Change log for php5 package in Ubuntu
| 1 → 75 of 362 results | First • Previous • Next • Last |
php5 (5.3.10-1ubuntu3.48) precise-security; urgency=medium
* SECURITY UPDATE: Possibly forge cookie
- debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore
in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt,
tests/basic/bug79699.phpt.
- CVE-2020-7070
-- <email address hidden> (Leonidas S. Barbosa) Tue, 13 Oct 2020 13:09:48 -0300
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.29) trusty-security; urgency=medium
* SECURITY UPDATE: Unauthorized users access
- debian/patches/CVE-2019-9637.patch: fix in
main/streams/plain_wrapper.c.
- CVE-2019-9637
* SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
- debian/patches/CVE-2019-9638-and-CVE-2019-9639-*.patch: fix in
ext/exif/exif.c, added tests in ext/exif/tests/bug77563.jpg,
ext/exif/tests/bug77563.phpt.
- CVE-2019-9638
- CVE-2019-9639
* SECURITY UPDATE: Invalid read
- debian/patches/CVE-2019-9640.patch: fix in
ext/exif/exif.c, added tests in ext/exif/tests/bug77540.jpg,
ext/exif/tests/bug77540.phpt.
- CVE-2019-9640
* SECURITY UPDATE: Unitialized read
- debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
- CVE-2019-9641
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2019-9675.patch: fix in
ext/phar/tar.c, added tests, ext/phar/tests/bug77586,phpt,
ext/phar/tests/bug77586/files/*.
- CVE-2019-9675
* Changed the way MAKERNOTE is handled in case we do not have a matching
signature, in order to support tests CVE-2019-9638 and CVE-2019-9639.
- debian/patches/Changed-the-way-MAKERNOTE-is-handled-in-case.patch: fix
it changing the behavior in order to continue the parse in
ext/exif/exif.c
* SECURITY UPDATE: buffer over-read in dns_get_record
- debian/patches/CVE-2019-9022.patch: check length in
ext/standard/dns.c.
- CVE-2019-9022
-- <email address hidden> (Leonidas S. Barbosa) Mon, 22 Apr 2019 14:39:52 -0300
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.27) trusty-security; urgency=medium
* SECURITY UPDATE: invalid memory access in xmlrpc_decode()
- debian/patches/CVE-2019-9020.patch: check length in
ext/xmlrpc/libxmlrpc/xml_element.c, added test to
ext/xmlrpc/tests/bug77242.phpt.
- CVE-2019-9020
* SECURITY UPDATE: buffer over-read in PHAR extension
- debian/patches/CVE-2019-9021.patch: properly calculate position in
ext/phar/phar.c, added test to ext/phar/tests/bug77247.phpt.
- CVE-2019-9021
* SECURITY UPDATE: buffer over-reads in mbstring regex functions
- debian/patches/CVE-2019-9023-1.patch: don't read past buffer in
ext/mbstring/oniguruma/regparse.c, added test to
ext/mbstring/tests/bug77370.phpt.
- debian/patches/CVE-2019-9023-2.patch: check bounds in
ext/mbstring/oniguruma/regcomp.c, added test to
ext/mbstring/tests/bug77371.phpt.
- debian/patches/CVE-2019-9023-3.patch: add length checks to
ext/mbstring/oniguruma/enc/unicode.c,
ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regparse.c,
ext/mbstring/oniguruma/regparse.h, added test to
ext/mbstring/tests/bug77371.phpt, ext/mbstring/tests/bug77381.phpt.
- debian/patches/CVE-2019-9023-4.patch: add new bounds checks to
ext/mbstring/oniguruma/enc/utf16_be.c,
ext/mbstring/oniguruma/enc/utf16_le.c,
ext/mbstring/oniguruma/enc/utf32_be.c,
ext/mbstring/oniguruma/enc/utf32_le.c, added test to
ext/mbstring/tests/bug77418.phpt.
- CVE-2019-9023
* SECURITY UPDATE: buffer over-read in xmlrpc_decode()
- debian/patches/CVE-2019-9024.patch: fix variable size in
ext/xmlrpc/libxmlrpc/base64.c, added test to
ext/xmlrpc/tests/bug77380.phpt.
- CVE-2019-9024
-- Marc Deslauriers <email address hidden> Tue, 05 Mar 2019 08:12:08 -0500
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.26) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service in exif parsing
- debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
- CVE-2018-14851
* SECURITY UPDATE: denial of service in exif parsing
- debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
- CVE-2018-14883
* SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
- debian/patches/bug76582.patch: clean up brigade in
sapi/apache2handler/sapi_apache2.c.
- No CVE number
-- Marc Deslauriers <email address hidden> Mon, 17 Sep 2018 03:45:24 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.25) trusty-security; urgency=medium
* SECURITY UPDATE: opcache access controls bypass
- debian/patches/CVE-2018-10545.patch: do not set PR_SET_DUMPABLE by
default in sapi/fpm/fpm/fpm_conf.c, sapi/fpm/fpm/fpm_conf.h,
sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in.
- CVE-2018-10545
* SECURITY UPDATE: infinite loop in iconv stream filter
- debian/patches/CVE-2018-10546-1.patch: fail on invalid sequences in
ext/iconv/iconv.c, ext/iconv/tests/bug76249.phpt.
- debian/patches/CVE-2018-10546-2.patch: fix tsrm_ls in
ext/iconv/iconv.c.
- CVE-2018-10546
* SECURITY UPDATE: XSS on PHAR error pages
- debian/patches/CVE-2018-10547.patch: remove potential unfiltered
outputs in ext/phar/phar_object.c, fix tests in ext/phar/tests/*.
- CVE-2018-10547
* SECURITY UPDATE: DoS via ldap_get_dn return value mishandling
- debian/patches/CVE-2018-10548.patch: check dn in ext/ldap/ldap.c,
add test to ext/ldap/tests/bug76248.phpt.
- CVE-2018-10548
-- Marc Deslauriers <email address hidden> Thu, 10 May 2018 08:10:41 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.24) trusty-security; urgency=medium
* SECURITY UPDATE: stream_get_meta_data issue
- debian/patches/CVE-2016-10712.patch: properly handle metadata in
ext/standard/streamsfuncs.c, ext/standard/tests/*,
main/streams/memory.c.
- debian/patches/CVE-2016-10712-2.patch: fix various tests.
- CVE-2016-10712
* SECURITY UPDATE: stack-based under-read in HTTP response parsing
- debian/patches/CVE-2018-7584.patch: prevent reading beyond buffer
start in ext/standard/http_fopen_wrapper.c,
ext/standard/tests/http/bug75981.phpt.
- CVE-2018-7584
-- Marc Deslauriers <email address hidden> Thu, 15 Mar 2018 10:11:53 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.23) trusty-security; urgency=medium
* SECURITY UPDATE: buffer over-read while unserializing untrusted data
- debian/patches/CVE-2017-12933.patch: add check to
ext/standard/var_unserializer.*, add test to
ext/standard/tests/serialize/bug74111.phpt, adjust test in
ext/standard/tests/serialize/bug25378.phpt.
- CVE-2017-12933
* SECURITY UPDATE: information leak in php_parse_date function
- debian/patches/CVE-2017-16642.patch: fix backof/frontof in
ext/date/lib/parse_date.*, fix test in
ext/date/tests/bug53437_var3.phpt, added test to
ext/wddx/tests/bug75055.*.
- CVE-2017-16642
* SECURITY UPDATE: XSS in PHAR error page
- debian/patches/CVE-2018-5712.patch: remove file name from output to
avoid XSS in ext/phar/shortarc.php, ext/phar/stub.h, fix tests in
ext/phar/tests/*.
- CVE-2018-5712
* SECURITY REGRESSION: exif_read_data broken (LP: #1633031)
- debian/patches/CVE-2016-6291-regression.patch: add DJI signatures to
the MAKERNOTE and its supported tags in ext/exif/exif.c.
-- Marc Deslauriers <email address hidden> Thu, 08 Feb 2018 08:24:11 -0500
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.22) trusty-security; urgency=medium
* SECURITY UPDATE: Zend OpCache shared memory issue
- debian/patches/CVE-2015-8994-1.patch: check cached files permissions
in ext/opcache/ZendAccelerator.*,
ext/opcache/zend_accelerator_hash.c,
ext/opcache/zend_accelerator_module.c.
- debian/patches/CVE-2015-8994-2.patch: use full path in
ext/opcache/ZendAccelerator.c.
- debian/patches/CVE-2015-8994-3.patch: handle big inodes in
ext/opcache/ZendAccelerator.c.
- CVE-2015-8994
* SECURITY UPDATE: URL check bypass
- debian/patches/CVE-2016-10397-1.patch: fix logic in
ext/standard/url.c, added tests to
ext/standard/tests/url/bug73192.phpt,
ext/standard/tests/url/parse_url_basic_00*.phpt.
- debian/patches/CVE-2016-10397-2.patch: respect length argument in
ext/standard/url.c.
- CVE-2016-10397
* SECURITY UPDATE: wddx empty boolean tag parsing issue
- debian/patches/CVE-2017-11143-1.patch: handle empty tag in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug74145.*.
- debian/patches/CVE-2017-11143-2.patch: improve fix in
ext/wddx/wddx.c.
- CVE-2017-11143
* SECURITY UPDATE: DoS in OpenSSL sealing function
- debian/patches/CVE-2017-11144.patch: check return code in
ext/openssl/openssl.c, added test to ext/openssl/tests/*74651*.
- CVE-2017-11144
* SECURITY UPDATE: information leak in the date extension
- debian/patches/CVE-2017-11145.patch: fix parsing of strange formats
in ext/date/lib/parse_date.*.
- CVE-2017-11145
* SECURITY UPDATE: buffer overread in phar_parse_pharfile
- debian/patches/CVE-2017-11147.patch: use proper sizes in
ext/phar/phar.c.
- CVE-2017-11147
* SECURITY UPDATE: DoS via long locale
- debian/patches/CVE-2017-11362.patch: check length in
ext/intl/msgformat/msgformat_parse.c.
- CVE-2017-11362
* SECURITY UPDATE: buffer overflow in the zend_ini_do_op()
- debian/patches/CVE-2017-11628.patch: use correct buffer size in
Zend/zend_ini_parser.y, added tests to Zend/tests/bug74603.*.
- CVE-2017-11628
* SECURITY UPDATE: out-of-bounds read in oniguruma in mbstring
- debian/patches/CVE-2017-9224.patch: fix logic in
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9224
* SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
- debian/patches/CVE-2017-9226.patch: add checks to
ext/mbstring/oniguruma/regparse.c.
- CVE-2017-9226
* SECURITY UPDATE: stack out-of-bounds read in oniguruma in mbstring
- debian/patches/CVE-2017-9227.patch: add bounds check to
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9227
* SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
- debian/patches/CVE-2017-9228.patch: add check to
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9228
* SECURITY UPDATE: invalid pointer dereference in oniguruma in mbstring
- debian/patches/CVE-2017-9229.patch: fix logic in
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9229
-- Marc Deslauriers <email address hidden> Fri, 04 Aug 2017 10:26:27 -0400
Available diffs
php5 (5.3.10-1ubuntu3.26) precise-security; urgency=medium
* SECURITY UPDATE: overflow in locale_get_display_name
- debian/patches/CVE-2014-9912.patch: check locale name length in
ext/intl/locale/locale_methods.c, added test to
ext/intl/tests/bug67397.phpt.
- CVE-2014-9912
* SECURITY UPDATE: infinite loop via crafted serialized data
- debian/patches/CVE-2016-7478-pre.patch: don't unset the default value
in Zend/zend_exceptions.c, fix tests in
ext/standard/tests/serialize/bug69152.phpt,
ext/standard/tests/serialize/bug69793.phpt.
- debian/patches/CVE-2016-7478-pre2.patch: fix test in
ext/standard/tests/serialize/bug69793.phpt.
- debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to
Zend/zend_API.*.
- debian/patches/CVE-2016-7478.patch: fix memcpy in
Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c,
ext/bcmath/libbcmath/src/outofmem.c.
- CVE-2016-7478
* SECURITY UPDATE: arbitrary code execution via crafted serialized data
- debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference
in ext/standard/var_unserializer.*, added test to
standard/tests/serialize/bug68545.phpt.
- debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in
ext/standard/var_unserializer.*.
- CVE-2016-7479
* SECURITY UPDATE: denial of service via crafted wddxPacket XML document
- debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c,
ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt,
ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt.
- CVE-2016-9934
* SECURITY UPDATE: denial of service via crafted wddxPacket XML document
- debian/patches/CVE-2016-9935-1.patch: fix memory leak in
ext/wddx/wddx.c.
- debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c.
- debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c.
- CVE-2016-9935
* SECURITY UPDATE: exif DoS via FPE
- debian/patches/CVE-2016-10158.patch: fix integer size issue in
ext/exif/exif.c.
- CVE-2016-10158
* SECURITY UPDATE: integer overflow in phar_parse_pharfile
- debian/patches/CVE-2016-10159.patch: fix overflows in
ext/phar/phar.c.
- CVE-2016-10159
* SECURITY UPDATE: off-by-one in phar_parse_pharfile
- debian/patches/CVE-2016-10160.patch: handle length in
ext/phar/phar.c.
- CVE-2016-10160
* SECURITY UPDATE: denial of service via crafted serialized data
- debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/serialize/bug73825.phpt.
- CVE-2016-10161
* debian/control: Build-Depends on mysql-server-5.5 to work with
recent MySQL security updates.
-- Marc Deslauriers <email address hidden> Fri, 10 Feb 2017 10:32:09 -0500
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.21) trusty-security; urgency=medium
* SECURITY UPDATE: overflow in locale_get_display_name
- debian/patches/CVE-2014-9912.patch: check locale name length in
ext/intl/locale/locale_methods.c, added test to
ext/intl/tests/bug67397.phpt.
