https://www.php.net/ChangeLog-8.php#8.0.30 Libxml: Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading in XML without enabling it). (CVE-2023-3823)
Nick, Could you please raise triage trackers for this?
Created php tracking bugs for this issue: Affects: fedora-all [bug 2242315]
Upstream Patch: https://github.com/php/php-src/commit/c283c3ab0ba45d21b2b8745c1f9c7cbfe771c975
References: https://github.com/php/php-src/security/advisories/GHSA-3qrf-m4j2-pcrr
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:5926 https://access.redhat.com/errata/RHSA-2023:5926
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:5927 https://access.redhat.com/errata/RHSA-2023:5927
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:0387 https://access.redhat.com/errata/RHSA-2024:0387