Accepted php7.3 7.3.31-1~deb10u3 (source) into oldstable
- To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
- Subject: Accepted php7.3 7.3.31-1~deb10u3 (source) into oldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Sun, 26 Feb 2023 19:50:21 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: php7.3_7.3.31-1~deb10u3_source.changes
- Debian-source: php7.3
- Debian-suite: oldstable
- Debian-version: 7.3.31-1~deb10u3
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=LIPX4giERWmC2rWuGMEp+/ea33hm5fInGMEr9wIm8qo=; b=D4mZvSTvdSEBiHunykgdPwKSos bLtXiRQWZkiasLf04uEep/1t2rXWsRsIrOD4kvjJ8NFv8gStDITpVmeONQsYxIxxxMETVgMcr6i/Y f92SRbLH3vQteN7wvd5J5Y/VcnIgV9iSIoJS9iDL0bPdbeD7sToJMPNZz02zo9ut3Mbb/RiqmXyP+ S5BYfBmbnKm/fJVgUJQn0NQnOBSEFE1Ni3PqyIDtfbYDMoRIqB87LS6kDGnEnryn/+otZlJRxUcdV NmFwK4tJW2Rp6rwj88KQLWruDrxPahREtlfy+VhI3TXGXseJPpqRuN0i/47CkEn3PWTvLOINcGunL PmreQqOQ==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1pWN2L-00EUQh-ID@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 26 Feb 2023 14:00:55 +0100
Source: php7.3
Architecture: source
Version: 7.3.31-1~deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Debian PHP Maintainers <team+pkg-php@tracker.debian.org>
Changed-By: Guilhem Moulin <guilhem@debian.org>
Closes: 1031368
Changes:
php7.3 (7.3.31-1~deb10u3) buster-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2022-31631: Uncaught integer overflow.
* CVE-2023-0567: Malformatted BCrypt hashes that include a `$` within their
salt part trigger a buffer overread and may erroneously validate any
password as valid (closes: #1031368).
* CVE-2023-0568: 1-byte array overrun in common path resolve code (closes:
#1031368).
* CVE-2023-0662: DoS vulnerability when parsing multipart request body
(closes: #1031368).
Checksums-Sha1:
9ab3569f07ec12c1accda90df3f49b2c73528665 5867 php7.3_7.3.31-1~deb10u3.dsc
3bacd2d5cf46598d7f935a3e4aa9de57d7794582 78788 php7.3_7.3.31-1~deb10u3.debian.tar.xz
2ee7e96db893ce21a606ae122a4a32d21c72ff85 35708 php7.3_7.3.31-1~deb10u3_amd64.buildinfo
Checksums-Sha256:
8334c31f03d29a7016141cb168d7643abe3ea1068e6e54a42b051ab3ebc238bc 5867 php7.3_7.3.31-1~deb10u3.dsc
5840abe340e7241c588f7c2465dbdf76ae4ee4796a60b2be799eee5583216082 78788 php7.3_7.3.31-1~deb10u3.debian.tar.xz
6a121b87ceea63f40bc85cfb6f50f521d28b83b4802cd9a2aae4625cea5c807a 35708 php7.3_7.3.31-1~deb10u3_amd64.buildinfo
Files:
b2a709b0213ba14aa5def512f966dfc7 5867 php optional php7.3_7.3.31-1~deb10u3.dsc
c96c7f74f13256c4d9cfe4cfacbbd121 78788 php optional php7.3_7.3.31-1~deb10u3.debian.tar.xz
13158b878a07ba41e5b37af95a412f83 35708 php optional php7.3_7.3.31-1~deb10u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAmP7dTIACgkQ05pJnDwh
pVIAYQ//XJxOvvPhWc2DKddfctZd/o/UUnfkn5XcfBCG1Gt/s5XcGn+krlujnPAH
aWXH/00u9lSCTWAlGt07haTapiz7KYnAt6cIAQ6x0sPoKmmM9NNSNmPJGQYZmq8W
HC1zSPF+96IyYn7+ywlSoNBNj+6vxh3SKe99YCgy4IGNrp3diHirg2hBoq8zmpdn
qPP5IVzWNDXpYB5BnCyFlNG6RgjrYUefa1n/IwywMghlyL0TgwKmbGcg6q93D4l3
gtEAuH39EqUwb7wwNXYJkF3+ARaZHQb04RvRcX/MGsdaUBqQrc7T2vz5Tv+tUlNl
qDoIeq/7TT3N7vV8pELRzKgEPasWDaNMhqeiGCFFwzmqjd/gzlvTw6dZOtLJGIAs
Xr/CX6TUnvoBua90pA7TkRZJjA53rKEnBEkCkcbqHjvkTVyADUgPrC+5t1fOJEQZ
MiuVatoYyziZoMm6b6BZFOsScjjvpkNx/QhwXjXmiNfn3yyhcnd8E/Cet4wqKdSV
PyZDNhJA1mRcKZCdJ+RBawwcqciF3rmwLVE7wLU4CGV0or0tXvp2nqy7GwyokYRM
N24hwmP1UBUg3KbDp7nbJYmauRA1xaw/cNhYfjtSrpnmm6vTtRdWXYtwxkdNBVkv
9+VLxeUcNfO641U3YRxEAMYhE7hMOUI8VkXJ58XdYxrF1bzOZgk=
=FiPQ
-----END PGP SIGNATURE-----