The APT repositories have been updated with the following upstream PHP releases:
- php7.4 (7.4.25-1)
- php8.0 (8.0.12-1)
There was one security issue fixed in these releases:
- CVE-2021-21703: PHP-FPM oob R/W in root process leading to privilege escalation.
And one more fixed in previous upstream release:
- CVE-2021-21706: ZipArchive::extractTo extracts outside of destination.
The fixes for these security issues have been backported to:
- php5.6 (5.6.40-55)
- php7.0 (7.0.33-55)
- php7.1 (7.1.33-42)
- php7.2 (7.2.34-26)
- php7.3 (7.3.31-2)
Following of PECL extensions have received updates:
- xdebug (3.1.1+2.9.8+2.8.1+2.5.5-1)
Further information about Extended LTS security advisories can be found at: debian Extended Long term support