Ondřej Surý has released PHP 7.2.34-36, 7.3.33-8, 7.4.32-2 packages for Debian GNU/Linux 10 and 11 with security backports from PHP 7.4.33 as well PHP 8.0.25, 8.1.12, and 8.2.0 RC5 packages.

To add the repository:

#!/bin/bash # To add this repository please do:

if [ "$(whoami)" != "root" ]; then
SUDO=sudo
fi

${SUDO} apt-get -y install apt-transport-https lsb-release ca-certificates curl
${SUDO} wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
${SUDO} sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
${SUDO} apt-get update

PHP Packages
Issues Tracker

php-8.2.0RC5

- CLI:
. Fixed bug GH-9709 (Null pointer dereference with -w/-s options). (Adam Saponara)

- GD:
. Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) (cmb)

- Hash:
. Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) (nicky at mouha dot be)

- Core:
. Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params). (Arnaud)
. Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization). (Arnaud)
. Fixed a bug with preloaded enums possibly segfaulting. (Bob)

- MySQLnd:
. Fixed potential heap corruption due to alignment mismatch. (cmb)

- OpenSSL:
. Fixed missing clean up of OpenSSL engine list - attempt to fix GH-8620. (Jakub Zelenka)
. Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build). (Jakub Zelenka, fsbruva)

- PDO_ODBC:
. Fixed bug GH-9372 (HY010 when binding overlong parameter). (cmb)

- SOAP:
. Fixed bug GH-9720 (Null pointer dereference while serializing the response). (cmb)

- Streams:
. Fixed bug GH-9779 (stream_copy_to_stream fails if dest in append mode). (Jakub Zelenka)

php-8.1.12

- Core:
. Fixes segfault with Fiber on FreeBSD i386 architecture. (David Carlier)

- Fileinfo:
. Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files). (Anatol)

- GD:
. Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) (cmb)

- Hash:
. Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) (nicky at mouha dot be)

- MBString:
- Fixed bug GH-9683 (Problem when ISO-2022-JP-MS is specified in mb_ encode_mimeheader). (Alex Dowad)

- Opcache:
. Added indirect call reduction for jit on x86 architectures. (wxue1)

- Session:
. Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). (Girgias)

- Streams:
. Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). (Arnaud)

php-8.0.25

- GD:
. Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630) (cmb)

- Hash:
. Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454) (nicky at mouha dot be)

- Session:
. Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method). (Girgias)

- Streams:
. Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set). (Arnaud)

php-7.4.32-2, 7.3.33-8, 7.2.34-36

* Backported from PHP 7.4.33
+ CVE-2022-37454: buffer overflow in hash_update() on long parameter