Git : Code : php5 package : Ubuntu

Ubuntu
php5 package

Overview
Code
Bugs
Blueprints
Translations
Answers

View Bazaar branches

Get this repository:: git clone https://git.launchpad.net/ubuntu/+source/php5

Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name	Last Modified	Last Commit
importer/ubuntu/dsc	2018-09-18 10:26:03 UTC 2018-09-18	DSC file for 5.5.9+dfsg-1ubuntu4.26 Author: Ubuntu Git Importer Author Date: 2018-09-18 10:26:03 UTC DSC file for 5.5.9+dfsg-1ubuntu4.26
applied/ubuntu/trusty-security	2018-09-18 07:19:25 UTC 2018-09-18	Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trust... Author: Marc Deslauriers Author Date: 2018-09-17 07:45:24 UTC Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 7fb5795516d107ff31c63dab99b75945d478895a Unapplied parent: 034b061f3f79747fa2c7cd918a2d12662d08e9b7 New changelog entries: * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c. - CVE-2018-14851 * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c. - CVE-2018-14883 * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked - debian/patches/bug76582.patch: clean up brigade in sapi/apache2handler/sapi_apache2.c. - No CVE number
ubuntu/trusty-devel	2018-09-18 07:19:25 UTC 2018-09-18	Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-secu... Author: Marc Deslauriers Author Date: 2018-09-17 07:45:24 UTC Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 61febe3275efdd8af1339ff6ae7eb94a01b2dac4 New changelog entries: * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c. - CVE-2018-14851 * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c. - CVE-2018-14883 * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked - debian/patches/bug76582.patch: clean up brigade in sapi/apache2handler/sapi_apache2.c. - No CVE number
applied/ubuntu/trusty-updates	2018-09-18 07:19:25 UTC 2018-09-18	Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trust... Author: Marc Deslauriers Author Date: 2018-09-17 07:45:24 UTC Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 7fb5795516d107ff31c63dab99b75945d478895a Unapplied parent: 034b061f3f79747fa2c7cd918a2d12662d08e9b7 New changelog entries: * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c. - CVE-2018-14851 * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c. - CVE-2018-14883 * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked - debian/patches/bug76582.patch: clean up brigade in sapi/apache2handler/sapi_apache2.c. - No CVE number
ubuntu/trusty-updates	2018-09-18 07:19:25 UTC 2018-09-18	Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-secu... Author: Marc Deslauriers Author Date: 2018-09-17 07:45:24 UTC Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 61febe3275efdd8af1339ff6ae7eb94a01b2dac4 New changelog entries: * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c. - CVE-2018-14851 * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c. - CVE-2018-14883 * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked - debian/patches/bug76582.patch: clean up brigade in sapi/apache2handler/sapi_apache2.c. - No CVE number
ubuntu/trusty-security	2018-09-18 07:19:25 UTC 2018-09-18	Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-secu... Author: Marc Deslauriers Author Date: 2018-09-17 07:45:24 UTC Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 61febe3275efdd8af1339ff6ae7eb94a01b2dac4 New changelog entries: * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c. - CVE-2018-14851 * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c. - CVE-2018-14883 * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked - debian/patches/bug76582.patch: clean up brigade in sapi/apache2handler/sapi_apache2.c. - No CVE number
applied/ubuntu/trusty-devel	2018-09-18 07:19:25 UTC 2018-09-18	Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trust... Author: Marc Deslauriers Author Date: 2018-09-17 07:45:24 UTC Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trusty-security Imported using git-ubuntu import. Changelog parent: 7fb5795516d107ff31c63dab99b75945d478895a Unapplied parent: 034b061f3f79747fa2c7cd918a2d12662d08e9b7 New changelog entries: * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c. - CVE-2018-14851 * SECURITY UPDATE: denial of service in exif parsing - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c. - CVE-2018-14883 * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked - debian/patches/bug76582.patch: clean up brigade in sapi/apache2handler/sapi_apache2.c. - No CVE number
