the APT repositories have been updated with the following upstream PHP releases:
- php7.4 (7.4.32-1)
- php8.0 (8.0.24-1)
- php8.1 (8.1.11-1)
- php8.2 (8.0.0~rc3-1)
There were two security issues fixed in these releases:
- CVE-2022-31628: phar wrapper: DOS when using quine gzip file.
- CVE-2022-31629: Don’t mangle HTTP variable names that clash with ones that have a specific semantic meaning.
The fixes for these security issues have been backported to:
- php5.6 (5.6.40-63)
- php7.0 (7.0.33-63)
- php7.1 (7.1.33-50)
- php7.2 (7.2.34-35)
- php7.3 (7.3.33-7)
Please update your packages as the packages are built and available in the repository.
Further information about Extended LTS security advisories can be found at: debian Extended Long term support