Package: release.debian.org Severity: normal X-Debbugs-Cc: php...@packages.debian.org, t...@security.debian.org, Ondřej Surý <ond...@debian.org>, car...@debian.org Control: affects -1 + src:php8.4 User: release.debian....@packages.debian.org Usertags: unblock
Hi Ondrej, hi release team, As PHP packages follow for stable to follow the respective upstream released version, I would suggest/propose to get an unblock for php8.4 explicitly to make sure the fixes for some CVEs will land in trixie before trixie start. Specifically, php8.4 8.4.10-1 fixes CVE-2025-1220, CVE-2025-1735 and CVE-2025-6491. Ondrej, what is your take? It cannot mgirate automatically as it is a key package. Regards, Salvatore