importer/debian/dsc	2018-07-05 14:44:56 UTC 2018-07-05	DSC file for 5.6.33+dfsg-0+deb8u1 Author: Ubuntu Git Importer Author Date: 2018-07-05 14:44:56 UTC DSC file for 5.6.33+dfsg-0+deb8u1
debian/jessie	2018-06-23 17:25:31 UTC 2018-06-23	Import patches-unapplied version 5.6.33+dfsg-0+deb8u1 to debian/jessie Author: Ondřej Surý Author Date: 2018-01-05 13:31:37 UTC Import patches-unapplied version 5.6.33+dfsg-0+deb8u1 to debian/jessie Imported using git-ubuntu import. Changelog parent: 925286d6a0cdc86901975bce8b8e3bd4aa1fc851 New changelog entries: * Add support for signed upstream tarballs * Make d/copyright machine readable * Remove repack.sh script in favour of uscan repacking * Update Vcs-* links to salsa.d.o * New upstream version 5.6.33+dfsg * Rebase patches on top of new upstream releases. * New upstream version 5.6.31+dfsg * Refresh patches on top of PHP 5.6.31 * Pull upstream fix for PHP bug #64827: Segfault in zval_mark_grey (zend_gc.c) * [CVE-2017-7272]: Fix detect invalid port in xp_socket parse ip address * Add debian/source/include-binaries to allow starting the build in Debian stretch
importer/ubuntu/pristine-tar	2018-03-09 00:32:34 UTC 2018-03-09	pristine-tar data for php5_5.6.17+dfsg.orig.tar.xz Author: Ubuntu Git Importer Author Date: 2018-03-09 00:32:34 UTC pristine-tar data for php5_5.6.17+dfsg.orig.tar.xz
importer/debian/pristine-tar	2018-03-08 19:43:49 UTC 2018-03-08	pristine-tar data for php5_5.6.30+dfsg.orig.tar.xz Author: Ubuntu Git Importer Author Date: 2018-03-08 19:43:49 UTC pristine-tar data for php5_5.6.30+dfsg.orig.tar.xz
ubuntu/precise-security	2017-02-14 18:38:23 UTC 2017-02-14	Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security Author: Marc Deslauriers Author Date: 2017-02-10 15:32:09 UTC Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: 3bb7cd4a2f227a122349a88c1f9010d1ff4a82a4 New changelog entries: * SECURITY UPDATE: overflow in locale_get_display_name - debian/patches/CVE-2014-9912.patch: check locale name length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug67397.phpt. - CVE-2014-9912 * SECURITY UPDATE: infinite loop via crafted serialized data - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value in Zend/zend_exceptions.c, fix tests in ext/standard/tests/serialize/bug69152.phpt, ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre2.patch: fix test in ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to Zend/zend_API.. - debian/patches/CVE-2016-7478.patch: fix memcpy in Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c, ext/bcmath/libbcmath/src/outofmem.c. - CVE-2016-7478 SECURITY UPDATE: arbitrary code execution via crafted serialized data - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference in ext/standard/var_unserializer., added test to standard/tests/serialize/bug68545.phpt. - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in ext/standard/var_unserializer.. - CVE-2016-7479 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c, ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt, ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt. - CVE-2016-9934 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9935-1.patch: fix memory leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c. - CVE-2016-9935 * SECURITY UPDATE: exif DoS via FPE - debian/patches/CVE-2016-10158.patch: fix integer size issue in ext/exif/exif.c. - CVE-2016-10158 * SECURITY UPDATE: integer overflow in phar_parse_pharfile - debian/patches/CVE-2016-10159.patch: fix overflows in ext/phar/phar.c. - CVE-2016-10159 * SECURITY UPDATE: off-by-one in phar_parse_pharfile - debian/patches/CVE-2016-10160.patch: handle length in ext/phar/phar.c. - CVE-2016-10160 * SECURITY UPDATE: denial of service via crafted serialized data - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in ext/standard/var_unserializer., added test to ext/standard/tests/serialize/bug73825.phpt. - CVE-2016-10161 debian/control: Build-Depends on mysql-server-5.5 to work with recent MySQL security updates.
