Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 21898cb1 by Moritz Muehlenhoff at 2026-07-03T11:05:05+02:00 new php issues - - - - - 2 changed files: - data/CVE/list - data/DSA/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,17 @@ +CVE-2026-14355 [PHP: ext/openssl: Memory corruption (zend_mm_heap corrupted) in openssl_encrypt with AES-WRAP-PAD] + - php8.4 <unfixed> + - php8.2 <removed> + - php7.4 <removed> + NOTE: https://github.com/php/php-src/security/advisories/GHSA-7jrw-539f-x6vr + NOTE: https://github.com/php/php-src/issues/22186 + NOTE: https://github.com/php/php-src/commit/169226847426368c62992af43c2c39b0fdbff4d5 (php-8.4.23RC1) +CVE-2026-12184 [PHP: Failure to setup TLS with a remote server can result in a remote DoS] + - php8.4 8.4.21-1 + - php8.2 <not-affected> (Only affects 8.3 and later) + - php7.4 <not-affected> (Only affects 8.3 and later) + NOTE: https://github.com/php/php-src/security/advisories/GHSA-mhmq-mmqj-2v39 + NOTE: https://github.com/php/php-src/issues/21468 + NOTE: https://github.com/php/php-src/commit/7782b8876bc0f61b0e8bcce262e22896e423b22e (php-8.4.21RC1) CVE-2026-9725 (The Printcart Web to Print Product Designer for WooCommerce plugin for ...) NOT-FOR-US: WordPress plugin CVE-2026-9626 (The JSON API User plugin for WordPress is vulnerable to Stored Cross-S ...) ===================================== data/DSA/list ===================================== @@ -408,7 +408,7 @@ [bookworm] - postorius 1.3.8-3+deb12u1 [trixie] - postorius 1.3.13-1+deb13u1 [08 May 2026] DSA-6256-1 php8.4 - security update - {CVE-2025-14179 CVE-2026-6104 CVE-2026-6722 CVE-2026-6735 CVE-2026-7258 CVE-2026-7259 CVE-2026-7261 CVE-2026-7262 CVE-2026-7263 CVE-2026-7568} + {CVE-2025-14179 CVE-2026-6104 CVE-2026-6722 CVE-2026-6735 CVE-2026-7258 CVE-2026-7259 CVE-2026-7261 CVE-2026-7262 CVE-2026-7263 CVE-2026-7568 CVE-2026-12184} [trixie] - php8.4 8.4.21-1~deb13u1 [08 May 2026] DSA-6255-1 php8.2 - security update {CVE-2025-14179 CVE-2026-6722 CVE-2026-6735 CVE-2026-7258 CVE-2026-7259 CVE-2026-7261 CVE-2026-7262 CVE-2026-7568} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21898cb1c5684456aa40f683d9b9c6354c72b9cf -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/21898cb1c5684456aa40f683d9b9c6354c72b9cf You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
