Path: csiph.com!weretis.net!feeder8.news.weretis.net!srl.newsdeef.eu!news.corradoroberto.it!bofh.it!news.nic.it!robomod From: Moritz Muehlenhoff Newsgroups: linux.debian.announce.security Subject: [SECURITY] [DSA 6256-1] php8.4 security update Date: Fri, 08 May 2026 21:00:01 +0200 Message-ID: X-Original-To: debian-security-announce@lists.debian.org X-Mailbox-Line: From debian-security-announce-request@lists.debian.org Fri May 8 18:50:17 2026 Old-Return-Path: X-Amavis-Spam-Status: No, score=-112.191 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FVGT_m_MULTI_ODD=0.02, LDO_WHITELIST=-5, PGPSIGNATURE=-5, RCVD_IN_DNSWL_NONE=-0.0001, USER_IN_DKIM_WELCOMELIST=-0.01, USER_IN_DKIM_WHITELIST=-100] autolearn=ham autolearn_force=no Old-Dkim-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=d8qc9NcN4CF5+ip3FLgNH1mSI9LM/qo+DMIpkrl51TQ=; b=K5 md4sbzYfBYDH+vPM5teA8LKqNGffMRqKPnW6xehOAUx5ce+AeI/x4ksAs6pKfsnDGu6TzJgZQyA2n tDQ123yGVrLWo3Bf2b1CxQotF+jmN3KEyXok6isSRUq1UsFDnaj8IyDKxf5UWsqnz2D5XUfGn9pbq 7a955VcFqXkFpHnPE8sGLWAaeDiQjuKAlHUaywbXy3Tg9Ak3Yj7GBhZXoniqN+YS+O0z+ygZt9P6+ 0i8tT5f3rsPVA6/GkZwf2cRUPyYOKLlou7/MAUP67GPV3sdHKyrf5cyl8LbHnlVxtx/7UO6K/12Ck KRxN/nAyge7W6Xv0Lkj2WhUfZRQiKC9w==; MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline X-Debian: PGP check passed for security officers Priority: urgent Reply-To: debian-security-announce-request@lists.debian.org X-Mailing-List: archive/latest/5181 List-ID: List-URL: List-Archive: https://lists.debian.org/msgid-search/af4wRSP_c5kerXTy@seger.debian.org Approved: robomod@news.nic.it Lines: 49 Organization: linux.* mail to news gateway Sender: robomod@news.nic.it X-Original-Date: Fri, 8 May 2026 18:49:41 +0000 X-Original-Message-ID: Xref: csiph.com linux.debian.announce.security:4822 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6256-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php8.4 CVE ID : CVE-2025-14179 CVE-2026-6104 CVE-2026-6722 CVE-2026-6735 CVE-2026-7258 CVE-2026-7259 CVE-2026-7261 CVE-2026-7262 CVE-2026-7263 CVE-2026-7568 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, SQL injection, cross-site scripting, information disclosure or the execution of arbitrary code. For the stable distribution (trixie), these problems have been fixed in version 8.4.21-1~deb13u1. We recommend that you upgrade your php8.4 packages. For the detailed security status of php8.4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php8.4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn+L+AACgkQEMKTtsN8 TjaTlw/8CdLBXZ237J9QNl1YJlPlAruL2c1hgYr+wVKgdIxxXrPxlvljL0vqIxtf W3EuSYnzmC8MICu6KwlhY7mGAI1bgmEISjNKlBvpbJEBlOJeNREVkdWYvVqZtvS1 hkDolEaZgFpX6CDInSntd1QdnvdQyeARn+/Hh6sk1Lb4KGzS0xTjy4DAZIK337sS emmNfC1k6vFhRakdOT4pv3o5oVjL/NiTkby+BI4izCuOgC9hvq7uLRLlSnMHrLjf V8fjM8PNGlcMGZm8K0B6WxstmudhCpPay4ZrRNXn0NXolkEVyhtovK/3M7JaYF/N tRVj+sxwE9vz4su8P4SMboLTvHP8q0gfuBEuTrh6Qs2J91qKtRXr9IqCDk5vnuXM NW47tr/rk5jtKuvuaQ6pZte+MMClFiMr8pq8Nk0kJG9+Xf2foB5/zgK0FedI5ZLA SAhrWf3WtpXZpLBK041aA2vnVrcdMM8H/EQomV5CqaBH2psDAL22pUROtOVjb0DG GERCUo8LavlR+wpG/oRDt/JYn1rMhVUMRZnR0lTSExPbQ9fxISZ9PJc0tm9ZuNUN SylmhsifrkmdxadmXkMfpvGbnCNYtsbK0Bw7rh4t97jOQivpb/wviS/u31abnz5Q cf3g5kxSkt7a4Dcb/9IE7C0I73UrnoMHcbtQq10W5yHldMPqXwA= =6KQG -----END PGP SIGNATURE-----