- debian/patches/CVE-2014-9912-2.patch: fix test in
ext/intl/tests/bug62082.phpt.
- CVE-2014-9912
* SECURITY UPDATE: infinite loop via crafted serialized data
- debian/patches/CVE-2016-7478-pre.patch: don't unset the default value
in Zend/zend_exceptions.c, fix tests in
ext/standard/tests/serialize/bug69152.phpt,
ext/standard/tests/serialize/bug69793.phpt.
- debian/patches/CVE-2016-7478-pre2.patch: fix test in
ext/standard/tests/serialize/bug69793.phpt.
- debian/patches/CVE-2016-7478.patch: fix memcpy in
Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c,
ext/bcmath/libbcmath/src/outofmem.c.
- CVE-2016-7478
* SECURITY UPDATE: arbitrary code execution via crafted serialized data
- debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference
in ext/standard/var_unserializer.*, added test to
standard/tests/serialize/bug68545.phpt.
- debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in
ext/standard/var_unserializer.*.
- CVE-2016-7479
* SECURITY UPDATE: denial of service via crafted serialized data
- debian/patches/CVE-2016-9137.patch: fix use-after-free in
Zend/zend_API.*, ext/curl/curl_file.c, added test to
ext/curl/tests/bug73147.phpt.
- CVE-2016-9137
* SECURITY UPDATE: denial of service via crafted wddxPacket XML document
- debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c,
ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt,
ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt.
- CVE-2016-9934
* SECURITY UPDATE: denial of service via crafted wddxPacket XML document
- debian/patches/CVE-2016-9935-1.patch: fix memory leak in
ext/wddx/wddx.c.
- debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c.
- debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c.
- CVE-2016-9935
* SECURITY UPDATE: exif DoS via FPE
- debian/patches/CVE-2016-10158.patch: fix integer size issue in
ext/exif/exif.c.
- CVE-2016-10158
* SECURITY UPDATE: integer overflow in phar_parse_pharfile
- debian/patches/CVE-2016-10159.patch: fix overflows in
ext/phar/phar.c.
- CVE-2016-10159
* SECURITY UPDATE: off-by-one in phar_parse_pharfile
- debian/patches/CVE-2016-10160.patch: handle length in
ext/phar/phar.c.
- CVE-2016-10160
* SECURITY UPDATE: denial of service via crafted serialized data
- debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/serialize/bug73825.phpt.
- CVE-2016-10161
-- Marc Deslauriers <email address hidden> Thu, 09 Feb 2017 11:02:44 -0500
Available diffs
php5 (5.3.10-1ubuntu3.25) precise-security; urgency=medium
* SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2016-7124-1.patch: destroy broken object when
unserializing in ext/standard/var_unserializer.c*.
- debian/patches/CVE-2016-7124-2.patch: improve fix in
ext/standard/var_unserializer.c*, added test to
ext/standard/tests/strings/bug72663_3.phpt.
- CVE-2016-7124
* SECURITY UPDATE: arbitrary-type session data injection
- debian/patches/CVE-2016-7125.patch: consume data even if not storing
in ext/session/session.c, added test to
ext/session/tests/bug72681.phpt.
- debian/patches/CVE-2016-7125-2.patch: remove unused label in
ext/session/session.c.
- CVE-2016-7125
* SECURITY UPDATE: denial of service and possible code execution in
imagegammacorrect function
- debian/patches/CVE-2016-7127.patch: check gamma values in
ext/gd/gd.c, added test to ext/gd/tests/bug72730.phpt.
- CVE-2016-7127
* SECURITY UPDATE: information disclosure via exif_process_IFD_in_TIFF
- debian/patches/CVE-2016-7128.patch: properly handle thumbnails in
ext/exif/exif.c.
- CVE-2016-7128
* SECURITY UPDATE: denial of service and possible code execution via
invalid ISO 8601 time value
- debian/patches/CVE-2016-7129.patch: properly handle strings in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug72749.phpt.
- CVE-2016-7129
* SECURITY UPDATE: denial of service and possible code execution via
invalid base64 binary value
- debian/patches/CVE-2016-7130.patch: properly handle string in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug72750.phpt.
- CVE-2016-7130
* SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7131.patch: added check to ext/wddx/wddx.c,
added tests to ext/wddx/tests/bug72790.phpt,
ext/wddx/tests/bug72799.phpt.
- CVE-2016-7131
- CVE-2016-7132
* SECURITY UPDATE: denial of service and possible code execution via
partially constructed object
- debian/patches/CVE-2016-7411.patch: properly handle partial object in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/serialize/bug73052.phpt.
- CVE-2016-7411
* SECURITY UPDATE: denial of service and possible code execution via
crafted field metadata in MySQL driver
- debian/patches/CVE-2016-7412.patch: validate field length in
ext/mysqlnd/mysqlnd_wireprotocol.c.
- CVE-2016-7412
* SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7413.patch: fixed use-after-free in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug72860.phpt.
- CVE-2016-7413
* SECURITY UPDATE: denial of service and possible code execution via
crafted PHAR archive
- debian/patches/CVE-2016-7414.patch: validate signatures in
ext/phar/util.c, ext/phar/zip.c.
- CVE-2016-7414
* SECURITY UPDATE: denial of service and possible code execution via
MessageFormatter::formatMessage call with a long first argument
- debian/patches/CVE-2016-7416.patch: added locale length check to
ext/intl/msgformat/msgformat_format.c.
- CVE-2016-7416
* SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2016-7417.patch: added type check to
ext/spl/spl_array.c.
- CVE-2016-7417
* SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7418.patch: fix out-of-bounds read in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug73065.phpt.
- CVE-2016-7418
-- Marc Deslauriers <email address hidden> Mon, 03 Oct 2016 07:39:03 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.20) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2016-7124-1.patch: destroy broken object when
unserializing in ext/standard/var_unserializer.c*, added tests to
ext/standard/tests/strings/bug72663.phpt,
ext/standard/tests/strings/bug72663_2.phpt.
- debian/patches/CVE-2016-7124-2.patch: improve fix in
ext/standard/var_unserializer.c*, added test to
ext/standard/tests/strings/bug72663_3.phpt.
- CVE-2016-7124
* SECURITY UPDATE: arbitrary-type session data injection
- debian/patches/CVE-2016-7125.patch: consume data even if not storing
in ext/session/session.c, added test to
ext/session/tests/bug72681.phpt.
- debian/patches/CVE-2016-7125-2.patch: remove unused label in
ext/session/session.c.
- CVE-2016-7125
* SECURITY UPDATE: denial of service and possible code execution in
imagegammacorrect function
- debian/patches/CVE-2016-7127.patch: check gamma values in
ext/gd/gd.c, added test to ext/gd/tests/bug72730.phpt.
- CVE-2016-7127
* SECURITY UPDATE: information disclosure via exif_process_IFD_in_TIFF
- debian/patches/CVE-2016-7128.patch: properly handle thumbnails in
ext/exif/exif.c.
- CVE-2016-7128
* SECURITY UPDATE: denial of service and possible code execution via
invalid ISO 8601 time value
- debian/patches/CVE-2016-7129.patch: properly handle strings in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug72749.phpt.
- CVE-2016-7129
* SECURITY UPDATE: denial of service and possible code execution via
invalid base64 binary value
- debian/patches/CVE-2016-7130.patch: properly handle string in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug72750.phpt.
- CVE-2016-7130
* SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7131.patch: added check to ext/wddx/wddx.c,
added tests to ext/wddx/tests/bug72790.phpt,
ext/wddx/tests/bug72799.phpt.
- CVE-2016-7131
- CVE-2016-7132
* SECURITY UPDATE: denial of service and possible code execution via
partially constructed object
- debian/patches/CVE-2016-7411.patch: properly handle partial object in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/serialize/bug73052.phpt.
- CVE-2016-7411
* SECURITY UPDATE: denial of service and possible code execution via
crafted field metadata in MySQL driver
- debian/patches/CVE-2016-7412.patch: validate field length in
ext/mysqlnd/mysqlnd_wireprotocol.c.
- CVE-2016-7412
* SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7413.patch: fixed use-after-free in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug72860.phpt.
- CVE-2016-7413
* SECURITY UPDATE: denial of service and possible code execution via
crafted PHAR archive
- debian/patches/CVE-2016-7414.patch: validate signatures in
ext/phar/util.c, ext/phar/zip.c.
- CVE-2016-7414
* SECURITY UPDATE: denial of service and possible code execution via
MessageFormatter::formatMessage call with a long first argument
- debian/patches/CVE-2016-7416.patch: added locale length check to
ext/intl/msgformat/msgformat_format.c.
- CVE-2016-7416
* SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2016-7417.patch: added type check to
ext/spl/spl_array.c, added test to ext/spl/tests/bug73029.phpt.
- debian/patches/CVE-2016-7417-2.patch: fix test in
ext/spl/tests/bug70068.phpt.
- CVE-2016-7417
* SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7418.patch: fix out-of-bounds read in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug73065.phpt.
- CVE-2016-7418
-- Marc Deslauriers <email address hidden> Mon, 03 Oct 2016 07:34:26 -0400
Available diffs
php5 (5.3.10-1ubuntu3.24) precise-security; urgency=medium
* SECURITY UPDATE: segfault in SplMinHeap::compare
- debian/patches/CVE-2015-4116.patch: properly handle count in
ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt.
- CVE-2015-4116
* SECURITY UPDATE: denial of service via recursive method calls
- debian/patches/CVE-2015-8873.patch: add limit to
Zend/zend_exceptions.c, add tests to
ext/standard/tests/serialize/bug69152.phpt,
ext/standard/tests/serialize/bug69793.phpt,
sapi/cli/tests/005.phpt.
- CVE-2015-8873
* SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2015-8876.patch: fix logic in
Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt.
- CVE-2015-8876
* SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041)
- debian/patches/CVE-2015-8935.patch: update header handling to
RFC 7230 in main/SAPI.c, added tests to
ext/standard/tests/general_functions/bug60227_*.phpt.
- CVE-2015-8935
* SECURITY UPDATE: get_icu_value_internal out-of-bounds read
- debian/patches/CVE-2016-5093.patch: add enough space in
ext/intl/locale/locale_methods.c, added test to
ext/intl/tests/bug72241.phpt.
- CVE-2016-5093
* SECURITY UPDATE: integer overflow in php_html_entities()
- debian/patches/CVE-2016-5094.patch: don't create strings with lengths
outside int range in ext/standard/html.c.
- CVE-2016-5094
* SECURITY UPDATE: string overflows in string add operations
- debian/patches/CVE-2016-5095.patch: check for size overflow in
Zend/zend_operators.c.
- CVE-2016-5095
* SECURITY UPDATE: int/size_t confusion in fread
- debian/patches/CVE-2016-5096.patch: check string length in
ext/standard/file.c, added test to
ext/standard/tests/file/bug72114.phpt.
- CVE-2016-5096
* SECURITY UPDATE: memory leak and buffer overflow in FPM
- debian/patches/CVE-2016-5114.patch: check buffer length in
sapi/fpm/fpm/fpm_log.c.
- CVE-2016-5114
* SECURITY UPDATE: proxy request header vulnerability (httpoxy)
- debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the
local environment in ext/standard/basic_functions.c, main/SAPI.c,
main/php_variables.c.
- CVE-2016-5385
* SECURITY UPDATE: inadequate error handling in bzread()
- debian/patches/CVE-2016-5399.patch: do not allow reading past error
read in ext/bz2/bz2.c.
- CVE-2016-5399
* SECURITY UPDATE: integer overflows in mcrypt
- debian/patches/CVE-2016-5769.patch: check for overflow in
ext/mcrypt/mcrypt.c.
- CVE-2016-5769
* SECURITY UPDATE: double free corruption in wddx_deserialize
- debian/patches/CVE-2016-5772.patch: prevent double-free in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt.
- CVE-2016-5772
* SECURITY UPDATE: buffer overflow in php_url_parse_ex()
- debian/patches/CVE-2016-6288.patch: handle length in
ext/standard/url.c.
- CVE-2016-6288
* SECURITY UPDATE: integer overflow in the virtual_file_ex function
- debian/patches/CVE-2016-6289.patch: properly check path_length in
Zend/zend_virtual_cwd.c.
- CVE-2016-6289
* SECURITY UPDATE: use after free in unserialize() with unexpected
session deserialization
- debian/patches/CVE-2016-6290.patch: destroy var_hash properly in
ext/session/session.c, added test to ext/session/tests/bug72562.phpt.
- CVE-2016-6290
* SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE
- debian/patches/CVE-2016-6291.patch: add more bounds checks to
ext/exif/exif.c.
- CVE-2016-6291
* SECURITY UPDATE: locale_accept_from_http out-of-bounds access
- debian/patches/CVE-2016-6294.patch: check length in
ext/intl/locale/locale_methods.c, added test to
ext/intl/tests/bug72533.phpt.
- CVE-2016-6294
* SECURITY UPDATE: heap buffer overflow in simplestring_addn
- debian/patches/CVE-2016-6296.patch: prevent overflows in
ext/xmlrpc/libxmlrpc/simplestring.*.
- CVE-2016-6296
* SECURITY UPDATE: integer overflow in php_stream_zip_opener
- debian/patches/CVE-2016-6297.patch: use size_t in
ext/zip/zip_stream.c.
- CVE-2016-6297
* debian/patches/fix_exif_tests.patch: fix exif test results after
security changes.
-- Marc Deslauriers <email address hidden> Mon, 01 Aug 2016 13:27:52 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.19) trusty-security; urgency=medium
* SECURITY UPDATE: segfault in SplMinHeap::compare
- debian/patches/CVE-2015-4116.patch: properly handle count in
ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt.
