Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: fb688e64 by Moritz Muehlenhoff at 2026-05-08T10:06:44+02:00 new php issues - - - - - 2 changed files: - data/CVE/list - data/dsa-needed.txt Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,67 @@ +CVE-2026-7258 + - php8.4 <unfixed> + - php8.2 <removed> + - php7.4 <removed> + NOTE: https://github.com/php/php-src/security/advisories/GHSA-m8rr-4c36-8gq4 + NOTE: https://github.com/php/php-src/commit/b8dad9314c1e225a1a2d50608e4e7d478c34365c + NOTE: https://github.com/php/php-src/commit/dc9e21b81c143faa9677bb0cf157e83960a24d0d + NOTE: https://github.com/php/php-src/commit/398b7dabfbd2e8f4f4ed2065dbcf3e3794e8ca47 + NOTE: https://github.com/php/php-src/commit/a38418777f65780d9d622197677e90567690fc07 + NOTE: https://github.com/php/php-src/commit/ +CVE-2026-7568 + - php8.4 <unfixed> + - php8.2 <removed> + - php7.4 <removed> + NOTE: https://github.com/php/php-src/security/advisories/GHSA-96wq-48vp-hh57 + NOTE: https://github.com/php/php-src/commit/47def8ce1db1fdbffcfc1f5bb11877a0e22d4b32 +CVE-2026-7262 + - php8.4 <unfixed> + - php8.2 <removed> + - php7.4 <removed> + NOTE: https://github.com/php/php-src/security/advisories/GHSA-hmxp-6pc4-f3vv + NOTE: https://github.com/php/php-src/commit/79551ab8b1a97760c739e372f9bc359619f3554d +CVE-2026-7261 + - php8.4 <unfixed> + - php8.2 <removed> + - php7.4 <removed> + NOTE: https://github.com/php/php-src/commit/db2a7f9348fd5dda5fd162061786a664c417bf5b + NOTE: https://github.com/php/php-src/security/advisories/GHSA-m33r-qmcv-p97q +CVE-2026-6722 + - php8.4 <unfixed> + - php8.2 <removed> + - php7.4 <removed> + NOTE: https://github.com/php/php-src/security/advisories/GHSA-85c2-q967-79q5 + NOTE: https://github.com/php/php-src/commit/aee3b3ac9b816b0def1c462695b483b49a83148e +CVE-2025-14179 + - php8.4 <unfixed> + - php8.2 <removed> + - php7.4 <removed> + NOTE: https://github.com/php/php-src/security/advisories/GHSA-w476-322c-wpvm + NOTE: https://github.com/php/php-src/commit/3f40b65323dd1b85e9bab6878237d3867e449d5c +CVE-2026-6104 + - php8.4 <unfixed> + - php8.2 <not-affected> (Only affects 8.4 and later) + - php7.4 <not-affected> (Only affects 8.4 and later) + NOTE: https://github.com/php/php-src/security/advisories/GHSA-74r9-qxhc-fx53 + NOTE: https://github.com/php/php-src/commit/56ee76f82045ab728f3e63e20bf9530621e829cb +CVE-2026-7259 + - php8.4 <unfixed> + - php8.2 <removed> + - php7.4 <removed> + NOTE: https://github.com/php/php-src/security/advisories/GHSA-wm6j-2649-pv75 + NOTE: https://github.com/php/php-src/commit/79a054eae016c56409432e69aebc8ca908a88838 +CVE-2026-6735 + - php8.4 <unfixed> + - php8.2 <removed> + - php7.4 <removed> + NOTE: https://github.com/php/php-src/security/advisories/GHSA-7qg2-v9fj-4mwv + NOTE: https://github.com/php/php-src/commit/99a5ad7441de9914246c7863adb6997396008b9d +CVE-2026-7263 + - php8.4 <unfixed> + - php8.2 <not-affected> (Only affects 8.4 and later) + - php7.4 <not-affected> (Only affects 8.4 and later) + NOTE: https://github.com/php/php-src/security/advisories/GHSA-4jhr-8w89-j733 + NOTE: https://github.com/php/php-src/commit/d43c523c48960e9ca0bf9c747e9bad8e5121edff CVE-2026-8149 (A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on ...) TODO: check CVE-2026-8148 (NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local atta ...) ===================================== data/dsa-needed.txt ===================================== @@ -86,6 +86,10 @@ openvswitch pdfminer (carnil) Required followup for CVE-2025-64512 as original fix was incomplete. -- +php8.4/stable (jmm) +-- +php8.2/oldstable (jmm) +-- php-laravel-framework/oldstable -- postorius (jmm) View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb688e64da8f7cb33d38616886ca3def8effccea -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fb688e64da8f7cb33d38616886ca3def8effccea You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
