[SECURITY] [DLA 3243-1] php7.3 security update

To: <debian-lts-announce@lists.debian.org>
Subject: [SECURITY] [DLA 3243-1] php7.3 security update
From: Emilio Pozuelo Monfort <pochu@debian.org>
Date: Thu, 15 Dec 2022 19:33:17 +0100 (CET)
Message-id: <[🔎] 20221215183317.213B62A1C7C@andromeda>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3243-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/               Emilio Pozuelo Monfort
December 15, 2022                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : php7.3
Version        : 7.3.31-1~deb10u2
CVE ID         : CVE-2021-21707 CVE-2022-31625 CVE-2022-31626 CVE-2022-31628
                 CVE-2022-31629 CVE-2022-37454

Multiple security issues were discovered in PHP, a widely-used open
source general purpose scripting language which could result in denial
of service, information disclosure, insecure cooking handling or
potentially the execution of arbitrary code.

For Debian 10 buster, these problems have been fixed in version
7.3.31-1~deb10u2.

We recommend that you upgrade your php7.3 packages.

For the detailed security status of php7.3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php7.3

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAmObaG0ACgkQnUbEiOQ2
gwJZcg/+JVv9Ruiz87zbJEmHXLopOT9Lge5xFczBp2yxjBueEYoWGr9kynSp7ycO
qXrMk7GJKbn+KO8ZOpWpysVELgHs1c2jd13cI6Y821Q9nqj7+fuFszyqLealbRm+
6AIsuEOybDQVsIvz+uuzpD+w0gyN+65Ijjz6f+gFnpj9HZRCtBNqAmZMYBeOGL7I
KpL+M0albGNTLt4fZa1Sd3bc7tjVXc5D1cF+BUvX7lsd7AmzUfJ5gUltpIe4GZER
hUv7VJOEj9EixwYarcDCQRSez+UepvNqgP3/vRD3L1LgV/IeKHw1DpYE5TC35W2g
ewosBEhngHceuu9Gt+fW+8R5ZJIdTRNrMbRRvk1jD0Oa9JNaeBanlLoRxH+9z1e4
HSHyO3SHJwVZkBS3R2AWnL4GAyMfvbT01APrlFutQtUVzobsbUX+HbbXNb9QNVTH
lN2bJ5hb810PGr0+wz9uZgNQ1Aqg/qYDxBEs+DgildvDzuurioOkrog7J6x+rGLR
Qb5MWHSbHaOZ1v1raD3RMcx6ZVSBdEDHuc7xMx/KEG+7aQoPFECc+3eTocgDenEl
ceftzDtIeDJvkOGoJxqr+t1ZTE3enLyqik7982eOy+jC4JSJaR1b9D9ce0/j4Bt7
jyZPhePdxFpwGZ2b9dWOdLwpjES8t9l+T6/OsnkxsvZ9tzK1HQA=
=wQv4
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3242-1] thunderbird security update
Next by Date: [SECURITY] [DLA 3244-1] linux-5.10 security update
Previous by thread: [SECURITY] [DLA 3242-1] thunderbird security update
Next by thread: [SECURITY] [DLA 3244-1] linux-5.10 security update
Index(es):
- Date
- Thread