applied/ubuntu/precise-updates	2017-02-14 18:38:23 UTC 2017-02-14	Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-s... Author: Marc Deslauriers Author Date: 2017-02-10 15:32:09 UTC Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: e33dc145ce786c161b8b7f519c4b20a3e42c7fac Unapplied parent: e4e590cbde2f374accae4f0ccce7477ffe8f047c New changelog entries: * SECURITY UPDATE: overflow in locale_get_display_name - debian/patches/CVE-2014-9912.patch: check locale name length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug67397.phpt. - CVE-2014-9912 * SECURITY UPDATE: infinite loop via crafted serialized data - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value in Zend/zend_exceptions.c, fix tests in ext/standard/tests/serialize/bug69152.phpt, ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre2.patch: fix test in ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to Zend/zend_API.. - debian/patches/CVE-2016-7478.patch: fix memcpy in Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c, ext/bcmath/libbcmath/src/outofmem.c. - CVE-2016-7478 SECURITY UPDATE: arbitrary code execution via crafted serialized data - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference in ext/standard/var_unserializer., added test to standard/tests/serialize/bug68545.phpt. - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in ext/standard/var_unserializer.. - CVE-2016-7479 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c, ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt, ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt. - CVE-2016-9934 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9935-1.patch: fix memory leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c. - CVE-2016-9935 * SECURITY UPDATE: exif DoS via FPE - debian/patches/CVE-2016-10158.patch: fix integer size issue in ext/exif/exif.c. - CVE-2016-10158 * SECURITY UPDATE: integer overflow in phar_parse_pharfile - debian/patches/CVE-2016-10159.patch: fix overflows in ext/phar/phar.c. - CVE-2016-10159 * SECURITY UPDATE: off-by-one in phar_parse_pharfile - debian/patches/CVE-2016-10160.patch: handle length in ext/phar/phar.c. - CVE-2016-10160 * SECURITY UPDATE: denial of service via crafted serialized data - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in ext/standard/var_unserializer., added test to ext/standard/tests/serialize/bug73825.phpt. - CVE-2016-10161 debian/control: Build-Depends on mysql-server-5.5 to work with recent MySQL security updates.
ubuntu/precise-devel	2017-02-14 18:38:23 UTC 2017-02-14	Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security Author: Marc Deslauriers Author Date: 2017-02-10 15:32:09 UTC Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: 3bb7cd4a2f227a122349a88c1f9010d1ff4a82a4 New changelog entries: * SECURITY UPDATE: overflow in locale_get_display_name - debian/patches/CVE-2014-9912.patch: check locale name length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug67397.phpt. - CVE-2014-9912 * SECURITY UPDATE: infinite loop via crafted serialized data - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value in Zend/zend_exceptions.c, fix tests in ext/standard/tests/serialize/bug69152.phpt, ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre2.patch: fix test in ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to Zend/zend_API.. - debian/patches/CVE-2016-7478.patch: fix memcpy in Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c, ext/bcmath/libbcmath/src/outofmem.c. - CVE-2016-7478 SECURITY UPDATE: arbitrary code execution via crafted serialized data - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference in ext/standard/var_unserializer., added test to standard/tests/serialize/bug68545.phpt. - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in ext/standard/var_unserializer.. - CVE-2016-7479 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c, ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt, ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt. - CVE-2016-9934 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9935-1.patch: fix memory leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c. - CVE-2016-9935 * SECURITY UPDATE: exif DoS via FPE - debian/patches/CVE-2016-10158.patch: fix integer size issue in ext/exif/exif.c. - CVE-2016-10158 * SECURITY UPDATE: integer overflow in phar_parse_pharfile - debian/patches/CVE-2016-10159.patch: fix overflows in ext/phar/phar.c. - CVE-2016-10159 * SECURITY UPDATE: off-by-one in phar_parse_pharfile - debian/patches/CVE-2016-10160.patch: handle length in ext/phar/phar.c. - CVE-2016-10160 * SECURITY UPDATE: denial of service via crafted serialized data - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in ext/standard/var_unserializer., added test to ext/standard/tests/serialize/bug73825.phpt. - CVE-2016-10161 debian/control: Build-Depends on mysql-server-5.5 to work with recent MySQL security updates.
applied/ubuntu/precise-devel	2017-02-14 18:38:23 UTC 2017-02-14	Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-s... Author: Marc Deslauriers Author Date: 2017-02-10 15:32:09 UTC Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: e33dc145ce786c161b8b7f519c4b20a3e42c7fac Unapplied parent: e4e590cbde2f374accae4f0ccce7477ffe8f047c New changelog entries: * SECURITY UPDATE: overflow in locale_get_display_name - debian/patches/CVE-2014-9912.patch: check locale name length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug67397.phpt. - CVE-2014-9912 * SECURITY UPDATE: infinite loop via crafted serialized data - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value in Zend/zend_exceptions.c, fix tests in ext/standard/tests/serialize/bug69152.phpt, ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre2.patch: fix test in ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to Zend/zend_API.. - debian/patches/CVE-2016-7478.patch: fix memcpy in Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c, ext/bcmath/libbcmath/src/outofmem.c. - CVE-2016-7478 SECURITY UPDATE: arbitrary code execution via crafted serialized data - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference in ext/standard/var_unserializer., added test to standard/tests/serialize/bug68545.phpt. - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in ext/standard/var_unserializer.. - CVE-2016-7479 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c, ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt, ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt. - CVE-2016-9934 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9935-1.patch: fix memory leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c. - CVE-2016-9935 * SECURITY UPDATE: exif DoS via FPE - debian/patches/CVE-2016-10158.patch: fix integer size issue in ext/exif/exif.c. - CVE-2016-10158 * SECURITY UPDATE: integer overflow in phar_parse_pharfile - debian/patches/CVE-2016-10159.patch: fix overflows in ext/phar/phar.c. - CVE-2016-10159 * SECURITY UPDATE: off-by-one in phar_parse_pharfile - debian/patches/CVE-2016-10160.patch: handle length in ext/phar/phar.c. - CVE-2016-10160 * SECURITY UPDATE: denial of service via crafted serialized data - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in ext/standard/var_unserializer., added test to ext/standard/tests/serialize/bug73825.phpt. - CVE-2016-10161 debian/control: Build-Depends on mysql-server-5.5 to work with recent MySQL security updates.