- CVE-2015-4116
* SECURITY UPDATE: denial of service via recursive method calls
- debian/patches/CVE-2015-8873.patch: add limit to
Zend/zend_exceptions.c, add tests to
ext/standard/tests/serialize/bug69152.phpt,
ext/standard/tests/serialize/bug69793.phpt,
sapi/cli/tests/005.phpt.
- CVE-2015-8873
* SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2015-8876.patch: fix logic in
Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt.
- CVE-2015-8876
* SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041)
- debian/patches/CVE-2015-8935.patch: update header handling to
RFC 7230 in main/SAPI.c, added tests to
ext/standard/tests/general_functions/bug60227_*.phpt.
- CVE-2015-8935
* SECURITY UPDATE: get_icu_value_internal out-of-bounds read
- debian/patches/CVE-2016-5093.patch: add enough space in
ext/intl/locale/locale_methods.c, added test to
ext/intl/tests/bug72241.phpt.
- CVE-2016-5093
* SECURITY UPDATE: integer overflow in php_html_entities()
- debian/patches/CVE-2016-5094.patch: don't create strings with lengths
outside int range in ext/standard/html.c.
- CVE-2016-5094
* SECURITY UPDATE: string overflows in string add operations
- debian/patches/CVE-2016-5095.patch: check for size overflow in
Zend/zend_operators.c.
- CVE-2016-5095
* SECURITY UPDATE: int/size_t confusion in fread
- debian/patches/CVE-2016-5096.patch: check string length in
ext/standard/file.c, added test to
ext/standard/tests/file/bug72114.phpt.
- CVE-2016-5096
* SECURITY UPDATE: memory leak and buffer overflow in FPM
- debian/patches/CVE-2016-5114.patch: check buffer length in
sapi/fpm/fpm/fpm_log.c.
- CVE-2016-5114
* SECURITY UPDATE: proxy request header vulnerability (httpoxy)
- debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the
local environment in ext/standard/basic_functions.c, main/SAPI.c,
main/php_variables.c.
- CVE-2016-5385
* SECURITY UPDATE: inadequate error handling in bzread()
- debian/patches/CVE-2016-5399.patch: do not allow reading past error
read in ext/bz2/bz2.c.
- CVE-2016-5399
* SECURITY UPDATE: double free in _php_mb_regex_ereg_replace_exec
- debian/patches/CVE-2016-5768.patch: check pointer in
ext/mbstring/php_mbregex.c, added test to
ext/mbstring/tests/bug72402.phpt.
- CVE-2016-5768
* SECURITY UPDATE: integer overflows in mcrypt
- debian/patches/CVE-2016-5769.patch: check for overflow in
ext/mcrypt/mcrypt.c.
- CVE-2016-5769
* SECURITY UPDATE: ese after free GC algorithm and unserialize
- debian/patches/CVE-2016-5771.patch: added new handler in
ext/spl/spl_array.c, added test to Zend/tests/gc_024.phpt,
ext/standard/tests/strings/bug72433.phpt.
- CVE-2016-5771
* SECURITY UPDATE: double free corruption in wddx_deserialize
- debian/patches/CVE-2016-5772.patch: prevent double-free in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt.
- CVE-2016-5772
* SECURITY UPDATE: use after free in ZipArchive class
- debian/patches/CVE-2016-5773.patch: add new handler in
ext/zip/php_zip.c, added test to
ext/standard/tests/strings/bug72434.phpt.
- CVE-2016-5773
* SECURITY UPDATE: buffer overflow in php_url_parse_ex()
- debian/patches/CVE-2016-6288.patch: handle length in
ext/standard/url.c.
- CVE-2016-6288
* SECURITY UPDATE: integer overflow in the virtual_file_ex function
- debian/patches/CVE-2016-6289.patch: properly check path_length in
Zend/zend_virtual_cwd.c.
- CVE-2016-6289
* SECURITY UPDATE: use after free in unserialize() with unexpected
session deserialization
- debian/patches/CVE-2016-6290.patch: destroy var_hash properly in
ext/session/session.c, added test to ext/session/tests/bug72562.phpt.
- CVE-2016-6290
* SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE
- debian/patches/CVE-2016-6291.patch: add more bounds checks to
ext/exif/exif.c.
- CVE-2016-6291
* SECURITY UPDATE: NULL pointer dereference in exif_process_user_comment
- debian/patches/CVE-2016-6292.patch: properly handle encoding in
ext/exif/exif.c.
- CVE-2016-6292
* SECURITY UPDATE: locale_accept_from_http out-of-bounds access
- debian/patches/CVE-2016-6294.patch: check length in
ext/intl/locale/locale_methods.c, added test to
ext/intl/tests/bug72533.phpt.
- CVE-2016-6294
* SECURITY UPDATE: use after free vulnerability in SNMP with GC and
unserialize()
- debian/patches/CVE-2016-6295.patch: add new handler to
ext/snmp/snmp.c, add test to ext/snmp/tests/bug72479.phpt.
- CVE-2016-6295
* SECURITY UPDATE: heap buffer overflow in simplestring_addn
- debian/patches/CVE-2016-6296.patch: prevent overflows in
ext/xmlrpc/libxmlrpc/simplestring.*.
- CVE-2016-6296
* SECURITY UPDATE: integer overflow in php_stream_zip_opener
- debian/patches/CVE-2016-6297.patch: use size_t in
ext/zip/zip_stream.c.
- CVE-2016-6297
* debian/patches/fix_exif_tests.patch: fix exif test results after
security changes.
-- Marc Deslauriers <email address hidden> Thu, 28 Jul 2016 08:57:10 -0400
| Deleted in trusty-proposed (Reason: moved to -updates) |
php5 (5.5.9+dfsg-1ubuntu4.18) trusty; urgency=medium * Fix zlib function naming with LFS (LP: #1315888). -- Nishanth Aravamudan <email address hidden> Tue, 31 May 2016 08:58:02 -0400
Available diffs
php5 (5.3.10-1ubuntu3.23) precise-security; urgency=medium
* SECURITY UPDATE: heap corruption in tar/zip/phar parser
- debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in
ext/phar/phar_object.c.
- CVE-2016-4342
* SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
- debian/patches/CVE-2016-4343.patch: check lengths in
ext/phar/dirstream.c, ext/phar/tar.c.
- CVE-2016-4343
* SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_
definition
- debian/patches/CVE-2016-4537.patch: properly detect scale in
ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt.
- CVE-2016-4537
- CVE-2016-4538
* SECURITY UPDATE: xml_parse_into_struct segmentation fault
- debian/patches/CVE-2016-4539.patch: check parser->level in
ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt.
- CVE-2016-4539
* SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and
zif_grapheme_strpos with negative offset
- debian/patches/CVE-2016-4540.patch: check bounds in
ext/intl/grapheme/grapheme_string.c, added test to
ext/intl/tests/bug72061.phpt.
- CVE-2016-4540
- CVE-2016-4541
* SECURITY UPDATE: out of bounds heap read access in exif header
processing
- debian/patches/CVE-2016-4542.patch: check sizes and length in
ext/exif/exif.c.
- CVE-2016-4542
- CVE-2016-4543
- CVE-2016-4544
-- Marc Deslauriers <email address hidden> Thu, 19 May 2016 12:54:58 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.17) trusty-security; urgency=medium
* SECURITY UPDATE: heap corruption in tar/zip/phar parser
- debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in
ext/phar/phar_object.c.
- CVE-2016-4342
* SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
- debian/patches/CVE-2016-4343.patch: check lengths in
ext/phar/dirstream.c, ext/phar/tar.c.
- CVE-2016-4343
* SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_
definition
- debian/patches/CVE-2016-4537.patch: properly detect scale in
ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt.
- CVE-2016-4537
- CVE-2016-4538
* SECURITY UPDATE: xml_parse_into_struct segmentation fault
- debian/patches/CVE-2016-4539.patch: check parser->level in
ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt.
- CVE-2016-4539
* SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and
zif_grapheme_strpos with negative offset
- debian/patches/CVE-2016-4540.patch: check bounds in
ext/intl/grapheme/grapheme_string.c, added test to
ext/intl/tests/bug72061.phpt.
- CVE-2016-4540
- CVE-2016-4541
* SECURITY UPDATE: out of bounds heap read access in exif header
processing
- debian/patches/CVE-2016-4542.patch: check sizes and length in
ext/exif/exif.c.
- CVE-2016-4542
- CVE-2016-4543
- CVE-2016-4544
-- Marc Deslauriers <email address hidden> Thu, 19 May 2016 12:45:01 -0400
Available diffs
php5 (5.6.11+dfsg-1ubuntu3.4) wily-security; urgency=medium
* SECURITY UPDATE: heap corruption in tar/zip/phar parser
- debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in
ext/phar/phar_object.c.
- CVE-2016-4342
* SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
- debian/patches/CVE-2016-4343.patch: check lengths in
ext/phar/dirstream.c, ext/phar/tar.c.
- CVE-2016-4343
* SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_
definition
- debian/patches/CVE-2016-4537.patch: properly detect scale in
ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt.
- CVE-2016-4537
- CVE-2016-4538
* SECURITY UPDATE: xml_parse_into_struct segmentation fault
- debian/patches/CVE-2016-4539.patch: check parser->level in
ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt.
- CVE-2016-4539
* SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and
zif_grapheme_strpos with negative offset
- debian/patches/CVE-2016-4540.patch: check bounds in
ext/intl/grapheme/grapheme_string.c, added test to
ext/intl/tests/bug72061.phpt.
- CVE-2016-4540
- CVE-2016-4541
* SECURITY UPDATE: out of bounds heap read access in exif header
processing
- debian/patches/CVE-2016-4542.patch: check sizes and length in
ext/exif/exif.c.
- CVE-2016-4542
- CVE-2016-4543
- CVE-2016-4544
-- Marc Deslauriers <email address hidden> Thu, 19 May 2016 12:03:33 -0400
Available diffs
php5 (5.6.11+dfsg-1ubuntu3.3) wily-security; urgency=medium * SECURITY REGRESSION: out of memory in SOAP (LP: #1575298) - debian/patches/CVE-2015-8835.patch: updated to fix bad patch backport. -- Marc Deslauriers <email address hidden> Tue, 26 Apr 2016 14:57:54 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.16) trusty-security; urgency=medium
* SECURITY UPDATE: directory traversal in ZipArchive::extractTo
- debian/patches/CVE-2014-9767.patch: use proper path in
ext/zip/php_zip.c, added test to ext/zip/tests/bug70350.phpt.
- CVE-2014-9767
* SECURITY UPDATE: type confusion issue in SoapClient
- debian/patches/CVE-2015-8835.patch: check types in
ext/soap/php_http.c.
- CVE-2015-8835
- CVE-2016-3185
* SECURITY UPDATE: mysqlnd is vulnerable to BACKRONYM
- debian/patches/CVE-2015-8838.patch: fix ssl handling in
ext/mysqlnd/mysqlnd.c.
- CVE-2015-8838
* SECURITY UPDATE: denial of service or memory disclosure in gd via large
bgd_color argument to imagerotate
- debian/patches/CVE-2016-1903.patch: check bgcolor in
ext/gd/libgd/gd_interpolation.c, added test to
ext/gd/tests/bug70976.phpt.
- CVE-2016-1903
* SECURITY UPDATE: stack overflow when decompressing tar archives
- debian/patches/CVE-2016-2554.patch: handle non-terminated linknames
in ext/phar/tar.c.
- CVE-2016-2554
* SECURITY UPDATE: use-after-free in WDDX
- debian/patches/CVE-2016-3141.patch: fix stack in ext/wddx/wddx.c,
added test to ext/wddx/tests/bug71587.phpt.
- CVE-2016-3141
* SECURITY UPDATE: out-of-Bound Read in phar_parse_zipfile()
- debian/patches/CVE-2016-3142.patch: check bounds in ext/phar/zip.c.
- CVE-2016-3142
* SECURITY UPDATE: libxml_disable_entity_loader setting is shared between
threads
- debian/patches/bug64938.patch: enable entity loader in
ext/libxml/libxml.c.
- No CVE number
* SECURITY UPDATE: openssl_random_pseudo_bytes() is not cryptographically
secure
- debian/patches/bug70014.patch: use RAND_bytes instead of deprecated
RAND_pseudo_bytes in ext/openssl/openssl.c.
- No CVE number
* SECURITY UPDATE: buffer over-write in finfo_open with malformed magic
file
- debian/patches/bug71527.patch: properly calculate length in
ext/fileinfo/libmagic/funcs.c, added test to
ext/fileinfo/tests/bug71527.magic.
- CVE number pending
* SECURITY UPDATE: php_snmp_error() format string Vulnerability
- debian/patches/bug71704.patch: use format string in ext/snmp/snmp.c.
- CVE number pending
* SECURITY UPDATE: integer overflow in php_raw_url_encode
- debian/patches/bug71798.patch: use size_t in ext/standard/url.c.
- CVE number pending
* SECURITY UPDATE: invalid memory write in phar on filename containing
NULL
- debian/patches/bug71860.patch: require valid paths in
ext/phar/phar.c, ext/phar/phar_object.c, fix tests in
ext/phar/tests/badparameters.phpt,
ext/phar/tests/create_path_error.phpt,
ext/phar/tests/phar_extract.phpt,
ext/phar/tests/phar_isvalidpharfilename.phpt,
ext/phar/tests/phar_unlinkarchive.phpt,
ext/phar/tests/pharfileinfo_construct.phpt.
- CVE number pending
* SECURITY UPDATE: invalid negative size in mbfl_strcut
- debian/patches/bug71906.patch: fix length checks in
ext/mbstring/libmbfl/mbfl/mbfilter.c.
- CVE number pending
* This package does _NOT_ contain the changes from php5
(5.5.9+dfsg-1ubuntu4.15) in trusty-proposed.
