[ubuntu/questing-updates] php8.4 8.4.11-1ubuntu1.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu May 28 15:28:56 UTC 2026 

php8.4 (8.4.11-1ubuntu1.2) questing-security; urgency=medium

  * SECURITY UPDATE: SQL injection in PDO Firebird driver
    - debian/patches/CVE-2025-14179.patch: GHSA-w476-322c-wpvm: [pdo_firebird]
      Fix SQL injection via NUL bytes in quoted strings in
      ext/pdo_firebird/firebird_driver.c,
      ext/pdo_firebird/tests/ghsa-w476-322c-wpvm.phpt.
    - CVE-2025-14179
  * SECURITY UPDATE: out-of-bounds read via NUL byte
    - debian/patches/CVE-2026-6104.patch: GHSA-74r9-qxhc-fx53: [mbstring] Fix
      out-of-bounds access in mbfl_name2encoding_ex() in
      ext/mbstring/libmbfl/mbfl/mbfl_encoding.c,
      ext/mbstring/tests/GHSA-74r9-qxhc-fx53.phpt.
    - CVE-2026-6104
  * SECURITY UPDATE: use-after-free in SOAP extension
    - debian/patches/CVE-2026-6722.patch: GHSA-85c2-q967-79q5: [soap] Fix stale
      SOAP_GLOBAL(ref_map) pointer with Apache Map in ext/soap/php_encoding.c,
      ext/soap/tests/GHSA-85c2-q967-79q5.phpt.
    - CVE-2026-6722
  * SECURITY UPDATE: XSS via incorrect sanitization
    - debian/patches/CVE-2026-6735.patch: GHSA-7qg2-v9fj-4mwv: [fpm] XSS within
      status endpoint in sapi/fpm/fpm/fpm_status.c,
      sapi/fpm/tests/ghsa-7qg2-v9fj-4mwv-status-xss.phpt.
    - CVE-2026-6735
  * SECURITY UPDATE: DoS via passing signed chars
    - debian/patches/CVE-2026-7258.patch: GHSA-m8rr-4c36-8gq4: Consistently pass
      unsigned char to ctype.h functions in Zend/zend_compile.c,
      Zend/zend_ini.c, Zend/zend_operators.c, Zend/zend_virtual_cwd.c,
      Zend/zend_virtual_cwd.h, ext/com_dotnet/com_extension.c,
      ext/date/lib/parse_date.c, ext/date/lib/parse_date.re,
      ext/date/lib/parse_iso_intervals.c, ext/date/lib/parse_iso_intervals.re,
      ext/date/lib/timelib.c, ext/filter/logical_filters.c, ext/ftp/ftp.c,
      ext/gd/libgd/gd_xbm.c, ext/gmp/gmp.c, ext/intl/locale/locale_methods.c,
      ext/mbstring/mbstring.c, ext/mbstring/php_mbregex.c, ext/pcre/php_pcre.c,
      ext/pdo/pdo.c, ext/pdo/pdo_sql_parser.re, ext/pdo/pdo_stmt.c,
      ext/standard/dl.c, ext/standard/exec.c, ext/standard/file.c,
      ext/standard/filters.c, ext/standard/formatted_print.c,
      ext/standard/ftp_fopen_wrapper.c, ext/standard/html.c,
      ext/standard/math.c, ext/standard/metaphone.c, ext/standard/quot_print.c,
      ext/standard/scanf.c, ext/standard/soundex.c, ext/standard/string.c,
      ext/standard/strnatcmp.c, ext/standard/type.c, ext/standard/url.c,
      ext/standard/url_scanner_ex.re, ext/standard/versioning.c, main/SAPI.c,
      main/fopen_wrappers.c, main/php_ini.c, main/php_ini_builder.c,
      main/php_variables.c, main/rfc1867.c, main/snprintf.c, main/spprintf.c,
      main/streams/streams.c, main/streams/transports.c,
      sapi/cli/php_cli_server.c, sapi/fpm/fpm/fpm_conf.c,
      sapi/litespeed/lsapi_main.c, sapi/litespeed/lsapilib.c,
      sapi/phpdbg/phpdbg_cmd.c, sapi/phpdbg/phpdbg_prompt.c,
      sapi/phpdbg/phpdbg_utils.c, win32/sendmail.c.
    - CVE-2026-7258
  * SECURITY UPDATE: null pointer dereference via encoding lists mismatch
    - debian/patches/CVE-2026-7259.patch: GHSA-wm6j-2649-pv75: [mbstring] Fix
      null pointer dereference in php_mb_check_encoding() via
      mb_ereg_search_init() in Zend/tests/GHSA-wm6j-2649-pv75.phpt,
      ext/mbstring/php_mbregex.c.
    - CVE-2026-7259
  * SECURITY UPDATE: use-after-free in SOAP persistance handling
    - debian/patches/CVE-2026-7261.patch: GHSA-m33r-qmcv-p97q: [soap] Fix use-
      after-free after header parsing failure with SOAP_PERSISTENCE_SESSION in
      ext/soap/soap.c, ext/soap/tests/GHSA-m33r-qmcv-p97q.phpt.
    - CVE-2026-7261
  * SECURITY UPDATE: null pointer dereference in SOAP decoding process
    - debian/patches/CVE-2026-7262.patch: GHSA-hmxp-6pc4-f3vv: [soap] Fix broken
      Apache map value NULL check in ext/soap/php_encoding.c,
      ext/soap/tests/GHSA-hmxp-6pc4-f3vv.phpt.
    - CVE-2026-7262
  * SECURITY UPDATE: integer overflow in metaphone
    - debian/patches/CVE-2026-7568.patch: GHSA-96wq-48vp-hh57: [metaphone] Fix
      signed integer overflow of char array offset in ext/standard/metaphone.c,
      ext/standard/tests/GHSA-96wq-48vp-hh57.phpt.
    - CVE-2026-7568

Date: 2026-05-25 16:45:18.529157+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/php8.4/8.4.11-1ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Questing-changes mailing list