applied/ubuntu/precise-security	2017-02-14 18:38:23 UTC 2017-02-14	Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-s... Author: Marc Deslauriers Author Date: 2017-02-10 15:32:09 UTC Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: e33dc145ce786c161b8b7f519c4b20a3e42c7fac Unapplied parent: e4e590cbde2f374accae4f0ccce7477ffe8f047c New changelog entries: * SECURITY UPDATE: overflow in locale_get_display_name - debian/patches/CVE-2014-9912.patch: check locale name length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug67397.phpt. - CVE-2014-9912 * SECURITY UPDATE: infinite loop via crafted serialized data - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value in Zend/zend_exceptions.c, fix tests in ext/standard/tests/serialize/bug69152.phpt, ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre2.patch: fix test in ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to Zend/zend_API.. - debian/patches/CVE-2016-7478.patch: fix memcpy in Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c, ext/bcmath/libbcmath/src/outofmem.c. - CVE-2016-7478 SECURITY UPDATE: arbitrary code execution via crafted serialized data - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference in ext/standard/var_unserializer., added test to standard/tests/serialize/bug68545.phpt. - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in ext/standard/var_unserializer.. - CVE-2016-7479 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c, ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt, ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt. - CVE-2016-9934 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9935-1.patch: fix memory leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c. - CVE-2016-9935 * SECURITY UPDATE: exif DoS via FPE - debian/patches/CVE-2016-10158.patch: fix integer size issue in ext/exif/exif.c. - CVE-2016-10158 * SECURITY UPDATE: integer overflow in phar_parse_pharfile - debian/patches/CVE-2016-10159.patch: fix overflows in ext/phar/phar.c. - CVE-2016-10159 * SECURITY UPDATE: off-by-one in phar_parse_pharfile - debian/patches/CVE-2016-10160.patch: handle length in ext/phar/phar.c. - CVE-2016-10160 * SECURITY UPDATE: denial of service via crafted serialized data - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in ext/standard/var_unserializer., added test to ext/standard/tests/serialize/bug73825.phpt. - CVE-2016-10161 debian/control: Build-Depends on mysql-server-5.5 to work with recent MySQL security updates.
ubuntu/precise-updates	2017-02-14 18:38:23 UTC 2017-02-14	Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security Author: Marc Deslauriers Author Date: 2017-02-10 15:32:09 UTC Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security Imported using git-ubuntu import. Changelog parent: 3bb7cd4a2f227a122349a88c1f9010d1ff4a82a4 New changelog entries: * SECURITY UPDATE: overflow in locale_get_display_name - debian/patches/CVE-2014-9912.patch: check locale name length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug67397.phpt. - CVE-2014-9912 * SECURITY UPDATE: infinite loop via crafted serialized data - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value in Zend/zend_exceptions.c, fix tests in ext/standard/tests/serialize/bug69152.phpt, ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre2.patch: fix test in ext/standard/tests/serialize/bug69793.phpt. - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to Zend/zend_API.. - debian/patches/CVE-2016-7478.patch: fix memcpy in Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c, ext/bcmath/libbcmath/src/outofmem.c. - CVE-2016-7478 SECURITY UPDATE: arbitrary code execution via crafted serialized data - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference in ext/standard/var_unserializer., added test to standard/tests/serialize/bug68545.phpt. - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in ext/standard/var_unserializer.. - CVE-2016-7479 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c, ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt, ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt. - CVE-2016-9934 * SECURITY UPDATE: denial of service via crafted wddxPacket XML document - debian/patches/CVE-2016-9935-1.patch: fix memory leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c. - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c. - CVE-2016-9935 * SECURITY UPDATE: exif DoS via FPE - debian/patches/CVE-2016-10158.patch: fix integer size issue in ext/exif/exif.c. - CVE-2016-10158 * SECURITY UPDATE: integer overflow in phar_parse_pharfile - debian/patches/CVE-2016-10159.patch: fix overflows in ext/phar/phar.c. - CVE-2016-10159 * SECURITY UPDATE: off-by-one in phar_parse_pharfile - debian/patches/CVE-2016-10160.patch: handle length in ext/phar/phar.c. - CVE-2016-10160 * SECURITY UPDATE: denial of service via crafted serialized data - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in ext/standard/var_unserializer., added test to ext/standard/tests/serialize/bug73825.phpt. - CVE-2016-10161 debian/control: Build-Depends on mysql-server-5.5 to work with recent MySQL security updates.