-- Marc Deslauriers <email address hidden> Wed, 20 Apr 2016 09:52:09 -0400
Available diffs
php5 (5.3.10-1ubuntu3.22) precise-security; urgency=medium
* SECURITY UPDATE: directory traversal in ZipArchive::extractTo
- debian/patches/CVE-2014-9767.patch: use proper path in
ext/zip/php_zip.c, added test to ext/zip/tests/bug70350.phpt.
- CVE-2014-9767
* SECURITY UPDATE: type confusion issue in SoapClient
- debian/patches/CVE-2015-8835.patch: check types in
ext/soap/php_http.c.
- CVE-2015-8835
- CVE-2016-3185
* SECURITY UPDATE: mysqlnd is vulnerable to BACKRONYM
- debian/patches/CVE-2015-8838.patch: fix ssl handling in
ext/mysqlnd/mysqlnd.c.
- CVE-2015-8838
* SECURITY UPDATE: stack overflow when decompressing tar archives
- debian/patches/CVE-2016-2554.patch: handle non-terminated linknames
in ext/phar/tar.c.
- CVE-2016-2554
* SECURITY UPDATE: use-after-free in WDDX
- debian/patches/CVE-2016-3141.patch: fix stack in ext/wddx/wddx.c,
added test to ext/wddx/tests/bug71587.phpt.
- CVE-2016-3141
* SECURITY UPDATE: out-of-Bound Read in phar_parse_zipfile()
- debian/patches/CVE-2016-3142.patch: check bounds in ext/phar/zip.c.
- CVE-2016-3142
* SECURITY UPDATE: libxml_disable_entity_loader setting is shared between
threads
- debian/patches/bug64938.patch: enable entity loader in
ext/libxml/libxml.c.
- No CVE number
* SECURITY UPDATE: openssl_random_pseudo_bytes() is not cryptographically
secure
- debian/patches/bug70014.patch: use RAND_bytes instead of deprecated
RAND_pseudo_bytes in ext/openssl/openssl.c.
- No CVE number
* SECURITY UPDATE: buffer over-write in finfo_open with malformed magic
file
- debian/patches/bug71527.patch: properly calculate length in
ext/fileinfo/libmagic/funcs.c, added test to
ext/fileinfo/tests/bug71527.magic.
- CVE number pending
* SECURITY UPDATE: integer overflow in php_raw_url_encode
- debian/patches/bug71798.patch: use size_t in ext/standard/url.c.
- CVE number pending
* SECURITY UPDATE: invalid memory write in phar on filename containing
NULL
- debian/patches/bug71860.patch: require valid paths in
ext/phar/phar.c, ext/phar/phar_object.c.
- CVE number pending
* SECURITY UPDATE: invalid negative size in mbfl_strcut
- debian/patches/bug71906.patch: fix length checks in
ext/mbstring/libmbfl/mbfl/mbfilter.c.
- CVE number pending
-- Marc Deslauriers <email address hidden> Tue, 19 Apr 2016 16:55:56 -0400
Available diffs
php5 (5.6.11+dfsg-1ubuntu3.2) wily-security; urgency=medium
* SECURITY UPDATE: directory traversal in ZipArchive::extractTo
- debian/patches/CVE-2014-9767.patch: use proper path in
ext/zip/php_zip.c, added test to ext/zip/tests/bug70350.phpt.
- CVE-2014-9767
* SECURITY UPDATE: type confusion issue in SoapClient
- debian/patches/CVE-2015-8835.patch: check types in
ext/soap/php_http.c.
- CVE-2015-8835
- CVE-2016-3185
* SECURITY UPDATE: denial of service or memory disclosure in gd via large
bgd_color argument to imagerotate
- debian/patches/CVE-2016-1903.patch: check bgcolor in
ext/gd/libgd/gd_interpolation.c, added test to
ext/gd/tests/bug70976.phpt.
- CVE-2016-1903
* SECURITY UPDATE: stack overflow when decompressing tar archives
- debian/patches/CVE-2016-2554.patch: handle non-terminated linknames
in ext/phar/tar.c.
- CVE-2016-2554
* SECURITY UPDATE: use-after-free in WDDX
- debian/patches/CVE-2016-3141.patch: fix stack in ext/wddx/wddx.c,
added test to ext/wddx/tests/bug71587.phpt.
- CVE-2016-3141
* SECURITY UPDATE: out-of-Bound Read in phar_parse_zipfile()
- debian/patches/CVE-2016-3142.patch: check bounds in ext/phar/zip.c.
- CVE-2016-3142
* SECURITY UPDATE: openssl_random_pseudo_bytes() is not cryptographically
secure
- debian/patches/bug70014.patch: use RAND_bytes instead of deprecated
RAND_pseudo_bytes in ext/openssl/openssl.c.
- No CVE number
* SECURITY UPDATE: buffer over-write in finfo_open with malformed magic
file
- debian/patches/bug71527.patch: properly calculate length in
ext/fileinfo/libmagic/funcs.c, added test to
ext/fileinfo/tests/bug71527.magic.
- CVE number pending
* SECURITY UPDATE: php_snmp_error() format string Vulnerability
- debian/patches/bug71704.patch: use format string in ext/snmp/snmp.c.
- CVE number pending
* SECURITY UPDATE: integer overflow in php_raw_url_encode
- debian/patches/bug71798.patch: use size_t in ext/standard/url.c.
- CVE number pending
* SECURITY UPDATE: invalid memory write in phar on filename containing
NULL
- debian/patches/bug71860.patch: require valid paths in
ext/phar/phar.c, ext/phar/phar_object.c, fix tests in
ext/phar/tests/badparameters.phpt,
ext/phar/tests/bug64931/bug64931.phpt,
ext/phar/tests/create_path_error.phpt,
ext/phar/tests/phar_extract.phpt,
ext/phar/tests/phar_isvalidpharfilename.phpt,
ext/phar/tests/phar_unlinkarchive.phpt,
ext/phar/tests/pharfileinfo_construct.phpt.
- CVE number pending
* SECURITY UPDATE: invalid negative size in mbfl_strcut
- debian/patches/bug71906.patch: fix length checks in
ext/mbstring/libmbfl/mbfl/mbfilter.c.
- CVE number pending
-- Marc Deslauriers <email address hidden> Fri, 15 Apr 2016 10:37:57 -0400
Available diffs
| Deleted in trusty-proposed (Reason: moved to -updates) |
php5 (5.5.9+dfsg-1ubuntu4.15) trusty; urgency=medium * Fix zlib function naming with LFS (LP: #1315888). -- Nishanth Aravamudan <email address hidden> Tue, 22 Mar 2016 09:00:05 -0700
Available diffs
| Deleted in xenial-release (Reason: Obsoleted by php7.0; LP: #1547183) |
| Superseded in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
php5 (5.6.17+dfsg-3ubuntu1) xenial; urgency=medium
* Merge from Debian. Remaining changes:
- Drop support for firebird, c-client, mcrypt, onig and qdbm as they
are in universe:
+ d/control: drop Build-Depends on firebird-dev, libc-client-dev,
libmcrypt-dev, libonig-dev, libqdbm-dev.
+ d/control: drop binary packages php5-imap, php5-interbase and
php5-mcrypt and their reverse dependencies.
+ d/rules: drop configuration of qdgm, onig, imap, mcrypt.
+ d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
build interbase or firebird.
+ d/modulelist: drop imap, interbase and mcrypt.
- d/control: switch Build-Depends of netcat-traditional to
netcat-openbsd as only the latter is in main.
- d/source_php5.py, d/rules: add apport hook.
Available diffs
php5 (5.6.16+dfsg-1ubuntu1) xenial; urgency=medium
* Merge from Debian. Remaining changes:
- Drop support for firebird, c-client, mcrypt, onig and qdbm as they
are in universe:
+ d/control: drop Build-Depends on firebird-dev, libc-client-dev,
libmcrypt-dev, libonig-dev, libqdbm-dev.
+ d/control: drop binary packages php5-imap, php5-interbase and
php5-mcrypt and their reverse dependencies.
+ d/rules: drop configuration of qdgm, onig, imap, mcrypt.
+ d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
build interbase or firebird.
+ d/modulelist: drop imap, interbase and mcrypt.
- d/control: switch Build-Depends of netcat-traditional to
netcat-openbsd as only the latter is in main.
- d/source_php5.py, d/rules: add apport hook.
Available diffs
php5 (5.6.14+dfsg-1ubuntu1) xenial; urgency=medium
* Merge from Debian. Remaining changes:
- Drop support for firebird, c-client, mcrypt, onig and qdbm as they
are in universe:
+ d/control: drop Build-Depends on firebird-dev, libc-client-dev,
libmcrypt-dev, libonig-dev, libqdbm-dev.
+ d/control: drop binary packages php5-imap, php5-interbase and
php5-mcrypt and their reverse dependencies.
+ d/rules: drop configuration of qdgm, onig, imap, mcrypt.
+ d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
build interbase or firebird.
+ d/modulelist: drop imap, interbase and mcrypt.
- d/control: switch Build-Depends of netcat-traditional to
netcat-openbsd as only the latter is in main.
- d/source_php5.py, d/rules: add apport hook.
* Drop changes (patches included upstream):
- CVE-2015-6831-1.patch, CVE-2015-6831-2.patch, CVE-2015-6831-3.patch,
CVE-2015-6832.patch, CVE-2015-6833-1.patch, CVE-2015-6833-2.patch,
CVE-2015-6834-1.patch, CVE-2015-6834-2.patch, CVE-2015-6834-3.patch,
CVE-2015-6835-1.patch, CVE-2015-6835-2.patch, CVE-2015-6836.patch,
CVE-2015-6837-6838.patch
Available diffs
php5 (5.3.10-1ubuntu3.21) precise-security; urgency=medium
* SECURITY UPDATE: null pointer dereference in phar_get_fp_offset()
- debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c.
- CVE-2015-7803
* SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
- debian/patches/CVE-2015-7804.patch: check filename length in
ext/phar/util.c, ext/phar/zip.c.
- CVE-2015-7804
-- Marc Deslauriers <email address hidden> Tue, 27 Oct 2015 16:59:36 -0400
Available diffs
php5 (5.6.11+dfsg-1ubuntu3.1) wily-security; urgency=medium
* SECURITY UPDATE: null pointer dereference in phar_get_fp_offset()
- debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c.
- CVE-2015-7803
* SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
- debian/patches/CVE-2015-7804.patch: check filename length in
ext/phar/util.c, ext/phar/zip.c.
- CVE-2015-7804
-- Marc Deslauriers <email address hidden> Tue, 27 Oct 2015 16:47:59 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.14) trusty-security; urgency=medium
* SECURITY UPDATE: null pointer dereference in phar_get_fp_offset()
- debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c.
- CVE-2015-7803
* SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
- debian/patches/CVE-2015-7804.patch: check filename length in
ext/phar/util.c, ext/phar/zip.c.
- CVE-2015-7804
-- Marc Deslauriers <email address hidden> Tue, 27 Oct 2015 16:55:35 -0400
Available diffs
php5 (5.6.4+dfsg-4ubuntu6.4) vivid-security; urgency=medium
* SECURITY UPDATE: null pointer dereference in phar_get_fp_offset()
- debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c.
- CVE-2015-7803
* SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
- debian/patches/CVE-2015-7804.patch: check filename length in
ext/phar/util.c, ext/phar/zip.c.
- CVE-2015-7804
-- Marc Deslauriers <email address hidden> Tue, 27 Oct 2015 16:52:47 -0400
Available diffs
php5 (5.3.10-1ubuntu3.20) precise-security; urgency=medium
* debian/patches/bug65481.patch: backport bugfix to get new
var_push_dtor_no_addref function.
* SECURITY UPDATE: phar segfault on invalid file
- debian/patches/CVE-2015-5589-1.patch: check stream before closing in
ext/phar/phar_object.c.
- debian/patches/CVE-2015-5589-2.patch: add better checks in
ext/phar/phar_object.c.
- CVE-2015-5589
* SECURITY UPDATE: phar buffer overflow in phar_fix_filepath
- debian/patches/CVE-2015-5590.patch: properly handle path in
ext/phar/phar.c.
- CVE-2015-5590
* SECURITY UPDATE: multiple use-after-free issues in unserialize()
- debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in
ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt.
- debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in
ext/spl/spl_observer.c.
- CVE-2015-6831
* SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject
items
- debian/patches/CVE-2015-6832.patch: fix dangling pointer in
ext/spl/spl_array.c.
- CVE-2015-6832
* SECURITY UPDATE: phar files extracted outside of destination dir
- debian/patches/CVE-2015-6833-1.patch: limit extracted files to given
directory in ext/phar/phar_object.c.
- CVE-2015-6833
* SECURITY UPDATE: multiple vulnerabilities in unserialize()
- debian/patches/CVE-2015-6834-1.patch: fix use-after-free in
ext/standard/var.c, ext/standard/var_unserializer.*.
- debian/patches/CVE-2015-6834-2.patch: fix use-after-free in
ext/spl/spl_observer.c.
- CVE-2015-6834
* SECURITY UPDATE: use after free in session deserializer
- debian/patches/CVE-2015-6835-1.patch: fix use after free in
ext/session/session.c, ext/standard/var_unserializer.*
fixed tests in ext/session/tests/session_decode_error2.phpt,
ext/session/tests/session_decode_variation3.phpt.
- CVE-2015-6835
* SECURITY UPDATE: SOAP serialize_function_call() type confusion
- debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c,
added test to ext/soap/tests/bug70388.phpt.
- CVE-2015-6836
* SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class
- debian/patches/CVE-2015-6837-6838.patch: fix logic in
ext/xsl/xsltprocessor.c.
