Upstream hasn't identified any security fixes in the 7.2.11 release. They say "This is a bugfix release." rather than their usual "This is a security release." when there is a security impact.
Once again I believe US-CERT is just sending out their usual PHP placeholder text without actually checking.
Unless someone requests a CVE for one of those fixes, this version will not get released by the security team.
Upstream hasn't identified any security fixes in the 7.2.11 release. They say "This is a bugfix release." rather than their usual "This is a security release." when there is a security impact.
Once again I believe US-CERT is just sending out their usual PHP placeholder text without actually checking.
Unless someone requests a CVE for one of those fixes, this version will not get released by the security team.