[ubuntu/questing-security] php8.4 8.4.11-1ubuntu1.1 (Accepted)
Nishit Majithia
nishit.majithia at canonical.com
Mon Jan 12 05:10:53 UTC 2026
php8.4 (8.4.11-1ubuntu1.1) questing-security; urgency=medium
* SECURITY UPDATE: Information leak of memory in getimagesize
- debian/patches/CVE-2025-14177.patch: fix php_read_stream_all_chunks()
in ext/standard/image.c
- CVE-2025-14177
* SECURITY UPDATE: Heap buffer overflow in array_merge()
- debian/patches/CVE-2025-14178.patch: check number of elements in
ext/standard/array.c
- CVE-2025-14178
* SECURITY UPDATE: NULL pointer dereference in PDO quoting
- debian/patches/CVE-2025-14180.patch: fix null pointer dereference in
ext/pdo/pdo_sql_parser.re
- CVE-2025-14180
Date: 2026-01-07 12:00:33.473324+00:00
Changed-By: Nishit Majithia <nishit.majithia at canonical.com>
https://launchpad.net/ubuntu/+source/php8.4/8.4.11-1ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Questing-changes
mailing list