{"id":"MGASA-2025-0203","summary":"Updated php packages fix security vulnerabilities","details":"PGSQL:\nFixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors\nduring escaping). (CVE-2025-1735)\nSOAP:\nFixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP\nExtension via Large XML Namespace Prefix). (CVE-2025-6491)\nStandard:\nFixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames).\n(CVE-2025-1220)\n","modified":"2026-04-16T04:42:42.873904035Z","published":"2025-07-05T23:48:30Z","upstream":["CVE-2025-1220","CVE-2025-1735","CVE-2025-6491"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0203.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=34418"},{"type":"WEB","url":"https://www.php.net/ChangeLog-8.php#8.2.29"}],"affected":[{"package":{"name":"php","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/php?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"8.2.29-1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0203.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}