January 2025Maintenance release, fixing CVE security issues for PHP.Backported PHP CVE fixesPHP version 7.1.33.25, 7.2.34.21, 7.3.33.13, 7.4.33.8 CVE fixesCLIFixed bug GHSA-4w77-75f9-2c8w: Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface.LDAPFixed bug GHSA-g665-fm4p-vhff: OOB access in ldap_escape. (CVE-2024-8932)MySQLndFixed bug GHSA-h35g-vwh6-m678: Leak partial content of the heap through heap buffer over-read. (CVE-2024-8929)PDO DBLIBFixed bug GHSA-5hqh-c84r-qjcv: Integer overflow in the dblib quoter causing OOB writes. (CVE-2024-11236)PDO FirebirdFixed bug GHSA-5hqh-c84r-qjcv: Integer overflow in the firebird quoter causing OOB writes. (CVE-2024-11236)StreamsFixed bug GHSA-c5f2-jwm7-mmq2: Configuring a proxy in a stream context might allow for CRLF injection in URIs. (CVE-2024-11234)Fixed bug GHSA-r977-prxv-hc43: Single byte overread with convert.quoted-printable-decode filter. (CVE-2024-11233)