debian/sid	2016-09-18 22:26:04 UTC 2016-09-18	Import patches-unapplied version 5.6.26+dfsg-1 to debian/sid Author: Ondřej Surý Author Date: 2016-09-18 08:59:09 UTC Import patches-unapplied version 5.6.26+dfsg-1 to debian/sid Imported using git-ubuntu import. Changelog parent: cd00196f62db0082a6f9d75f27c63b4e45e31743 New changelog entries: * Imported Upstream version 5.6.26+dfsg * Rebase patches on top of PHP 5.6.26+dfsg release * Imported Upstream version 5.6.25+dfsg * Rebase patches on top of 5.6.25+dfsg
debian/stretch	2016-06-16 10:19:56 UTC 2016-06-16	Import patches-unapplied version 5.6.22+dfsg-2 to debian/sid Author: Ondřej Surý Author Date: 2016-06-15 16:02:46 UTC Import patches-unapplied version 5.6.22+dfsg-2 to debian/sid Imported using git-ubuntu import. Changelog parent: 6d17da71047aab3cf46ec748db7ea693700efa1d New changelog entries: * Silence errors from find caused by time race (Closes: #827370)
ubuntu/trusty-proposed	2016-06-01 12:49:03 UTC 2016-06-01	Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.18 to ubuntu/trusty-prop... Author: Nish Aravamudan Author Date: 2016-05-31 12:58:02 UTC Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.18 to ubuntu/trusty-proposed Imported using git-ubuntu import. Changelog parent: 997715b98c4db94fec5538026056b76417898fe1 New changelog entries: * Fix zlib function naming with LFS (LP: #1315888).
applied/ubuntu/trusty-proposed	2016-06-01 12:49:03 UTC 2016-06-01	Import patches-applied version 5.5.9+dfsg-1ubuntu4.18 to applied/ubuntu/trust... Author: Nish Aravamudan Author Date: 2016-05-31 12:58:02 UTC Import patches-applied version 5.5.9+dfsg-1ubuntu4.18 to applied/ubuntu/trusty-proposed Imported using git-ubuntu import. Changelog parent: 5869edc535bd6bf178dc3e0e9e175d3097307e6c Unapplied parent: f1785799bbad924e62dc222b9df565e82b8b87b2 New changelog entries: * Fix zlib function naming with LFS (LP: #1315888).
