A php5 security update has been released for Debian GNU/Linux 8 LTS to address the following two security issues: 1) CVE-2020-7062 is about a possible null pointer derefernce, which would likely lead to a crash, during a failed upload with progress tracking, 2) CVE-2020-7063 is about wrong file permissions of files added to tar with Phar::buildFromIterator when extracting them again.