the APT repositories have been updated with the following upstream PHP releases:
- php8.0 (8.0.36-1)
- php8.1 (8.1.16-1)
- php8.2 (8.2.3-1)
There were three security issues fixed in these releases:
- CVE-2023-0567: Fixed bug #81744 (Password_verify() always return true with some hash).
- CVE-2023-0568: Fixed bug #81746 (1-byte array overrun in common path resolve code).
- CVE-2023-0662: Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body).
The fixes for these security issues have been backported to:
- php5.6 (5.6.40-65)
- php7.0 (7.0.33-65)
- php7.1 (7.1.33-52)
- php7.2 (7.2.34-38)
- php7.3 (7.3.33-10)
- php7.4 (7.4.33-5)
Please update your packages as the packages are built and available in the repository.