Here’s the list of accumulated changes since the last update:
-
The old PHP releases have been updated to work with OpenSSL 3.0 because of the new Ubuntu 22.04 LTS release that only includes OpenSSL 3.0. Couple other changes had to be backported or written from scratch to support new ICU library. No problems have been reported, so no problems are expected with next Debian stable (current Debian testing).
-
Ubuntu 22.04 LTS also released php7.4_8.1.2-1ubuntu2.1 dummy package, which was pretty nasty surprise because it broke the regular PHP 7.4 packages and because of this the epoch on the packages had to be bumped.
-
Current PHP releases are:
- php5.6 5.6.40-58+freexian11.1+php+1
- php7.0 7.0.33-58+freexian11.1+php+1
- php7.1 7.1.33-45+freexian11.1+php+1
- php7.2 7.2.34-30+freexian11.1+php+1
- php7.3 7.3.33-2+freexian11.1+php+1
- php7.4 1:7.4.30-1+freexian11.1+php+1
- php8.0 1:8.0.20-1+freexian11.1+php+1
- php8.1 8.1.7-1+freexian11.1+php+1
and all these release include fixed for the following upstream security issues (if applicable):
- Fix #79971: special character is breaking the path in xml function. (CVE-2021-21707)
- Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
- Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
- Debian Stretch LTS will reach End Of Life by the end of the June 2022. PHP LTS by Freexian project will keep maintaining the PHP packages for Debian Stretch as long as there’s funding from the customers.