- CVE-2015-6837
- CVE-2015-6838
-- Marc Deslauriers <email address hidden> Tue, 29 Sep 2015 12:51:49 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.13) trusty-security; urgency=medium
* SECURITY UPDATE: phar segfault on invalid file
- debian/patches/CVE-2015-5589-1.patch: check stream before closing in
ext/phar/phar_object.c.
- debian/patches/CVE-2015-5589-2.patch: add better checks in
ext/phar/phar_object.c.
- CVE-2015-5589
* SECURITY UPDATE: phar buffer overflow in phar_fix_filepath
- debian/patches/CVE-2015-5590.patch: properly handle path in
ext/phar/phar.c.
- CVE-2015-5590
* SECURITY UPDATE: multiple use-after-free issues in unserialize()
- debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in
ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt.
- debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in
ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt.
- debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt.
- CVE-2015-6831
* SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject
items
- debian/patches/CVE-2015-6832.patch: fix dangling pointer in
ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt.
- CVE-2015-6832
* SECURITY UPDATE: phar files extracted outside of destination dir
- debian/patches/CVE-2015-6833-1.patch: limit extracted files to given
directory in ext/phar/phar_object.c.
- CVE-2015-6833
* SECURITY UPDATE: multiple vulnerabilities in unserialize()
- debian/patches/CVE-2015-6834-1.patch: fix use-after-free in
ext/standard/var.c, ext/standard/var_unserializer.*.
- debian/patches/CVE-2015-6834-2.patch: fix use-after-free in
ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt.
- debian/patches/CVE-2015-6834-3.patch: fix use-after-free in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt.
- CVE-2015-6834
* SECURITY UPDATE: use after free in session deserializer
- debian/patches/CVE-2015-6835-1.patch: fix use after free in
ext/session/session.c, ext/standard/var_unserializer.*
fixed tests in ext/session/tests/session_decode_error2.phpt,
ext/session/tests/session_decode_variation3.phpt.
- debian/patches/CVE-2015-6835-2.patch: add more fixes to
ext/session/session.c.
- CVE-2015-6835
* SECURITY UPDATE: SOAP serialize_function_call() type confusion
- debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c,
added test to ext/soap/tests/bug70388.phpt.
- CVE-2015-6836
* SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class
- debian/patches/CVE-2015-6837-6838.patch: fix logic in
ext/xsl/xsltprocessor.c.
- CVE-2015-6837
- CVE-2015-6838
-- Marc Deslauriers <email address hidden> Tue, 29 Sep 2015 07:35:49 -0400
Available diffs
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
php5 (5.6.11+dfsg-1ubuntu3) wily; urgency=medium
* SECURITY UPDATE: multiple use-after-free issues in unserialize()
- debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in
ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt.
- debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in
ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt.
- debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt.
- CVE-2015-6831
* SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject
items
- debian/patches/CVE-2015-6832.patch: fix dangling pointer in
ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt.
- CVE-2015-6832
* SECURITY UPDATE: phar files extracted outside of destination dir
- debian/patches/CVE-2015-6833-1.patch: limit extracted files to given
directory in ext/phar/phar_object.c.
- debian/patches/CVE-2015-6833-2.patch: use emalloc in
ext/phar/phar_object.c.
- CVE-2015-6833
* SECURITY UPDATE: multiple vulnerabilities in unserialize()
- debian/patches/CVE-2015-6834-1.patch: fix use-after-free in
ext/standard/var.c, ext/standard/var_unserializer.*.
- debian/patches/CVE-2015-6834-2.patch: fix use-after-free in
ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt.
- debian/patches/CVE-2015-6834-3.patch: fix use-after-free in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt.
- CVE-2015-6834
* SECURITY UPDATE: use after free in session deserializer
- debian/patches/CVE-2015-6835-1.patch: fix use after free in
ext/session/session.c, ext/standard/var_unserializer.*
fixed tests in ext/session/tests/session_decode_error2.phpt,
ext/session/tests/session_decode_variation3.phpt.
- debian/patches/CVE-2015-6835-2.patch: add more fixes to
ext/session/session.c.
- CVE-2015-6835
* SECURITY UPDATE: SOAP serialize_function_call() type confusion
- debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c,
added test to ext/soap/tests/bug70388.phpt.
- CVE-2015-6836
* SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class
- debian/patches/CVE-2015-6837-6838.patch: fix logic in
ext/xsl/xsltprocessor.c.
- CVE-2015-6837
- CVE-2015-6838
-- Marc Deslauriers <email address hidden> Mon, 28 Sep 2015 07:26:44 -0400
Available diffs
php5 (5.6.4+dfsg-4ubuntu6.3) vivid-security; urgency=medium
* SECURITY UPDATE: phar segfault on invalid file
- debian/patches/CVE-2015-5589-1.patch: check stream before closing in
ext/phar/phar_object.c.
- debian/patches/CVE-2015-5589-2.patch: add better checks in
ext/phar/phar_object.c.
- CVE-2015-5589
* SECURITY UPDATE: phar buffer overflow in phar_fix_filepath
- debian/patches/CVE-2015-5590.patch: properly handle path in
ext/phar/phar.c.
- CVE-2015-5590
* SECURITY UPDATE: multiple use-after-free issues in unserialize()
- debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in
ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt.
- debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in
ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt.
- debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt.
- CVE-2015-6831
* SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject
items
- debian/patches/CVE-2015-6832.patch: fix dangling pointer in
ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt.
- CVE-2015-6832
* SECURITY UPDATE: phar files extracted outside of destination dir
- debian/patches/CVE-2015-6833-1.patch: limit extracted files to given
directory in ext/phar/phar_object.c.
- debian/patches/CVE-2015-6833-2.patch: use emalloc in
ext/phar/phar_object.c.
- CVE-2015-6833
* SECURITY UPDATE: multiple vulnerabilities in unserialize()
- debian/patches/CVE-2015-6834-1.patch: fix use-after-free in
ext/standard/var.c, ext/standard/var_unserializer.*.
- debian/patches/CVE-2015-6834-2.patch: fix use-after-free in
ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt.
- debian/patches/CVE-2015-6834-3.patch: fix use-after-free in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt.
- CVE-2015-6834
* SECURITY UPDATE: use after free in session deserializer
- debian/patches/CVE-2015-6835-1.patch: fix use after free in
ext/session/session.c, ext/standard/var_unserializer.*
fixed tests in ext/session/tests/session_decode_error2.phpt,
ext/session/tests/session_decode_variation3.phpt.
- debian/patches/CVE-2015-6835-2.patch: add more fixes to
ext/session/session.c.
- CVE-2015-6835
* SECURITY UPDATE: SOAP serialize_function_call() type confusion
- debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c,
added test to ext/soap/tests/bug70388.phpt.
- CVE-2015-6836
* SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class
- debian/patches/CVE-2015-6837-6838.patch: fix logic in
ext/xsl/xsltprocessor.c.
- CVE-2015-6837
- CVE-2015-6838
-- Marc Deslauriers <email address hidden> Mon, 28 Sep 2015 15:51:34 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.12) trusty; urgency=medium * Fix PHP Fatal error: Inconsistent insteadof definition (LP: #1474276) - Apply upstream fix -- Ryan Harper <email address hidden> Thu, 13 Aug 2015 09:55:34 -0500
Available diffs
php5 (5.6.11+dfsg-1ubuntu2) wily; urgency=medium * No-change rebuild against new libicu -- Iain Lane <email address hidden> Wed, 05 Aug 2015 17:41:17 +0100
Available diffs
php5 (5.6.11+dfsg-1ubuntu1) wily; urgency=medium
* Merge from Debian. Remaining changes:
- Drop support for firebird, c-client, mcrypt, onig and qdbm as they
are in universe:
+ d/control: drop Build-Depends on firebird-dev, libc-client-dev,
libmcrypt-dev, libonig-dev, libqdbm-dev.
+ d/control: drop binary packages php5-imap, php5-interbase and
php5-mcrypt and their reverse dependencies.
+ d/rules: drop configuration of qdgm, onig, imap, mcrypt.
+ d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
build interbase or firebird.
+ d/modulelist: drop imap, interbase and mcrypt.
- d/control: switch Build-Depends of netcat-traditional to
netcat-openbsd as only the latter is in main.
- d/source_php5.py, d/rules: add apport hook.
* New upstream version uses __builtin_clzl when __powerpc__ is defined,
improving performance on POWER systems (LP: #1458434).
* Drop changes (patches included upstream): CVE-2015-4598.patch,
CVE-2015-4643.patch, CVE-2015-4644.patch.
-- Robie Basak <email address hidden> Mon, 27 Jul 2015 11:15:34 +0000
Available diffs
php5 (5.6.9+dfsg-1ubuntu1) wily; urgency=medium
* Merge from Debian. Remaining changes:
- d/control: drop Build-Depends that are in universe: firebird-dev,
libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev.
- d/rules: drop configuration of packages that are in universe: qdgm, onig.
- d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build
interbase or firebird.
- d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt
since we have separate versions in universe.
- d/modulelist: drop imap, interbase and mcrypt since we have separate
versions in universe.
- d/rules: drop configuration of imap and mcrypt since we have separate
versions in universe.
- d/source_php5.py, d/rules: add apport hook.
- d/control: switch Build-Depends of netcat-traditional to netcat-openbsd
as only the latter is in main.
* Dropped changes:
- patches included in new upstream version: CVE-2014-9427.patch,
CVE-2014-9652.patch, CVE-2015-0231.patch, CVE-2015-0232.patch,
CVE-2015-1351.patch, CVE-2015-1352.patch, remove_readelf.patch,
CVE-2014-9705.patch, CVE-2015-0273.patch, CVE-2015-2301.patch,
CVE-2015-2305.patch, CVE-2015-2331.patch, CVE-2015-2348.patch,
CVE-2015-2787.patch, CVE-2015-2783.patch, bug69218.patch,
bug69441.patch.
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4598.patch: add missing checks to
ext/dom/document.c, ext/gd/gd.c, fix test in
ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt.
- CVE-2015-4598
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
ext/ftp/ftp.c.
- CVE-2015-4643
* SECURITY UPDATE: denial of service via php_pgsql_meta_data
- debian/patches/CVE-2015-4644.patch: check return value in
ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
- CVE-2015-4644
Available diffs
php5 (5.3.10-1ubuntu3.19) precise-security; urgency=medium
* SECURITY UPDATE: missing file path null byte checks
- debian/patches/CVE-2015-3411.patch: add missing checks to
ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/streamsfuncs.c,
ext/xmlwriter/php_xmlwriter.c, ext/zlib/zlib.c, add tests to
ext/fileinfo/tests/finfo_file_basic.phpt,
ext/hash/tests/hash_hmac_file_error.phpt,
backport CHECK_NULL_PATH to Zend/zend_API.h.
- CVE-2015-3411
- CVE-2015-3412
* SECURITY UPDATE: denial of service via crafted tar archive
- debian/patches/CVE-2015-4021.patch: handle empty strings in
ext/phar/tar.c.
- CVE-2015-4021
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
- CVE-2015-4022
* SECURITY UPDATE: denial of service via crafted form data
- debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
in main/rfc1867.c.
- CVE-2015-4024
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4025.patch: add missing checks to
ext/pcntl/pcntl.c, ext/standard/dir.c.
- CVE-2015-4025
- CVE-2015-4026
* SECURITY UPDATE: arbitrary code execution via crafted serialized data
with unexpected data type
- debian/patches/CVE-2015-4147.patch: check variable types in
ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
- CVE-2015-4147
- CVE-2015-4148
- CVE-2015-4600
- CVE-2015-4601
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4598.patch: add missing checks to
ext/dom/document.c, ext/gd/gd.c.
- CVE-2015-4598
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4599.patch: use proper types in
ext/soap/soap.c.
- CVE-2015-4599
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4602.patch: check for proper type in
ext/standard/incomplete_class.c.
- CVE-2015-4602
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4603.patch: check type in
Zend/zend_exceptions.c, add test to
ext/standard/tests/serialize/bug69152.phpt.
- CVE-2015-4603
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
ext/ftp/ftp.c.
- CVE-2015-4643
* SECURITY UPDATE: denial of service via php_pgsql_meta_data
- debian/patches/CVE-2015-4644.patch: check return value in
ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
- CVE-2015-4644
* debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
by CVE-2015-2783 security update.
-- Marc Deslauriers <email address hidden> Thu, 02 Jul 2015 07:42:32 -0400
Available diffs
php5 (5.5.12+dfsg-2ubuntu4.6) utopic-security; urgency=medium
* SECURITY UPDATE: missing file path null byte checks
- debian/patches/CVE-2015-3411.patch: add missing checks to
ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c,
ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c,
ext/zlib/zlib.c, add tests to
ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
ext/fileinfo/tests/finfo_file_basic.phpt,
ext/hash/tests/hash_hmac_file_error.phpt
- CVE-2015-3411
- CVE-2015-3412
* SECURITY UPDATE: denial of service via crafted tar archive
- debian/patches/CVE-2015-4021.patch: handle empty strings in
ext/phar/tar.c.
- CVE-2015-4021
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
- CVE-2015-4022
* SECURITY UPDATE: denial of service via crafted form data
- debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
in main/rfc1867.c.
- CVE-2015-4024
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4025.patch: add missing checks to
ext/pcntl/pcntl.c, ext/standard/basic_functions.c,
ext/standard/dir.c, ext/standard/file.c.
