Debian Php7.4 vulnerabilities

CVE-2020-7059 [MEDIUM] CVE-2020-7059: php7.4 - When using fgetss() function to read data with stripping tags, in PHP versions 7... When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash. Scope: local bullseye: resolved (fixed in 7.4.2-7)

CVE-2020-7067 [HIGH] CVE-2020-7067: php7.4 - In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if... In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes. Scope: local bullseye: resolved (fixed in 7.4.5-1)

CVE-2020-7061 [MEDIUM] CVE-2020-7061: php7.4 - In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR ... In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash. Scope: local bullseye: resolved

CVE-2019-11048 [MEDIUM] CVE-2019-11048: php7.4 - In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, wh... In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could