Security update of PHP packages (September 2022)

News about new PHP releases (September 2022)

Dear all,

the APT repositories have been updated with the following upstream PHP releases:

  • php7.4 (7.4.32-1)
  • php8.0 (8.0.24-1)
  • php8.1 (8.1.11-1)
  • php8.2 (8.0.0~rc3-1)

There were two security issues fixed in these releases:

  • CVE-2022-31628: phar wrapper: DOS when using quine gzip file.
  • CVE-2022-31629: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning.

The fixes for these security issues have been backported to:

  • php5.6 (5.6.40-63)
  • php7.0 (7.0.33-63)
  • php7.1 (7.1.33-50)
  • php7.2 (7.2.34-35)
  • php7.3 (7.3.33-7)

Please update your packages as the packages are built and available in the repository.