- CVE-2015-4025
- CVE-2015-4026
* SECURITY UPDATE: arbitrary code execution via crafted serialized data
with unexpected data type
- debian/patches/CVE-2015-4147.patch: check variable types in
ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
- CVE-2015-4147
- CVE-2015-4148
- CVE-2015-4600
- CVE-2015-4601
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4598.patch: add missing checks to
ext/dom/document.c, ext/gd/gd.c, fix tests in
ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
ext/gd/tests/imageloadfont_error1.phpt,
ext/zlib/tests/gzopen_variation1.phpt,
ext/zlib/tests/readgzfile_variation1.phpt,
ext/zlib/tests/readgzfile_variation6.phpt,
ext/standard/tests/dir/dir_variation1.phpt,
ext/standard/tests/dir/opendir_variation1.phpt,
ext/standard/tests/file/mkdir_rmdir_variation2.phpt,
ext/standard/tests/file/readlink_variation1.phpt,
ext/standard/tests/file/tempnam_variation3-win32.phpt,
ext/standard/tests/file/tempnam_variation3.phpt,
ext/standard/tests/general_functions/include_path.phpt.
- CVE-2015-4598
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4599.patch: use proper types in
ext/soap/soap.c.
- CVE-2015-4599
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4602.patch: check for proper type in
ext/standard/incomplete_class.c.
- CVE-2015-4602
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4603.patch: check type in
Zend/zend_exceptions.c, add test to
ext/standard/tests/serialize/bug69152.phpt.
- CVE-2015-4603
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
ext/ftp/ftp.c.
- CVE-2015-4643
* SECURITY UPDATE: denial of service via php_pgsql_meta_data
- debian/patches/CVE-2015-4644.patch: check return value in
ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
- CVE-2015-4644
* debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
by CVE-2015-2783 security update.
-- Marc Deslauriers <email address hidden> Thu, 02 Jul 2015 08:51:10 -0400
php5 (5.6.4+dfsg-4ubuntu6.2) vivid-security; urgency=medium
* SECURITY UPDATE: missing file path null byte checks
- debian/patches/CVE-2015-3411.patch: add missing checks to
ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c,
ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c,
ext/zlib/zlib.c, add tests to
ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
ext/fileinfo/tests/finfo_file_basic.phpt,
ext/hash/tests/hash_hmac_file_error.phpt
- CVE-2015-3411
- CVE-2015-3412
* SECURITY UPDATE: denial of service via crafted tar archive
- debian/patches/CVE-2015-4021.patch: handle empty strings in
ext/phar/tar.c.
- CVE-2015-4021
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
- CVE-2015-4022
* SECURITY UPDATE: denial of service via crafted form data
- debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
in main/rfc1867.c.
- CVE-2015-4024
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4025.patch: add missing checks to
ext/pcntl/pcntl.c, ext/standard/basic_functions.c,
ext/standard/dir.c, ext/standard/file.c.
- CVE-2015-4025
- CVE-2015-4026
* SECURITY UPDATE: arbitrary code execution via crafted serialized data
with unexpected data type
- debian/patches/CVE-2015-4147.patch: check variable types in
ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
- CVE-2015-4147
- CVE-2015-4148
- CVE-2015-4600
- CVE-2015-4601
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4598.patch: add missing checks to
ext/dom/document.c, ext/gd/gd.c, fix tests in
ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
ext/gd/tests/imageloadfont_error1.phpt,
ext/zlib/tests/gzopen_variation1.phpt,
ext/zlib/tests/readgzfile_variation1.phpt,
ext/zlib/tests/readgzfile_variation6.phpt,
ext/standard/tests/dir/dir_variation1.phpt,
ext/standard/tests/dir/opendir_variation1.phpt,
ext/standard/tests/file/mkdir_rmdir_variation2.phpt,
ext/standard/tests/file/readlink_variation1.phpt,
ext/standard/tests/file/tempnam_variation3-win32.phpt,
ext/standard/tests/file/tempnam_variation3.phpt,
ext/standard/tests/general_functions/include_path.phpt.
- CVE-2015-4598
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4599.patch: use proper types in
ext/soap/soap.c.
- CVE-2015-4599
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4602.patch: check for proper type in
ext/standard/incomplete_class.c.
- CVE-2015-4602
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4603.patch: check type in
Zend/zend_exceptions.c, add test to
ext/standard/tests/serialize/bug69152.phpt.
- CVE-2015-4603
* SECURITY UPDATE: denial of service in Fileinfo with crafted file
- debian/patches/CVE-2015-4604.patch: handle large offset in
ext/fileinfo/libmagic/softmagic.c, add test to
ext/fileinfo/tests/bug68819_001.phpt,
ext/fileinfo/tests/bug68819_002.phpt.
- CVE-2015-4604
- CVE-2015-4605
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
ext/ftp/ftp.c.
- CVE-2015-4643
* SECURITY UPDATE: denial of service via php_pgsql_meta_data
- debian/patches/CVE-2015-4644.patch: check return value in
ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
- CVE-2015-4644
* debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
by CVE-2015-2783 security update.
-- Marc Deslauriers <email address hidden> Thu, 02 Jul 2015 08:45:58 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.11) trusty-security; urgency=medium
* SECURITY UPDATE: missing file path null byte checks
- debian/patches/CVE-2015-3411.patch: add missing checks to
ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c,
ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c,
ext/zlib/zlib.c, add tests to
ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
ext/fileinfo/tests/finfo_file_basic.phpt,
ext/hash/tests/hash_hmac_file_error.phpt
- CVE-2015-3411
- CVE-2015-3412
* SECURITY UPDATE: denial of service via crafted tar archive
- debian/patches/CVE-2015-4021.patch: handle empty strings in
ext/phar/tar.c.
- CVE-2015-4021
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
- CVE-2015-4022
* SECURITY UPDATE: denial of service via crafted form data
- debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
in main/rfc1867.c.
- CVE-2015-4024
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4025.patch: add missing checks to
ext/pcntl/pcntl.c, ext/standard/basic_functions.c,
ext/standard/dir.c, ext/standard/file.c.
- CVE-2015-4025
- CVE-2015-4026
* SECURITY UPDATE: arbitrary code execution via crafted serialized data
with unexpected data type
- debian/patches/CVE-2015-4147.patch: check variable types in
ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
- CVE-2015-4147
- CVE-2015-4148
- CVE-2015-4600
- CVE-2015-4601
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4598.patch: add missing checks to
ext/dom/document.c, ext/gd/gd.c, fix tests in
ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
ext/gd/tests/imageloadfont_error1.phpt,
ext/zlib/tests/gzopen_variation1.phpt,
ext/zlib/tests/readgzfile_variation1.phpt,
ext/zlib/tests/readgzfile_variation6.phpt,
ext/standard/tests/dir/dir_variation1.phpt,
ext/standard/tests/dir/opendir_variation1.phpt,
ext/standard/tests/file/mkdir_rmdir_variation2.phpt,
ext/standard/tests/file/readlink_variation1.phpt,
ext/standard/tests/file/tempnam_variation3-win32.phpt,
ext/standard/tests/file/tempnam_variation3.phpt,
ext/standard/tests/general_functions/include_path.phpt.
- CVE-2015-4598
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4599.patch: use proper types in
ext/soap/soap.c.
- CVE-2015-4599
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4602.patch: check for proper type in
ext/standard/incomplete_class.c.
- CVE-2015-4602
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4603.patch: check type in
Zend/zend_exceptions.c, add test to
ext/standard/tests/serialize/bug69152.phpt.
- CVE-2015-4603
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
ext/ftp/ftp.c.
- CVE-2015-4643
* SECURITY UPDATE: denial of service via php_pgsql_meta_data
- debian/patches/CVE-2015-4644.patch: check return value in
ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
- CVE-2015-4644
* debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
by CVE-2015-2783 security update.
-- Marc Deslauriers <email address hidden> Thu, 02 Jul 2015 08:53:30 -0400
| Superseded in wily-release |
| Obsolete in vivid-release |
| Deleted in vivid-proposed (Reason: moved to release) |
php5 (5.6.4+dfsg-4ubuntu6) vivid; urgency=medium
* SECURITY UPDATE: potential remote code execution vulnerability when
used with the Apache 2.4 apache2handler
- debian/patches/bug69218.patch: perform proper cleanup in
sapi/apache2handler/sapi_apache2.c.
- CVE number pending
* SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
- debian/patches/bug69441.patch: check lengths in
ext/phar/phar_internal.h.
- CVE number pending
* SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
- debian/patches/CVE-2015-2783.patch: properly check lengths in
ext/phar/phar.c, ext/phar/phar_internal.h.
- CVE-2015-2783
-- Marc Deslauriers <email address hidden> Fri, 17 Apr 2015 05:15:49 -0400
Available diffs
php5 (5.3.2-1ubuntu4.30) lucid-security; urgency=medium
* SECURITY UPDATE: potential remote code execution vulnerability when
used with the Apache 2.4 apache2handler
- debian/patches/bug69218.patch: perform proper cleanup in
sapi/apache2handler/sapi_apache2.c.
- CVE number pending
* SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
- debian/patches/bug69441.patch: check lengths in
ext/phar/phar_internal.h.
- CVE number pending
* SECURITY UPDATE: heap overflow in regexp library
- debian/patches/CVE-2015-2305.patch: check for overflow in
ext/ereg/regex/regcomp.c.
- CVE-2015-2305
* SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
- debian/patches/CVE-2015-2783.patch: properly check lengths in
ext/phar/phar.c, ext/phar/phar_internal.h.
- CVE-2015-2783
* SECURITY UPDATE: arbitrary code exection via process_nested_data
use-after-free
- debian/patches/CVE-2015-2787.patch: fix logic in
ext/standard/var_unserializer.*.
- CVE-2015-2787
-- Marc Deslauriers <email address hidden> Fri, 17 Apr 2015 07:37:39 -0400
Available diffs
php5 (5.3.10-1ubuntu3.18) precise-security; urgency=medium
* SECURITY UPDATE: potential remote code execution vulnerability when
used with the Apache 2.4 apache2handler
- debian/patches/bug69218.patch: perform proper cleanup in
sapi/apache2handler/sapi_apache2.c.
- CVE number pending
* SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
- debian/patches/bug69441.patch: check lengths in
ext/phar/phar_internal.h.
- CVE number pending
* SECURITY UPDATE: heap overflow in regexp library
- debian/patches/CVE-2015-2305.patch: check for overflow in
ext/ereg/regex/regcomp.c.
- CVE-2015-2305
* SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
- debian/patches/CVE-2015-2783.patch: properly check lengths in
ext/phar/phar.c, ext/phar/phar_internal.h.
- CVE-2015-2783
* SECURITY UPDATE: arbitrary code exection via process_nested_data
use-after-free
- debian/patches/CVE-2015-2787.patch: fix logic in
ext/standard/var_unserializer.*.
- CVE-2015-2787
-- Marc Deslauriers <email address hidden> Fri, 17 Apr 2015 06:25:37 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.9) trusty-security; urgency=medium
* SECURITY UPDATE: potential remote code execution vulnerability when
used with the Apache 2.4 apache2handler
- debian/patches/bug69218.patch: perform proper cleanup in
sapi/apache2handler/sapi_apache2.c.
- CVE number pending
* SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
- debian/patches/bug69441.patch: check lengths in
ext/phar/phar_internal.h.
- CVE number pending
* SECURITY UPDATE: heap overflow in regexp library
- debian/patches/CVE-2015-2305.patch: check for overflow in
ext/ereg/regex/regcomp.c.
- CVE-2015-2305
* SECURITY UPDATE: move_uploaded_file filename restriction bypass
- debian/patches/CVE-2015-2348.patch: handle nulls in
ext/standard/basic_functions.c.
- CVE-2015-2348
* SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
- debian/patches/CVE-2015-2783.patch: properly check lengths in
ext/phar/phar.c, ext/phar/phar_internal.h.
- CVE-2015-2783
* SECURITY UPDATE: arbitrary code exection via process_nested_data
use-after-free
- debian/patches/CVE-2015-2787.patch: fix logic in
ext/standard/var_unserializer.*.
- CVE-2015-2787
-- Marc Deslauriers <email address hidden> Fri, 17 Apr 2015 05:28:02 -0400
php5 (5.5.12+dfsg-2ubuntu4.4) utopic-security; urgency=medium
* SECURITY UPDATE: potential remote code execution vulnerability when
used with the Apache 2.4 apache2handler
- debian/patches/bug69218.patch: perform proper cleanup in
sapi/apache2handler/sapi_apache2.c.
- CVE number pending
* SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
- debian/patches/bug69441.patch: check lengths in
ext/phar/phar_internal.h.
- CVE number pending
* SECURITY UPDATE: heap overflow in regexp library
- debian/patches/CVE-2015-2305.patch: check for overflow in
ext/ereg/regex/regcomp.c.
- CVE-2015-2305
* SECURITY UPDATE: move_uploaded_file filename restriction bypass
- debian/patches/CVE-2015-2348.patch: handle nulls in
ext/standard/basic_functions.c.
- CVE-2015-2348
* SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
- debian/patches/CVE-2015-2783.patch: properly check lengths in
ext/phar/phar.c, ext/phar/phar_internal.h.
- CVE-2015-2783
* SECURITY UPDATE: arbitrary code exection via process_nested_data
use-after-free
- debian/patches/CVE-2015-2787.patch: fix logic in
ext/standard/var_unserializer.*.
- CVE-2015-2787
-- Marc Deslauriers <email address hidden> Fri, 17 Apr 2015 05:24:45 -0400
php5 (5.6.4+dfsg-4ubuntu5) vivid; urgency=medium
* SECURITY UPDATE: move_uploaded_file filename restriction bypass
- debian/patches/CVE-2015-2348.patch: handle nulls in
ext/standard/basic_functions.c.
- CVE-2015-2348
* SECURITY UPDATE: arbitrary code exection via process_nested_data
use-after-free
- debian/patches/CVE-2015-2787.patch: fix logic in
ext/standard/var_unserializer.*.
- CVE-2015-2787
-- Marc Deslauriers <email address hidden> Thu, 02 Apr 2015 08:06:41 -0400
Available diffs
| Deleted in trusty-proposed (Reason: moved to -updates) |
php5 (5.5.9+dfsg-1ubuntu4.8) trusty; urgency=medium
* Fix php5-fpm logrotate since the upstart job has been introduced.
