-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 08 May 2026 07:56:48 +0200
Source: php8.4
Binary: php8.4 php8.4-xsl
Architecture: all
Version: 8.4.21-1~deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) <buildd_amd64-x86-grnet-03@buildd.debian.org>
Changed-By: Ondřej Surý <ondrej@debian.org>
Description:
 php8.4     - server-side, HTML-embedded scripting language (metapackage)
 php8.4-xsl - XSL module for PHP (dummy)
Changes:
 php8.4 (8.4.21-1~deb13u1) trixie-security; urgency=high
 .
   * New upstream version 8.4.21
    + [CVE-2026-7263]: Dom\XMLDocument::C14N() emits duplicate xmlns
      declarations after setAttributeNS()
    + [CVE-2026-29078, CVE-2026-29079]: Upgrade to lexbor v2.7.0
    + [CVE-2026-6735]: XSS within status endpoint
    + [CVE-2026-7259]: Null pointer dereference in php_mb_check_encoding()
      via mb_ereg_search_init()
    + [CVE-2026-6104]: Out-of-bounds access in mbfl_name2encoding_ex()
    + [CVE-2025-14179]: SQL injection via NUL bytes in quoted strings
    + [CVE-2026-6722]: Stale SOAP_GLOBAL(ref_map) pointer with Apache Map
    + [CVE-2026-7261]: Use-after-free after header parsing failure with
      SOAP_PERSISTENCE_SESSION
    + [CVE-2026-7262]: Broken Apache map value NULL check
    + [CVE-2026-7568]: Signed integer overflow of char array offset
    + [CVE-2026-7258]: Consistently pass unsigned char to ctype.h functions
Checksums-Sha1:
 ef2be0c87da1da8fcb0a157fc352954c48f35cfc 47416 php8.4-xsl_8.4.21-1~deb13u1_all.deb
 c3706e79ea567560bd7dd16fb141c95fc4013a27 14866 php8.4_8.4.21-1~deb13u1_all-buildd.buildinfo
 9eeb65999aa0947924b83b10eb0f2ceb4bded1ba 47740 php8.4_8.4.21-1~deb13u1_all.deb
Checksums-Sha256:
 6c3cc09799dcc0cfff6cac0120d4b08c3df168a6f6188f05258a858aa3dae023 47416 php8.4-xsl_8.4.21-1~deb13u1_all.deb
 c4623005f38356455ca436f936fcecee403c86280005129559ee2f6804e7371d 14866 php8.4_8.4.21-1~deb13u1_all-buildd.buildinfo
 fd1f1e1666f5d49be9e5c1d1ad2c76f5ba83bf059b8e11006521be7b51d00578 47740 php8.4_8.4.21-1~deb13u1_all.deb
Files:
 96c5d97e9c9b8c3cf79d4e1551f0ea20 47416 php optional php8.4-xsl_8.4.21-1~deb13u1_all.deb
 5e4579be30702585785da5ab31d533ba 14866 php optional php8.4_8.4.21-1~deb13u1_all-buildd.buildinfo
 7606e2035215574331b8a4d5d6133ecb 47740 php optional php8.4_8.4.21-1~deb13u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE5ZI1lXv5WjhHIVjsN8Ugyu9dQiQFAmn9jjQACgkQN8Ugyu9d
QiTNXBAAp380hZr8pIhpAdNHrN4QVWXI1ubqolicj115LYTTAqKAnnyHwx4Yb/G0
g81LHTqGoJwSqv6aSnCovbx/Im0IE98Fj0IRr9NO0incdPw49X9A6aUFkcF34ijJ
1L3XqYigcrSdprHf6osfZyoyYidG5rT7N4l9qwUsOq0xCigrK42tistB1lB67lPs
Ydfg7astb06Cm8e/nL3oODCXKyt3mcLDib/cLLcWF5picvkSjOBlsu96vlQpyvy3
kleGy6YA6ee1PmXQRQvVmc7KAYObgXUVknt7q6nDYoeIodjJcmPxwh5OiDbgthx1
oGOrVeAfhU83qbGh6NzgGyY0WJVmm6X+2LAPMFLGU81SjBuGZj/jD3JeX/6nv4x2
t0daR/JLmSTg0F+mdW6R3PBkDQAJ6HQ4RVsTzEn/eT4xtFB6/LTDa+5esas7RfcO
19CU9FEIayNm/PkNFkEFul9stniVSesCFJYmuEFcaEUOTApd3klAvFPnqC3RDQiO
rlO/4R/97GV/XVYXJvqgigzsQamNvUGfLr3oguendSx7Nm9j8VnYCsyEKq4QwiOB
3D2MWolNZj9V0fQmQFW/IE7fFP0DEYu2XGazfikalmNysLWccYEqVHgauqqiLU1t
gNraLlwPrrcB8h/8PTLkXsmXuhFhL8C9nRKlFG2XPr5h28+1ZkQ=
=6rh0
-----END PGP SIGNATURE-----