PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. The following packages have been upgraded to a later upstream version: php . Security Fix: * XKCP: buffer overflow in the SHA-3 reference implementation * php: standard insecure cookie could be treated as a `__Host-` or `__Secure-` cookie by PHP applications * php: OOB read due to insufficient input validation in imageloadfont * php: Due to an integer overflow PDO::quote may return unquoted string * php: phar wrapper can occur dos when using quine gzip file For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.