-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 08 May 2026 09:20:38 +0200
Source: php8.2
Architecture: source
Version: 8.2.31-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Changes:
 php8.2 (8.2.31-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream version 8.2.31
    + [CVE-2026-6735]: XSS within status endpoint
    + [CVE-2026-7259]: Null pointer dereference in php_mb_check_encoding()
      via mb_ereg_search_init()
    + [CVE-2025-14179]: SQL injection via NUL bytes in quoted strings
    + [CVE-2026-6722]: Stale SOAP_GLOBAL(ref_map) pointer with Apache Map
    + [CVE-2026-7261]: Use-after-free after header parsing failure with
      SOAP_PERSISTENCE_SESSION
    + [CVE-2026-7262]: Broken Apache map value NULL check
    + [CVE-2026-7568]: Signed integer overflow of char array offset
    + [CVE-2026-7258]: Consistently pass unsigned char to ctype.h functions
Checksums-Sha1:
 e6ad9c8ec1be92fce76041b255f81e499181e7d1 5726 php8.2_8.2.31-1~deb12u1.dsc
 4fa90b733e6a5f15a4ea97ca97adba561959f26b 12160520 php8.2_8.2.31.orig.tar.xz
 9ccd66cc9cffec9674ac1bccdcbbfb6df9638712 833 php8.2_8.2.31.orig.tar.xz.asc
 977f38ee4d5e2718c4f019aa93a494534c5f5301 70904 php8.2_8.2.31-1~deb12u1.debian.tar.xz
 15839697be77cd0b3a9e6c40464261c3c3ecdfc6 35098 php8.2_8.2.31-1~deb12u1_amd64.buildinfo
Checksums-Sha256:
 96854a85bb6e4cad248210810c22a5ceaaecc96e1c910d2eab113062880d4d41 5726 php8.2_8.2.31-1~deb12u1.dsc
 95eae411d594fe6f6e5678b76645dc13ae47d3c0a5325c1d969b58dea56ee45a 12160520 php8.2_8.2.31.orig.tar.xz
 0531c7f681a552366956526d1fe84ffc2172a74aefa7adba1d0c78d5792464ef 833 php8.2_8.2.31.orig.tar.xz.asc
 4bb88921a5d9ce5846f1ce6f6e518e8326206cc6177d325a75057f03ebd836ab 70904 php8.2_8.2.31-1~deb12u1.debian.tar.xz
 3a79caf0650615f677c82295885c9c4deb7c98217d02c5e2493824ddecfd8b5b 35098 php8.2_8.2.31-1~deb12u1_amd64.buildinfo
Files:
 27252ff24e9e4e81883639f2c9da8c60 5726 php optional php8.2_8.2.31-1~deb12u1.dsc
 8037f989dc087b0f98456e7fa7e9fc5b 12160520 php optional php8.2_8.2.31.orig.tar.xz
 a3ff1e886cbe72b77afe19e90ee6d7cc 833 php optional php8.2_8.2.31.orig.tar.xz.asc
 bc55b4a317a9fc602da3f42ffb6008af 70904 php optional php8.2_8.2.31-1~deb12u1.debian.tar.xz
 9f7d9a6dcf20b16db50cba7914ad509b 35098 php optional php8.2_8.2.31-1~deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmn9mrdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz
NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u
WcJ1zQ/+LgbqqU94ypIVkaYlHeF807wOea2eeE7gHPBvCR6GfXc1bBY+JXtKfasj
z16dihu69trBsNVzVkoVTRa3Zz6wRM+gUxSFOus4HylAi4e0Y+QoX6dOec9UYoKM
w8oQhQQqCZ/m6bWm9dQxNBGJRujL/EvCophuP50v4FhMSKwwYMdmPjs0PKrC4BGN
WlS1Kmdg+jR/SLFuIyINxSrE3E3RVF/w9B1Zef953FGOQpyG5APoGvUjWSkwhGav
6WXxvZfmJUv6U3Bftc6TbUHBRu1L/MAzVF81MJJR1hRUxy2I8sDa2245FYgMyLlW
dvMpMoOjqWDsH+x9ikUw78JIuAbwhoIy87wLiLewCllqfNlL7ShznEPcXyuTSVGm
PGYFToCbtA2dxgaI4joDF6KZUuWX7J5V4Q11wRXqAVRI/gKtQn0lBK+nld0S97Ge
KWTp3hsrzlCkeo6000KUC0qzaoKbUJdi271C6d/7aP3k7VrKtIEnE6krAvqfMcOj
jHcLJHHpJIA3GFHo74eEqvSEOsd73KG8WvFDyLqetamj9yn7cDDrywLNZADKc+E6
RdWuPug8NR1iIKLozQ81RXUERzxMfKDrkVj8E/5gEdNQkoMR8Pqoa4uVFbiBJF6E
yX7aPm0IxPF0uhZAQEtF7MlE7YxSdU+Q/antYiaE+sL3MDdJuFk=
=6+0d
-----END PGP SIGNATURE-----