-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5660-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff April 15, 2024 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php7.4 CVE ID : CVE-2023-3823 CVE-2023-3824 CVE-2024-2756 CVE-2024-3096 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in secure cookie bypass, XXE attacks or incorrect validation of password hashes. For the oldstable distribution (bullseye), these problems have been fixed in version 7.4.33-1+deb11u5. We recommend that you upgrade your php7.4 packages. For the detailed security status of php7.4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYdfYIACgkQEMKTtsN8 Tjavcw//TgnidCQ8c0hut2Ni6PP87fZH1uZZM+gAjUxS46UpNjsDtlu9WwXAxH09 +uq0tg/dvKQLkC5W5gnUBiYhiOVoo9U75QP8oK2EYXyswXuEsb9tUhI/hEYr7KYa NHPRbSxZoowi6hKpXXpjoXc/+J9nghykSL9WeADJw4qP6QTclN274IfSujpmx6z+ YqApbtW8wzACmHpdvXfCge09NHiN0Z/U8mpd99JBNIYGJGaSDmGNrnGMzBhOms+P TCqQQZPWgWh4RlggNSlslEadGN1huf1KpdHlPvSEfRavmzloX1Vt+XUrJM47nkD3 y6y5TtckhGm7horXlskSovkNQZoa5G8NhAT1trzhfP07QJWJBrcc8MZzJQYiwlqZ Af/zY8/UcusrJj3Y8BdkfbdWb69PA6sC2qTDuj48p7adgYBZ5YOwmrC4dcwdRd9l aGqnZAhk1htX19Gzt1gYL2wDPMU+2x+F0rbemXGS6UwRmrkSlTiWVka+T5y+JpC8 lLXFR2dwF2KAdUK4dWPd5QUrNb0Tk9dBcEZuyLRevindp7gCKLx/1y/RsrNxT8b1 yW5yUp9jtePFa83+jNyojvURlC0SAgTcwEUhltob4vsTAccZZSza3cxOlqzC7ysN d0TKz20rTZFKreygYyIXfmHHaWoYbiK5IEy1ogOVho9SXUYJ7Mc= =ZcwU -----END PGP SIGNATURE-----