(LP: #1230917)
- Backport the /usr/lib/php5/php5-fpm-reopenlogs script from utopic.
- Call the script in postrotate instead of invoke-rc.d php5-fpm reopen-logs.
Upstart jobs don't support custom actions.
-- Felix Geyer <email address hidden> Tue, 31 Mar 2015 07:51:32 -0400
Available diffs
php5 (5.6.4+dfsg-4ubuntu4) vivid; urgency=medium
* SECURITY UPDATE: heap overflow in regexp library
- debian/patches/CVE-2015-2305.patch: check for overflow in
ext/ereg/regex/regcomp.c.
- CVE-2015-2305
* SECURITY UPDATE: integer overflow in zip module
- debian/patches/CVE-2015-2331.patch: check for overflow in
ext/zip/lib/zip_dirent.c.
- CVE-2015-2331
-- Marc Deslauriers <email address hidden> Tue, 24 Mar 2015 15:12:32 -0400
Available diffs
php5 (5.6.4+dfsg-4ubuntu3) vivid; urgency=medium
* SECURITY UPDATE: denial of service or possible code execution in
enchant
- debian/patches/CVE-2014-9705.patch: handle position better in
ext/enchant/enchant.c.
- CVE-2014-9705
* SECURITY UPDATE: arbitrary code execution via use after free in
unserialize() with DateTimeZone and DateTime
- debian/patches/CVE-2015-0273.patch: fix use after free in
ext/date/php_date.c, added tests to ext/date/tests/bug68942.phpt,
ext/date/tests/bug68942_2.phpt.
- CVE-2015-0273
* SECURITY UPDATE: denial of service or possible code execution in phar
- debian/patches/CVE-2015-2301.patch: fix use after free in
ext/phar/phar_object.c.
- CVE-2015-2301
-- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 13:21:17 -0400
Available diffs
php5 (5.3.10-1ubuntu3.17) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via recursion
- debian/patches/CVE-2014-8117.patch: lower recursion limit in
ext/fileinfo/libmagic/softmagic.c.
- CVE-2014-8117
* SECURITY UPDATE: denial of service or possible code execution in
enchant
- debian/patches/CVE-2014-9705.patch: handle position better in
ext/enchant/enchant.c.
- CVE-2014-9705
* SECURITY UPDATE: arbitrary code execution via use after free in
unserialize() with DateTime
- debian/patches/CVE-2015-0273.patch: fix use after free in
ext/date/php_date.c, added test to ext/date/tests/*.phpt.
- CVE-2015-0273
* SECURITY UPDATE: denial of service or possible code execution in phar
- debian/patches/CVE-2015-2301.patch: fix use after free in
ext/phar/phar_object.c.
- CVE-2015-2301
-- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 13:59:27 -0400
Available diffs
php5 (5.3.2-1ubuntu4.29) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via recursion
- debian/patches/CVE-2014-8117.patch: lower recursion limit in
ext/fileinfo/libmagic/softmagic.c.
- CVE-2014-8117
* SECURITY UPDATE: denial of service or possible code execution in
enchant
- debian/patches/CVE-2014-9705.patch: handle position better in
ext/enchant/enchant.c.
- CVE-2014-9705
* SECURITY UPDATE: arbitrary code execution via use after free in
unserialize() with DateTime
- debian/patches/CVE-2015-0273.patch: fix use after free in
ext/date/php_date.c, added tests to ext/date/tests/*.phpt.
- CVE-2015-0273
* SECURITY UPDATE: denial of service or possible code execution in phar
- debian/patches/CVE-2015-2301.patch: fix use after free in
ext/phar/phar_object.c.
- CVE-2015-2301
-- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 15:00:32 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.7) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via recursion
- debian/patches/CVE-2014-8117.patch: lower recursion limit in
ext/fileinfo/libmagic/softmagic.c.
- CVE-2014-8117
* SECURITY UPDATE: denial of service or possible code execution in
enchant
- debian/patches/CVE-2014-9705.patch: handle position better in
ext/enchant/enchant.c.
- CVE-2014-9705
* SECURITY UPDATE: arbitrary code execution via use after free in
unserialize() with DateTimeZone and DateTime
- debian/patches/CVE-2015-0273.patch: fix use after free in
ext/date/php_date.c, added tests to ext/date/tests/bug68942.phpt,
ext/date/tests/bug68942_2.phpt.
- CVE-2015-0273
* SECURITY UPDATE: denial of service or possible code execution in phar
- debian/patches/CVE-2015-2301.patch: fix use after free in
ext/phar/phar_object.c.
- CVE-2015-2301
-- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 13:40:18 -0400
Available diffs
php5 (5.5.12+dfsg-2ubuntu4.3) utopic-security; urgency=medium
* SECURITY UPDATE: denial of service via recursion
- debian/patches/CVE-2014-8117.patch: lower recursion limit in
ext/fileinfo/libmagic/softmagic.c.
- CVE-2014-8117
* SECURITY UPDATE: denial of service or possible code execution in
enchant
- debian/patches/CVE-2014-9705.patch: handle position better in
ext/enchant/enchant.c.
- CVE-2014-9705
* SECURITY UPDATE: arbitrary code execution via use after free in
unserialize() with DateTimeZone and DateTime
- debian/patches/CVE-2015-0273.patch: fix use after free in
ext/date/php_date.c, added tests to ext/date/tests/bug68942.phpt,
ext/date/tests/bug68942_2.phpt.
- CVE-2015-0273
* SECURITY UPDATE: denial of service or possible code execution in phar
- debian/patches/CVE-2015-2301.patch: fix use after free in
ext/phar/phar_object.c.
- CVE-2015-2301
-- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 13:31:32 -0400
Available diffs
php5 (5.6.4+dfsg-4ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: out of bounds read via invalid php file
- debian/patches/CVE-2014-9427.patch: fix bounds in
sapi/cgi/cgi_main.c.
- CVE-2014-9427
* SECURITY UPDATE: out of bounds read in fileinfo
- debian/patches/CVE-2014-9652.patch: properly check length in
ext/fileinfo/libmagic/softmagic.c.
- CVE-2014-9652
* SECURITY UPDATE: arbitrary code execution via improper handling of
duplicate keys in unserializer, additional fix
- debian/patches/CVE-2015-0231.patch: fix use after free in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/strings/bug68710.phpt.
- CVE-2015-0231
* SECURITY UPDATE: arbitrary code execution or denial of service via
crafted EXIF data
- debian/patches/CVE-2015-0232.patch: fix uninitialized pointer free in
ext/exif/exif.c.
- CVE-2015-0232
* SECURITY UPDATE: use after free in opcache component
- debian/patches/CVE-2015-1351.patch: fix use after free in
ext/opcache/zend_shared_alloc.c.
- CVE-2015-1351
* SECURITY UPDATE: null pointer dereference in pgsql
- debian/patches/CVE-2015-1352.patch: properly set valid token in
ext/pgsql/pgsql.c.
- CVE-2015-1352
* debian/patches/remove_readelf.patch: remove readelf.c from fileinfo as
it isn't used, and is a source of confusion when doing security
updates.
-- Marc Deslauriers <email address hidden> Tue, 17 Feb 2015 15:47:51 -0500
Available diffs
php5 (5.3.10-1ubuntu3.16) precise-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via improper handling of
duplicate keys in unserializer
- debian/patches/CVE-2014-8142.patch: fix use after free in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/serialize/bug68594.phpt.
- CVE-2014-8142
* SECURITY UPDATE: arbitrary code execution via improper handling of
duplicate keys in unserializer, additional fix
- debian/patches/CVE-2015-0231.patch: fix use after free in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/strings/bug68710.phpt.
- CVE-2015-0231
* debian/patches/remove_readelf.patch: remove readelf.c from fileinfo as
it isn't used, and is a source of confusion when doing security
updates.
* debian/patches/CVE-2014-3710.patch: removed, wasn't needed.
-- Marc Deslauriers <email address hidden> Fri, 13 Feb 2015 11:53:39 -0500
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.6) trusty-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via improper handling of
duplicate keys in unserializer
- debian/patches/CVE-2014-8142.patch: fix use after free in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/serialize/bug68594.phpt.
- CVE-2014-8142
* SECURITY UPDATE: out of bounds read via invalid php file
- debian/patches/CVE-2014-9427.patch: fix bounds in
sapi/cgi/cgi_main.c.
- CVE-2014-9427
* SECURITY UPDATE: out of bounds read in fileinfo
- debian/patches/CVE-2014-9652.patch: properly check length in
ext/fileinfo/libmagic/softmagic.c.
- CVE-2014-9652
* SECURITY UPDATE: arbitrary code execution via improper handling of
duplicate keys in unserializer, additional fix
- debian/patches/CVE-2015-0231.patch: fix use after free in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/strings/bug68710.phpt.
- CVE-2015-0231
* SECURITY UPDATE: arbitrary code execution or denial of service via
crafted EXIF data
- debian/patches/CVE-2015-0232.patch: fix uninitialized pointer free in
ext/exif/exif.c.
- CVE-2015-0232
* SECURITY UPDATE: use after free in opcache component
- debian/patches/CVE-2015-1351.patch: fix use after free in
ext/opcache/zend_shared_alloc.c.
- CVE-2015-1351
* SECURITY UPDATE: null pointer dereference in pgsql
- debian/patches/CVE-2015-1352.patch: properly set valid token in
ext/pgsql/pgsql.c.
- CVE-2015-1352
* debian/patches/remove_readelf.patch: remove readelf.c from fileinfo as
it isn't used, and is a source of confusion when doing security
updates.
* debian/patches/CVE-2014-3710.patch: removed, wasn't needed.
-- Marc Deslauriers <email address hidden> Fri, 13 Feb 2015 11:15:38 -0500
Available diffs
php5 (5.5.12+dfsg-2ubuntu4.2) utopic-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via improper handling of
duplicate keys in unserializer
- debian/patches/CVE-2014-8142.patch: fix use after free in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/serialize/bug68594.phpt.
- CVE-2014-8142
* SECURITY UPDATE: out of bounds read via invalid php file
- debian/patches/CVE-2014-9427.patch: fix bounds in
sapi/cgi/cgi_main.c.
- CVE-2014-9427
* SECURITY UPDATE: out of bounds read in fileinfo
- debian/patches/CVE-2014-9652.patch: properly check length in
ext/fileinfo/libmagic/softmagic.c.
- CVE-2014-9652
* SECURITY UPDATE: arbitrary code execution via improper handling of
duplicate keys in unserializer, additional fix
- debian/patches/CVE-2015-0231.patch: fix use after free in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/strings/bug68710.phpt.
- CVE-2015-0231
* SECURITY UPDATE: arbitrary code execution or denial of service via
crafted EXIF data
- debian/patches/CVE-2015-0232.patch: fix uninitialized pointer free in
ext/exif/exif.c.
- CVE-2015-0232
* SECURITY UPDATE: use after free in opcache component
- debian/patches/CVE-2015-1351.patch: fix use after free in
ext/opcache/zend_shared_alloc.c.
- CVE-2015-1351
* SECURITY UPDATE: null pointer dereference in pgsql
- debian/patches/CVE-2015-1352.patch: properly set valid token in
ext/pgsql/pgsql.c.
- CVE-2015-1352
* debian/patches/remove_readelf.patch: remove readelf.c from fileinfo as
it isn't used, and is a source of confusion when doing security
updates.
* debian/patches/CVE-2014-3710.patch: removed, wasn't needed.
-- Marc Deslauriers <email address hidden> Fri, 13 Feb 2015 08:10:41 -0500
Available diffs
php5 (5.6.4+dfsg-4ubuntu1) vivid; urgency=medium * Merge from Debian testing (LP: #1411811). Remaining changes: - d/control: drop Build-Depends that are in universe: firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. - d/rules: drop configuration of packages that are in universe: qdgm, onig. - d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. - d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt since we have separate versions in universe. - d/modulelist: drop imap, interbase and mcrypt since we have separate versions in universe. - d/rules: drop configuration of imap and mcrypt since we have separate versions in universe. - d/source_php5.py, d/rules: add apport hook. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. * Drop changes: - Reported fixed in upstream release of 5.6.0: quilt patches for CVE-2014-0237, CVE-2014-0238, CVE-2014-4049, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-3515, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721, CVE-2014-3587 and CVE-2014-3597, and d/p/fix_systemd_ftbfs.patch. - Reported fixed in upstream release of 5.6.2: quilt patches for CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670, and d/p/curl_embedded_null.patch. - Reported fixed in upstream release of 5.6.3: quilt patch for CVE-2014-3710. - Applied in Debian: + d/rules: stop mysql instance on clean just in case we failed in tests. + d/tests/{cgi,cli,mod-php}: dep8 tests for common use cases. + d/rules: export DEB_HOST_MULTIARCH properly. + d/rules: load dpkg-buildflags earlier, so that CFLAGS changes are not overridden. -- Robie Basak <email address hidden> Tue, 27 Jan 2015 12:09:42 +0000
Available diffs
php5 (5.5.12+dfsg-2ubuntu5) vivid; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow in mkgmtime()
- debian/patches/CVE-2014-3668.patch: properly handle sizes in
ext/xmlrpc/libxmlrpc/xmlrpc.c, added test to
ext/xmlrpc/tests/bug68027.phpt.
- CVE-2014-3668
* SECURITY UPDATE: integer overflow in unserialize()
- debian/patches/CVE-2014-3669.patch: fix overflow in
ext/standard/var_unserializer.{c,re}, added test to
ext/standard/tests/serialize/bug68044.phpt.
- CVE-2014-3669
* SECURITY UPDATE: Heap corruption in exif_thumbnail()
- debian/patches/CVE-2014-3670.patch: fix sizes in ext/exif/exif.c.
