Source: php8.2 Version: 8.2.2-3 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for php8.2, making the bureport RC to ideally have those fixed before bookworm release goes out. CVE-2023-0567[0]: | PHP: Password_verify() always return true with some hash CVE-2023-0568[1]: | PHP: 1-byte array overrun in common path resolve code CVE-2023-0662[2]: | PHP: DOS vulnerability when parsing multipart request body If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-0567 https://www.cve.org/CVERecord?id=CVE-2023-0567 [1] https://security-tracker.debian.org/tracker/CVE-2023-0568 https://www.cve.org/CVERecord?id=CVE-2023-0568 [2] https://security-tracker.debian.org/tracker/CVE-2023-0662 https://www.cve.org/CVERecord?id=CVE-2023-0662 Regards, Salvatore