Errata overview
Errata ID 608
Date 2019-10-30
Source package php7.0
Fixed in version 7.0.33-0+deb9u6
This update addresses the following issue:
* In certain configurations it is possible to cause the Fast-CGI Process
  Manager (FPM) module to write past allocated buffers into the space
  reserved for FCGI protocol data, thus opening the possibility of remote
  code execution. (CVE-2019-11043)
Additional notes
CVE ID CVE-2019-11043
UCS Bug number #50431