-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 18 Dec 2025 22:19:25 +0100 Source: php8.4 Architecture: source Version: 8.4.16-1~deb13u1 Distribution: trixie-security Urgency: high Maintainer: Debian PHP Maintainers Changed-By: Ondřej Surý Changes: php8.4 (8.4.16-1~deb13u1) trixie-security; urgency=high . * New upstream version 8.4.16 + [CVE-2025-14180]: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). + [CVE-2025-14178]: Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). + [CVE-2025-14177]: Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). Checksums-Sha1: 049b11e7939de227876084c145adbe1c7d8b17a2 5245 php8.4_8.4.16-1~deb13u1.dsc ce889c85b4a5ff4a663c7de51929c6451f637c49 13660836 php8.4_8.4.16.orig.tar.xz 3280a493b9c574ea70b0ba2df8bb569b14e1ff4d 74268 php8.4_8.4.16-1~deb13u1.debian.tar.xz 079b17efd4ecb379c2a01d053bd644e46121ac98 33855 php8.4_8.4.16-1~deb13u1_amd64.buildinfo Checksums-Sha256: dfd1ba870c740495a0bc6cef5a5b36e732d2e2d29d49ce45da4360fc8244a9f0 5245 php8.4_8.4.16-1~deb13u1.dsc f66f8f48db34e9e29f7bfd6901178e9cf4a1b163e6e497716dfcb8f88bcfae30 13660836 php8.4_8.4.16.orig.tar.xz 9ad0fafdc77150798374f521a95c1432a0a8def2c6710fcb46aae6476dd4267f 74268 php8.4_8.4.16-1~deb13u1.debian.tar.xz e19451a1a4ab31a42ae7ba4d94ed32118552986ed035e0e3afc826aad84592a4 33855 php8.4_8.4.16-1~deb13u1_amd64.buildinfo Files: 6f2ec5938a2aca4ccd86c90bf872e0af 5245 php optional php8.4_8.4.16-1~deb13u1.dsc caaccf12223032ec302322d2079af264 13660836 php optional php8.4_8.4.16.orig.tar.xz 575a0c6d7d588b7a9d8be4459be1286e 74268 php optional php8.4_8.4.16-1~deb13u1.debian.tar.xz 4813c08cd546e9a8a5a871a06cd4003d 33855 php optional php8.4_8.4.16-1~deb13u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcgNjDiyOcnJRaE/rxc5dwsVCzVkFAmn9DTIACgkQxc5dwsVC zVmF0A/+LTXgJ+yFSKN+gp1dGP88H9iy84uYNdlA+ELJiKrG/kwGEqka6S7BwN0h T8Q9fr7DDGaWAAqC2eYCQcY0i8bdJA1MuW8jyI629EpfO4hCOXP3DpUm79g+kwxQ FJtmhIz/CmEzg5VbOwTlwqSD8cGBbVgiGrsdInnD0RyFOV39g9a1UTNHEmg34H2K UP4f6LHdTgGPhIt2GDpJh9PebkteemWMz0/hMSgEHp177E5xRW4yh+Lr6AshWFKa LDqMkxKZg/hXQFxt32esXZM4HEEprTX4eSAX2CvG/ZCNLqwHSDg2WygFoHeMbwPs 3QWYwfsexweN761k7RrDm2JCq5GaWzVLy7wwG/MsX5t3xr+VWLr5Yz08wULOIQNr tP2VeaBPV5JejbRWds7mfq1JoltMB2L/8GA1MxL+KdNX3AFUOcD97jUw9S3PTHmT 6XDS/ZuNK3rHWIcrb6IpW6azAXROyCNYQFwmcFsf4jrgm7x4LmWcVzbbBuienM51 DiQvchFYPPRLd+4Y6CKChqdF+4WdRzmb6zxBv4atVdtJEzKmzTViWYA1rrI93mvg 4GpxumeYZXFCRY9ohg4DlcmRVNnozcgDq7BgBtWcOiIsFwvzQLaZjH/0Oib0Pxcn qpX8yvxCO3RdKlCokVAhj7y2PV2Gea6K3DLLzLBiVgaZghEZSxM= =sAXx -----END PGP SIGNATURE-----