-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 13 Mar 2025 19:21:38 +0100 Source: php8.2 Architecture: source Version: 8.2.28-1~deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Debian PHP Maintainers Changed-By: Ondřej Surý Changes: php8.2 (8.2.28-1~deb12u1) bookworm-security; urgency=high . * New upstream version 8.2.28 - [CVE-2025-1219]: libxml streams use wrong `content-type` header when requesting a redirected resource. - [CVE-2025-1736]: Stream HTTP wrapper header check might omit basic auth header. - [CVE-2025-1861]: Stream HTTP wrapper truncate redirect location to 1024 bytes. - [CVE-2025-1734]: Streams HTTP wrapper does not fail for headers without colon. - [CVE-2025-1217]: Header parser of `http` stream wrapper does not handle folded headers. Checksums-Sha1: 516e97bd31af4b5b70d620d90114f7c6f033f49e 5726 php8.2_8.2.28-1~deb12u1.dsc 75caaa4433c595fe804bfda4fa1063ec496d7961 12147756 php8.2_8.2.28.orig.tar.xz 179fa9a5ae7fbc8248ffa1116ccccb3552b44ddb 858 php8.2_8.2.28.orig.tar.xz.asc ee0a82bc5342c559fc58e3c62905c8aa5a402002 70460 php8.2_8.2.28-1~deb12u1.debian.tar.xz 99a8d1251a009856d25e0d43d41d1a7819b58ed4 34644 php8.2_8.2.28-1~deb12u1_amd64.buildinfo Checksums-Sha256: ee75dde9d149052a093871cce49d430b099040b93d9eee4d3470d226ddc25402 5726 php8.2_8.2.28-1~deb12u1.dsc af8c9153153a7f489153b7a74f2f29a5ee36f5cb2c6c6929c98411a577e89c91 12147756 php8.2_8.2.28.orig.tar.xz d912352a661e359ff3160cc0a1eef64f1b8663b546a72968ee9c9402214ae55e 858 php8.2_8.2.28.orig.tar.xz.asc 86164d2763c5a846dec7262e830f4dfb396b4adc674ad30a3ecdb81bc614ca30 70460 php8.2_8.2.28-1~deb12u1.debian.tar.xz 7441553edd624eb4f8f21817718e3c436ce9a46ea479b66c13b9c724b48d6a15 34644 php8.2_8.2.28-1~deb12u1_amd64.buildinfo Files: 71bda46aeb6d122471aa601548fb0c98 5726 php optional php8.2_8.2.28-1~deb12u1.dsc 64dc1e6377967c87cecbfba714af8995 12147756 php optional php8.2_8.2.28.orig.tar.xz 042823da98893bb8183c60e6f4efd847 858 php optional php8.2_8.2.28.orig.tar.xz.asc 0131eee1e33c57974addbd12b2a643f3 70460 php optional php8.2_8.2.28-1~deb12u1.debian.tar.xz 5c037d775cf218029943228b98975e39 34644 php optional php8.2_8.2.28-1~deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEw2Gx4wKVQ+vGJel9g3Kkd++uWcIFAmfTONJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEMz NjFCMUUzMDI5NTQzRUJDNjI1RTk3RDgzNzJBNDc3RUZBRTU5QzIACgkQg3Kkd++u WcJGQxAAjLMFypRQg4DX8EwbWRr5riG4C7Wm3BdjDBGQludMud+KGiRbV98a94z7 Wkhp7piS6ZBg8s/a05KQNh03T+QEA00S3l2azoI/FQ/4mBKrpfgCey77t23rIIPb Tb8h4pg7cbtXSGsuqhAltCiyLy8ppqEIK0otoBbNns3LK7jWizOxHFDvtyKw3gKo O4/yPH3Iz4JnxuE9xyd+G1auaryQmf+wHFnWH2SQ+038kRCwpTMVHLyUY4dAlw7B aDwLYAVe0HBgRx4c1dNhVE1CpTR8cMfKSgtI8l/P/56fnucvkV2NyQl1vqzvDq+G EpcBYSrZi5knXjQ3wZDRGHwHaporNO61K8ytze4hv6p+g3Lfb2qfBa9k8Gkrv13q eZJFyOm9Xz8EF9ekajWTSaDDailJYbL9rbvacLUjrKVvHCtgk2uI86qOmNC0f4U+ Kjg9DCAG/1jgCY7TApN+FP4chHBE/kUqkoUGt5grLRdn1O3Qu7CMRORl5GxYFOGG rYYunEev1vMwBleOo6XbbyHjRyxkp+4w9OgPGVT5R7pF6eJnRZb9iVqC9lmk+A8Y COQwjLNkROooHvi6Um9s/5DvGpc/jRVCtfOKv9taUti78z4F7/MfyCBdymTp7AJt UlmUNTPQLmEPkkTvSiRVx2erNBteLrdl0W2BKIbYNmHxrysfIFM= =aTxg -----END PGP SIGNATURE-----