- CVE-2014-3670
* SECURITY UPDATE: out of bounds read in elf note headers in fileinfo()
- debian/patches/CVE-2014-3710.patch: validate note headers in
ext/fileinfo/libmagic/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: local file disclosure via curl NULL byte injection
- debian/patches/curl_embedded_null.patch: don't accept curl options
with embedded NULLs in ext/curl/interface.c, added test to
ext/curl/tests/bug68089.phpt.
- No CVE number
* Fix FTBFS with systemd version in vivid
- debian/patches/fix_systemd_ftbfs.patch: improve detection logic in
sapi/fpm/config.m4.
-- Marc Deslauriers <email address hidden> Wed, 29 Oct 2014 11:56:11 -0400
Available diffs
php5 (5.3.10-1ubuntu3.15) precise-security; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow in mkgmtime()
- debian/patches/CVE-2014-3668.patch: properly handle sizes in
ext/xmlrpc/libxmlrpc/xmlrpc.c, added test to
ext/xmlrpc/tests/bug68027.phpt.
- CVE-2014-3668
* SECURITY UPDATE: integer overflow in unserialize()
- debian/patches/CVE-2014-3669.patch: fix overflow in
ext/standard/var_unserializer.{c,re}, added test to
ext/standard/tests/serialize/bug68044.phpt.
- CVE-2014-3669
* SECURITY UPDATE: Heap corruption in exif_thumbnail()
- debian/patches/CVE-2014-3670.patch: fix sizes in ext/exif/exif.c.
- CVE-2014-3670
* SECURITY UPDATE: out of bounds read in elf note headers in fileinfo()
- debian/patches/CVE-2014-3710.patch: validate note headers in
ext/fileinfo/libmagic/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: local file disclosure via curl NULL byte injection
- debian/patches/curl_embedded_null.patch: don't accept curl options
with embedded NULLs in ext/curl/interface.c, added test to
ext/curl/tests/bug68089.phpt.
- No CVE number
-- Marc Deslauriers <email address hidden> Tue, 28 Oct 2014 15:06:12 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.5) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow in mkgmtime()
- debian/patches/CVE-2014-3668.patch: properly handle sizes in
ext/xmlrpc/libxmlrpc/xmlrpc.c, added test to
ext/xmlrpc/tests/bug68027.phpt.
- CVE-2014-3668
* SECURITY UPDATE: integer overflow in unserialize()
- debian/patches/CVE-2014-3669.patch: fix overflow in
ext/standard/var_unserializer.{c,re}, added test to
ext/standard/tests/serialize/bug68044.phpt.
- CVE-2014-3669
* SECURITY UPDATE: Heap corruption in exif_thumbnail()
- debian/patches/CVE-2014-3670.patch: fix sizes in ext/exif/exif.c.
- CVE-2014-3670
* SECURITY UPDATE: out of bounds read in elf note headers in fileinfo()
- debian/patches/CVE-2014-3710.patch: validate note headers in
ext/fileinfo/libmagic/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: local file disclosure via curl NULL byte injection
- debian/patches/curl_embedded_null.patch: don't accept curl options
with embedded NULLs in ext/curl/interface.c, added test to
ext/curl/tests/bug68089.phpt.
- No CVE number
-- Marc Deslauriers <email address hidden> Tue, 28 Oct 2014 14:52:03 -0400
Available diffs
php5 (5.5.12+dfsg-2ubuntu4.1) utopic-security; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow in mkgmtime()
- debian/patches/CVE-2014-3668.patch: properly handle sizes in
ext/xmlrpc/libxmlrpc/xmlrpc.c, added test to
ext/xmlrpc/tests/bug68027.phpt.
- CVE-2014-3668
* SECURITY UPDATE: integer overflow in unserialize()
- debian/patches/CVE-2014-3669.patch: fix overflow in
ext/standard/var_unserializer.{c,re}, added test to
ext/standard/tests/serialize/bug68044.phpt.
- CVE-2014-3669
* SECURITY UPDATE: Heap corruption in exif_thumbnail()
- debian/patches/CVE-2014-3670.patch: fix sizes in ext/exif/exif.c.
- CVE-2014-3670
* SECURITY UPDATE: out of bounds read in elf note headers in fileinfo()
- debian/patches/CVE-2014-3710.patch: validate note headers in
ext/fileinfo/libmagic/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: local file disclosure via curl NULL byte injection
- debian/patches/curl_embedded_null.patch: don't accept curl options
with embedded NULLs in ext/curl/interface.c, added test to
ext/curl/tests/bug68089.phpt.
- No CVE number
-- Marc Deslauriers <email address hidden> Tue, 28 Oct 2014 14:41:37 -0400
Available diffs
php5 (5.3.2-1ubuntu4.28) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow in mkgmtime()
- debian/patches/CVE-2014-3668.patch: properly handle sizes in
ext/xmlrpc/libxmlrpc/xmlrpc.c, added test to
ext/xmlrpc/tests/bug68027.phpt.
- CVE-2014-3668
* SECURITY UPDATE: integer overflow in unserialize()
- debian/patches/CVE-2014-3669.patch: fix overflow in
ext/standard/var_unserializer.{c,re}, added test to
ext/standard/tests/serialize/bug68044.phpt.
- CVE-2014-3669
* SECURITY UPDATE: Heap corruption in exif_thumbnail()
- debian/patches/CVE-2014-3670.patch: fix sizes in ext/exif/exif.c.
- CVE-2014-3670
* SECURITY UPDATE: out of bounds read in elf note headers in fileinfo()
- debian/patches/CVE-2014-3710.patch: validate note headers in
ext/fileinfo/libmagic/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: local file disclosure via curl NULL byte injection
- debian/patches/curl_embedded_null.patch: don't accept curl options
with embedded NULLs in ext/curl/interface.c, added test to
ext/curl/tests/bug68089.phpt.
- No CVE number
-- Marc Deslauriers <email address hidden> Tue, 28 Oct 2014 15:17:04 -0400
Available diffs
| Superseded in vivid-release |
| Obsolete in utopic-release |
| Deleted in utopic-proposed (Reason: moved to release) |
php5 (5.5.12+dfsg-2ubuntu4) utopic; urgency=medium
* SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
- debian/patches/CVE-2014-3587.patch: check for array under-runs as well
as over-runs in ext/fileinfo/libmagic/cdf.c
- CVE-2014-3587
* SECURITY UPDATE: denial of service in dns_get_record
- debian/patches/CVE-2014-3597.patch: check for DNS overflows in
ext/standard/dns.c
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 03 Sep 2014 23:27:47 -0700
Available diffs
php5 (5.3.2-1ubuntu4.27) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
- debian/patches/CVE-2014-3587.patch: check for array under-runs as well
as over-runs in ext/fileinfo/libmagic/cdf.c
- CVE-2014-3587
* SECURITY UPDATE: denial of service in dns_get_record
- debian/patches/CVE-2014-3597.patch: check for DNS overflows in
ext/standard/dns.c
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 03 Sep 2014 23:27:31 -0700
Available diffs
php5 (5.3.10-1ubuntu3.14) precise-security; urgency=medium
* SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
- debian/patches/CVE-2014-3587.patch: check for array under-runs as well
as over-runs in ext/fileinfo/libmagic/cdf.c
- CVE-2014-3587
* SECURITY UPDATE: denial of service in dns_get_record
- debian/patches/CVE-2014-3597.patch: check for DNS overflows in
ext/standard/dns.c
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 03 Sep 2014 23:27:39 -0700
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
- debian/patches/CVE-2014-3587.patch: check for array under-runs as well
as over-runs in ext/fileinfo/libmagic/cdf.c
- CVE-2014-3587
* SECURITY UPDATE: denial of service in dns_get_record
- debian/patches/CVE-2014-3597.patch: check for DNS overflows in
ext/standard/dns.c
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 03 Sep 2014 23:33:06 -0700
Available diffs
php5 (5.5.12+dfsg-2ubuntu3) utopic; urgency=medium
* SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in FileInfo mconvert
- debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
string size in ext/fileinfo/libmagic/softmagic.c.
- CVE-2014-3478
* SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-3487
* SECURITY UPDATE: denial of service and possible code execution via
unserialize() SPL type confusion
- debian/patches/CVE-2014-3515.patch: properly check types in
ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
- CVE-2014-3515
* SECURITY UPDATE: denial of service via SPL Iterators use-after-free
- debian/patches/CVE-2014-4670.patch: fix use-after-free in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
- CVE-2014-4670
* SECURITY UPDATE: denial of service via ArrayIterator use-after-free
- debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
during sorting in ext/spl/spl_array.c, added test to
ext/spl/tests/bug67539.phpt.
- CVE-2014-4698
* SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
- debian/patches/CVE-2014-4721.patch: fix type confusion in
ext/standard/info.c, added test to
ext/standard/tests/general_functions/bug67498.phpt.
- CVE-2014-4721
-- Marc Deslauriers <email address hidden> Wed, 09 Jul 2014 13:00:04 -0400
Available diffs
php5 (5.3.2-1ubuntu4.26) lucid-security; urgency=medium
* SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service and possible code execution via
unserialize() SPL type confusion
- debian/patches/CVE-2014-3515.patch: properly check types in
ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
- CVE-2014-3515
* SECURITY UPDATE: denial of service via SPL Iterators use-after-free
- debian/patches/CVE-2014-4670.patch: fix use-after-free in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
- CVE-2014-4670
* SECURITY UPDATE: denial of service via ArrayIterator use-after-free
- debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
during sorting in ext/spl/spl_array.c, added test to
ext/spl/tests/bug67539.phpt.
- CVE-2014-4698
* SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
- debian/patches/CVE-2014-4721.patch: fix type confusion in
ext/standard/info.c, added test to
ext/standard/tests/general_functions/bug67498.phpt.
- CVE-2014-4721
-- Marc Deslauriers <email address hidden> Tue, 08 Jul 2014 21:22:42 -0400
Available diffs
php5 (5.3.10-1ubuntu3.13) precise-security; urgency=medium
* SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service and possible code execution via
unserialize() SPL type confusion
- debian/patches/CVE-2014-3515.patch: properly check types in
ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
- CVE-2014-3515
* SECURITY UPDATE: denial of service via SPL Iterators use-after-free
- debian/patches/CVE-2014-4670.patch: fix use-after-free in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
- CVE-2014-4670
* SECURITY UPDATE: denial of service via ArrayIterator use-after-free
- debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
during sorting in ext/spl/spl_array.c, added test to
ext/spl/tests/bug67539.phpt.
- CVE-2014-4698
* SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
- debian/patches/CVE-2014-4721.patch: fix type confusion in
ext/standard/info.c, added test to
ext/standard/tests/general_functions/bug67498.phpt.
- CVE-2014-4721
-- Marc Deslauriers <email address hidden> Mon, 07 Jul 2014 08:41:06 -0400
Available diffs
php5 (5.5.3+dfsg-1ubuntu2.6) saucy-security; urgency=medium
* SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in FileInfo mconvert
- debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
string size in ext/fileinfo/libmagic/softmagic.c.
- CVE-2014-3478
* SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-3487
* SECURITY UPDATE: denial of service and possible code execution via
unserialize() SPL type confusion
- debian/patches/CVE-2014-3515.patch: properly check types in
ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
- CVE-2014-3515
* SECURITY UPDATE: denial of service via SPL Iterators use-after-free
- debian/patches/CVE-2014-4670.patch: fix use-after-free in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
- CVE-2014-4670
* SECURITY UPDATE: denial of service via ArrayIterator use-after-free
- debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
during sorting in ext/spl/spl_array.c, added test to
ext/spl/tests/bug67539.phpt.
- CVE-2014-4698
* SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
- debian/patches/CVE-2014-4721.patch: fix type confusion in
ext/standard/info.c, added test to
ext/standard/tests/general_functions/bug67498.phpt.
- CVE-2014-4721
-- Marc Deslauriers <email address hidden> Mon, 07 Jul 2014 07:46:31 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.3) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
- debian/patches/CVE-2014-0207.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-0207
* SECURITY UPDATE: denial of service in FileInfo mconvert
- debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
string size in ext/fileinfo/libmagic/softmagic.c.
- CVE-2014-3478
* SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset
- debian/patches/CVE-2014-3479.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-3479
* SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
- debian/patches/CVE-2014-3480.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-3480
* SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
- debian/patches/CVE-2014-3487.patch: properly calculate sizes in
ext/fileinfo/libmagic/cdf.c.
- CVE-2014-3487
* SECURITY UPDATE: denial of service and possible code execution via
unserialize() SPL type confusion
- debian/patches/CVE-2014-3515.patch: properly check types in
ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
- CVE-2014-3515
* SECURITY UPDATE: denial of service via SPL Iterators use-after-free
- debian/patches/CVE-2014-4670.patch: fix use-after-free in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
- CVE-2014-4670
* SECURITY UPDATE: denial of service via ArrayIterator use-after-free
- debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
during sorting in ext/spl/spl_array.c, added test to
ext/spl/tests/bug67539.phpt.
- CVE-2014-4698
* SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
- debian/patches/CVE-2014-4721.patch: fix type confusion in
ext/standard/info.c, added test to
ext/standard/tests/general_functions/bug67498.phpt.
- CVE-2014-4721
-- Marc Deslauriers <email address hidden> Mon, 07 Jul 2014 07:44:21 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.2) trusty-security; urgency=medium * SECURITY UPDATE: better FastCGI socket permissions (LP: #1334337) - debian/rules: enable listen.owner and listen.group so that the socket is accessible to www-data by default. This allows most setups to continue working with the more restrictive permissions. -- Marc Deslauriers <email address hidden> Wed, 25 Jun 2014 11:46:16 -0400
Available diffs
| 1 → 75 of 362 results | First • Previous • Next • Last |
