Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
21898cb1 by Moritz Muehlenhoff at 2026-07-03T11:05:05+02:00
new php issues

- - - - -


2 changed files:

- data/CVE/list
- data/DSA/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -1,3 +1,17 @@
+CVE-2026-14355 [PHP: ext/openssl: Memory corruption (zend_mm_heap corrupted) 
in openssl_encrypt with AES-WRAP-PAD]
+       - php8.4 <unfixed>
+       - php8.2 <removed>
+       - php7.4 <removed>
+       NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-7jrw-539f-x6vr
+       NOTE: https://github.com/php/php-src/issues/22186
+       NOTE: 
https://github.com/php/php-src/commit/169226847426368c62992af43c2c39b0fdbff4d5 
(php-8.4.23RC1)
+CVE-2026-12184 [PHP: Failure to setup TLS with a remote server can result in a 
remote DoS]
+       - php8.4 8.4.21-1
+       - php8.2 <not-affected> (Only affects 8.3 and later)
+       - php7.4 <not-affected> (Only affects 8.3 and later)
+       NOTE: 
https://github.com/php/php-src/security/advisories/GHSA-mhmq-mmqj-2v39
+       NOTE: https://github.com/php/php-src/issues/21468
+       NOTE: 
https://github.com/php/php-src/commit/7782b8876bc0f61b0e8bcce262e22896e423b22e 
(php-8.4.21RC1)
 CVE-2026-9725 (The Printcart Web to Print Product Designer for WooCommerce 
plugin for ...)
        NOT-FOR-US: WordPress plugin
 CVE-2026-9626 (The JSON API User plugin for WordPress is vulnerable to Stored 
Cross-S ...)


=====================================
data/DSA/list
=====================================
@@ -408,7 +408,7 @@
        [bookworm] - postorius 1.3.8-3+deb12u1
        [trixie] - postorius 1.3.13-1+deb13u1
 [08 May 2026] DSA-6256-1 php8.4 - security update
-       {CVE-2025-14179 CVE-2026-6104 CVE-2026-6722 CVE-2026-6735 CVE-2026-7258 
CVE-2026-7259 CVE-2026-7261 CVE-2026-7262 CVE-2026-7263 CVE-2026-7568}
+       {CVE-2025-14179 CVE-2026-6104 CVE-2026-6722 CVE-2026-6735 CVE-2026-7258 
CVE-2026-7259 CVE-2026-7261 CVE-2026-7262 CVE-2026-7263 CVE-2026-7568 
CVE-2026-12184}
        [trixie] - php8.4 8.4.21-1~deb13u1
 [08 May 2026] DSA-6255-1 php8.2 - security update
        {CVE-2025-14179 CVE-2026-6722 CVE-2026-6735 CVE-2026-7258 CVE-2026-7259 
CVE-2026-7261 CVE-2026-7262 CVE-2026-7568}



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21898cb1c5684456aa40f683d9b9c6354c72b9cf

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21898cb1c5684456aa40f683d9b9c6354c72b9cf
You're receiving this email because of your account on salsa.debian.org. Manage 
all notifications: https://salsa.debian.org/-/profile/notifications | Help: 
https://salsa.debian.org/help


_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to