-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 12 Apr 2024 00:07:45 +0200
Source: php8.2
Binary: php8.2 php8.2-xsl
Architecture: all
Version: 8.2.18-1~deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: all Build Daemon (x86-csail-02) <buildd_all-x86-csail-02@buildd.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
 php8.2     - server-side, HTML-embedded scripting language (metapackage)
 php8.2-xsl - XSL module for PHP (dummy)
Changes:
 php8.2 (8.2.18-1~deb12u1) bookworm-security; urgency=high
 .
   * New upstream version 8.2.18
    + CVE-2024-1874: Fixed bug GHSA-pc52-254m-w9w7 (Command injection via
      array-ish $command parameter of proc_open).
    + CVE-2024-2756: Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure-
      cookie bypass due to partial CVE-2022-31629 fix).
    + CVE-2024-3096: Fixed bug GHSA-h746-cjrr-wfmr (password_verify can
      erroneously return true, opening ATO risk).
Checksums-Sha1:
 e9a55d350e5ec55c549e09b034fe1a4b9676013f 36708 php8.2-xsl_8.2.18-1~deb12u1_all.deb
 c7e28be3a98f0bf5e55762ea0bf5fc51d7aa9bb4 13912 php8.2_8.2.18-1~deb12u1_all-buildd.buildinfo
 2343b9331737b5fc29e48f552421eda376c24c67 37068 php8.2_8.2.18-1~deb12u1_all.deb
Checksums-Sha256:
 957ad04c4140833734e2d0929517ccd77ee41709639c5c4f91caeffce7db9278 36708 php8.2-xsl_8.2.18-1~deb12u1_all.deb
 0aaa32f2b939015e5c272c239dd911b95c2c79a933ebd0ff1107aedaac5a6a4f 13912 php8.2_8.2.18-1~deb12u1_all-buildd.buildinfo
 3b6c02098b73c962cf7c003942eb964340537cf986b509635e3b04862d3e175a 37068 php8.2_8.2.18-1~deb12u1_all.deb
Files:
 e609e52799c3817c5dd80e61f56449dc 36708 php optional php8.2-xsl_8.2.18-1~deb12u1_all.deb
 a88cb8ae203c923f0e00e6df277e7614 13912 php optional php8.2_8.2.18-1~deb12u1_all-buildd.buildinfo
 ab4968a3394f91f7b7b4bcb6dc6115ae 37068 php optional php8.2_8.2.18-1~deb12u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEzcbx6nIE/ydHa1FFigL77i1GSVkFAmYYfdgACgkQigL77i1G
SVnDNw/+NDb4V+b6C63IKo4O2w6WMs4eK1xdPR6wrX935np8NgbsZlNaxQ5LX+GB
KzK5hHiVbS8lomu7xxJGA0utjkqBXUgXQzRhYRioqGVaPKs8XystKl4WbresEnX2
rbwmZSuP38LP+1p+44DVQChLuKotDJuXhHjiSDbcVaWlqOWopKh5t8wZLFw+HYo4
v6oK4JQBmnWuI3CsRQGElvDGkzA3OGzI0p9eU50zzupV25fUHpSkh/u08bRmkjod
T1CTHLHCU+9GRXJ9eNA7324L6stiVyOh8gR2otPd+A/NjhyxKe9LQIBD7g9HX46i
N9CAcIEXZ1NPnjpRWFJ0strplh4KAW9QezYUBfe062YxwjrTyrh8f9f2yOjq2Xqo
cRGrkPR72hNvLhh+VUOhzPr5OmWTv0aNVvhyqXF0hQh128+fxRwHXKLw0QE5KWEY
kq5EY3vUly3xkgzfxot41I0P2hGzjq8bFVsscF6GzV2Fx1vXAisY/8BLTs5/rTBj
Fxt6PUDgQsbmGrlJSq/lYtAi3NQExtMzz0WuEgVaUaV7whApfZjZ8BSoUAYW3Tee
Sda5lKKG0syHMMV4LTXGHMoJyKpZboeNxyrvDL289BC2QmDrl9aKpPiz2pVDPfUN
pgZpOdAp9KOmfXofFFLhkDj2G78DgCsKn4jUR43yAMljM7rQYCk=
=QDeE
-----END PGP SIGNATURE-----