https://news-web.php.net/php.announce/424 (dated April 11) states:
https://news-web.php.net/php.announce/423 (dated April 11) states:
https://news-web.php.net/php.announce/425 (dated April 12) states:
https://www.php.net/ChangeLog-8.php gives these descriptions of the CVE fixes:
Note that CVE-2024-2757 is only fixed in 8.3.6, while the other three
are fixed in all three releases.
https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
(CVE-2024-1874) reports:
https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
(CVE-2024-2756) reports:
https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr
(CVE-2024-3096) reports:
https://github.com/php/php-src/security/advisories/GHSA-fjp9-9hwx-59fq
(CVE-2024-2757) reports:
--
-Alan Coopersmith- alan.coopersmith () oracle com
Oracle Solaris Engineering - https://blogs.oracle.com/solaris