-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-7e9290d67f 2025-12-19 04:19:43.952411+00:00 --------------------------------------------------------------------------------
Name : php Product : Fedora 43 Version : 8.4.16 Release : 1.fc43 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. -------------------------------------------------------------------------------- Update Information: PHP version 8.4.16 (18 Dec 2025) Core: Sync all boost.context files with release 1.86.0. (mvorisek) Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). (ndossche) Fixed bug GH-20286 (use-after-destroy during userland stream_close()). (ndossche, David Carlier) Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. (ndossche) Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. (ndossche) DOM: Fix memory leak when edge case is hit when registering xpath callback. (ndossche) Fixed bug GH-20395 (querySelector and querySelectorAll requires elements in $selectors to be lowercase). (ndossche) Fix missing NUL byte check on C14NFile(). (ndossche) Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). (David Carlier) FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). (David Carlier) GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output values). (David Carlier) Fixed bug GH-20602 (imagescale overflow with large height values). (David Carlier) Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants). (DanielEScherzer) LibXML: Fix some deprecations on newer libxml versions regarding input buffer/parser handling. (ndossche) MbString: Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). (ndossche) Fixed bug GH-20492 (mbstring compile warning due to non-strings). (ndossche) MySQLnd: Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets). (Remi) Opcache: Fixed bug GH-20329 (opcache.file_cache broken with full interned string buffer). (Arnaud) PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) (Jakub Zelenka) Phar: Fixed bug GH-20442 (Phar does not respect case-insensitiveness of __halt_compiler() when reading stub). (ndossche, TimWolla) Fix broken return value of fflush() for phar file entries. (ndossche) Fix assertion failure when fseeking a phar file out of bounds. (ndossche) PHPDBG: Fixed ZPP type violation in phpdbg_get_executable() and phpdbg_end_oplog(). (Girgias) SPL: Fixed bug GH-20614 (SplFixedArray incorrectly handles references in deserialization). (ndossche) Standard: Fix memory leak in array_diff() with custom type checks. (ndossche) Fixed bug GH-20583 (Stack overflow in http_build_query via deep structures). (ndossche) Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). (ndossche) Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) (ndossche) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177) (ndossche) Tidy: Fixed bug GH-20374 (PHP with tidy and custom-tags). (ndossche) XML: Fixed bug GH-20439 (xml_set_default_handler() does not properly handle special characters in attributes when passing data to callback). (ndossche) Zlib: Fix assertion failures resulting in crashes with stream filter object parameters. (ndossche) -------------------------------------------------------------------------------- ChangeLog: * Wed Dec 17 2025 Remi Collet <[email protected]> - 8.4.16-1 - Update to 8.4.16 - http://www.php.net/releases/8_4_16.php -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-7e9290d67f' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
