixed GHSA-3237-qqm7-mfv7 (Information Leak of
+      Memory in getimagesize).
+ 
+  -- Ondřej Surý <ondrej@debian.org>  Thu, 18 Dec 2025 22:19:25 +0100
  
  php8.4 (8.4.11-1) unstable; urgency=medium