-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 08 May 2026 09:20:38 +0200
Source: php8.2
Binary: php8.2 php8.2-xsl
Architecture: all
Version: 8.2.31-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-grnet-02) <buildd_all-x86-grnet-02@buildd.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
 php8.2     - server-side, HTML-embedded scripting language (metapackage)
 php8.2-xsl - XSL module for PHP (dummy)
Changes:
 php8.2 (8.2.31-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream version 8.2.31
    + [CVE-2026-6735]: XSS within status endpoint
    + [CVE-2026-7259]: Null pointer dereference in php_mb_check_encoding()
      via mb_ereg_search_init()
    + [CVE-2025-14179]: SQL injection via NUL bytes in quoted strings
    + [CVE-2026-6722]: Stale SOAP_GLOBAL(ref_map) pointer with Apache Map
    + [CVE-2026-7261]: Use-after-free after header parsing failure with
      SOAP_PERSISTENCE_SESSION
    + [CVE-2026-7262]: Broken Apache map value NULL check
    + [CVE-2026-7568]: Signed integer overflow of char array offset
    + [CVE-2026-7258]: Consistently pass unsigned char to ctype.h functions
Checksums-Sha1:
 30ae8052f5d5cbfc123248a69f2e4a14567ae4e6 47920 php8.2-xsl_8.2.31-1~deb12u1_all.deb
 633ec667a555d0f1a6c1c46e6e8d20157fbf82df 14429 php8.2_8.2.31-1~deb12u1_all-buildd.buildinfo
 285ccde5fa88c1b12cb5e6d30f791d2df636f027 48252 php8.2_8.2.31-1~deb12u1_all.deb
Checksums-Sha256:
 2509bf394e6c83974792ac6f6da5bda798138ddc4c35e3d1e6ccda559edf6cc0 47920 php8.2-xsl_8.2.31-1~deb12u1_all.deb
 bf3e49f744b2f1f2ee8007020f240087a3a3a644108612ff606c8ed4f0fad03c 14429 php8.2_8.2.31-1~deb12u1_all-buildd.buildinfo
 68a5a98b9e364db3eae8b0485053acd25874253bb2a505c294d05ba19d5fdaa4 48252 php8.2_8.2.31-1~deb12u1_all.deb
Files:
 d6740e05699652c0988ee2e1522bd4b3 47920 php optional php8.2-xsl_8.2.31-1~deb12u1_all.deb
 a57c7d2745b8cbe55f43fe64dc4d510b 14429 php optional php8.2_8.2.31-1~deb12u1_all-buildd.buildinfo
 bc2ceee8a650349ddeaa8d1aa52fffee 48252 php optional php8.2_8.2.31-1~deb12u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE81O8NL+3kjBAqEvLmgPNRvTf/zcFAmn9oQoACgkQmgPNRvTf
/zdfVxAAhfTZrK0dBLdFom6Umpix6SgaCJQTpVRW0peosDHfi2fpb7BpGEcnFKMF
S5oRtnNSk+v0cIb9NHO8PLQqn2Uor6ydWE8Q8IHjQxovA3OkPFFBm6oPp5sJUiTn
YGMflamS1B+QKGH+qAg5tesHrcNH8K8jNbjG5wYEJVWzIbcWeipW5nrkra3oyxKh
i25j4/6Vy6oxwuue6J88s/uZTp/mFpOJZ9VmroUVRIGmn4KMtOfgRVBUYFuECFMA
OqTgsnydQ6V7en47Rc3CFSzUsRdfT36BAy3g+BJJecR7qSKwa6jnuTRWV6X2aeil
iTGNTDAFHvU2Lu0u8vZuaMIKJ2EYM9l7rbAht6j80wAkTrKU03XJg0Ai5MV0r0IT
J4SQDT00w7KxfngJpF9EbX98LT25RC2Tj+0O3XMeeKwIC5rssCMXV8eH9tXKhYHK
yZCTEgQdNkne4hbcb1IJrh9KuPbaX9S0fy3dkl2btj8NNhWODRNKJ1pdJOvWdJ7M
mj/0Ps47JTvNdRRM9wwfoey4zvm3aw0juopBkaFqRtixrjhEnmNi4pjShtmFGN51
fls167YcxjZvWLj7PdAInm9K+prulSY2XuPThEu4ssxC8E3l2ELS4xXayi/3jdeX
LZMp1PV774EP/xR8PXEWcRJfZHsnx/dgKFnmEjeYlPEy0rv8Uug=
=4b9c
-----END PGP SIGNATURE-----