Source: php8.2 Version: 8.2.18-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerabilities were published for php8.2. CVE-2024-4577[0]: | Bypass of CVE-2012-1823, Argument Injection in PHP-CGI CVE-2024-5458[1]: | In PHP versionsĀ 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* | before 8.3.8, due to a code logic error, filtering functions such as | filter_var when validating URLsĀ (FILTER_VALIDATE_URL) for certain | types of URLs the function will result in invalid user information | (username + password part of URLs) being treated as valid user | information. This may lead to the downstream code accepting invalid | URLs as valid and parsing them incorrectly. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-4577 https://www.cve.org/CVERecord?id=CVE-2024-4577 [1] https://security-tracker.debian.org/tracker/CVE-2024-5458 https://www.cve.org/CVERecord?id=CVE-2024-5458 Regards, Salvatore
