This update for php7 fixes the following issues

- CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution (bsc#1264776).
- CVE-2026-6735: improper validation of the request URI within the PHP-FPM status page can lead to XSS (bsc#1264775).
- CVE-2026-7258: signed `char` values passed to `ctype` functions like `isxdigit` can lead to OOB access and denial of
  service (bsc#1264774).
- CVE-2026-7261: use-after-free due to incorrectly handled persistence of handler objects when SOAP_PERSISTENCE_SESSION
  is configured can lead to memory corruption, information disclosure and process crashes (bsc#1264772).
- CVE-2026-7262: NULL pointer dereference caused by mistake in the SOAP decoding process when a typemap is configured
  can lead to a denial of service (bsc#1264771).
- CVE-2026-7568: integer overflow in the `metaphone` function can lead to undefined behavior and affect the availability
  of the PHPprocess (bsc#1264769).