ubuntu/wily-updates	2016-05-24 17:34:37 UTC 2016-05-24	Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security Author: Marc Deslauriers Author Date: 2016-05-19 16:03:33 UTC Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: ce459fd1884cc2398d02e4835c7113d74179f5e9 New changelog entries: * SECURITY UPDATE: heap corruption in tar/zip/phar parser - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in ext/phar/phar_object.c. - CVE-2016-4342 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2016-4343.patch: check lengths in ext/phar/dirstream.c, ext/phar/tar.c. - CVE-2016-4343 * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_ definition - debian/patches/CVE-2016-4537.patch: properly detect scale in ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt. - CVE-2016-4537 - CVE-2016-4538 * SECURITY UPDATE: xml_parse_into_struct segmentation fault - debian/patches/CVE-2016-4539.patch: check parser->level in ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt. - CVE-2016-4539 * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and zif_grapheme_strpos with negative offset - debian/patches/CVE-2016-4540.patch: check bounds in ext/intl/grapheme/grapheme_string.c, added test to ext/intl/tests/bug72061.phpt. - CVE-2016-4540 - CVE-2016-4541 * SECURITY UPDATE: out of bounds heap read access in exif header processing - debian/patches/CVE-2016-4542.patch: check sizes and length in ext/exif/exif.c. - CVE-2016-4542 - CVE-2016-4543 - CVE-2016-4544
applied/ubuntu/wily-security	2016-05-24 17:34:37 UTC 2016-05-24	Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-... Author: Marc Deslauriers Author Date: 2016-05-19 16:03:33 UTC Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: 0492ff403a794472a2bc1732e4c9e59e65d4f100 Unapplied parent: e72f3f6ea8aa29c5d64e54357fa12d422017231c New changelog entries: * SECURITY UPDATE: heap corruption in tar/zip/phar parser - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in ext/phar/phar_object.c. - CVE-2016-4342 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2016-4343.patch: check lengths in ext/phar/dirstream.c, ext/phar/tar.c. - CVE-2016-4343 * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_ definition - debian/patches/CVE-2016-4537.patch: properly detect scale in ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt. - CVE-2016-4537 - CVE-2016-4538 * SECURITY UPDATE: xml_parse_into_struct segmentation fault - debian/patches/CVE-2016-4539.patch: check parser->level in ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt. - CVE-2016-4539 * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and zif_grapheme_strpos with negative offset - debian/patches/CVE-2016-4540.patch: check bounds in ext/intl/grapheme/grapheme_string.c, added test to ext/intl/tests/bug72061.phpt. - CVE-2016-4540 - CVE-2016-4541 * SECURITY UPDATE: out of bounds heap read access in exif header processing - debian/patches/CVE-2016-4542.patch: check sizes and length in ext/exif/exif.c. - CVE-2016-4542 - CVE-2016-4543 - CVE-2016-4544
ubuntu/wily-security	2016-05-24 17:34:37 UTC 2016-05-24	Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security Author: Marc Deslauriers Author Date: 2016-05-19 16:03:33 UTC Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: ce459fd1884cc2398d02e4835c7113d74179f5e9 New changelog entries: * SECURITY UPDATE: heap corruption in tar/zip/phar parser - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in ext/phar/phar_object.c. - CVE-2016-4342 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2016-4343.patch: check lengths in ext/phar/dirstream.c, ext/phar/tar.c. - CVE-2016-4343 * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_ definition - debian/patches/CVE-2016-4537.patch: properly detect scale in ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt. - CVE-2016-4537 - CVE-2016-4538 * SECURITY UPDATE: xml_parse_into_struct segmentation fault - debian/patches/CVE-2016-4539.patch: check parser->level in ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt. - CVE-2016-4539 * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and zif_grapheme_strpos with negative offset - debian/patches/CVE-2016-4540.patch: check bounds in ext/intl/grapheme/grapheme_string.c, added test to ext/intl/tests/bug72061.phpt. - CVE-2016-4540 - CVE-2016-4541 * SECURITY UPDATE: out of bounds heap read access in exif header processing - debian/patches/CVE-2016-4542.patch: check sizes and length in ext/exif/exif.c. - CVE-2016-4542 - CVE-2016-4543 - CVE-2016-4544
applied/ubuntu/wily-updates	2016-05-24 17:34:37 UTC 2016-05-24	Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-... Author: Marc Deslauriers Author Date: 2016-05-19 16:03:33 UTC Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: 0492ff403a794472a2bc1732e4c9e59e65d4f100 Unapplied parent: e72f3f6ea8aa29c5d64e54357fa12d422017231c New changelog entries: * SECURITY UPDATE: heap corruption in tar/zip/phar parser - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in ext/phar/phar_object.c. - CVE-2016-4342 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2016-4343.patch: check lengths in ext/phar/dirstream.c, ext/phar/tar.c. - CVE-2016-4343 * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_ definition - debian/patches/CVE-2016-4537.patch: properly detect scale in ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt. - CVE-2016-4537 - CVE-2016-4538 * SECURITY UPDATE: xml_parse_into_struct segmentation fault - debian/patches/CVE-2016-4539.patch: check parser->level in ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt. - CVE-2016-4539 * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and zif_grapheme_strpos with negative offset - debian/patches/CVE-2016-4540.patch: check bounds in ext/intl/grapheme/grapheme_string.c, added test to ext/intl/tests/bug72061.phpt. - CVE-2016-4540 - CVE-2016-4541 * SECURITY UPDATE: out of bounds heap read access in exif header processing - debian/patches/CVE-2016-4542.patch: check sizes and length in ext/exif/exif.c. - CVE-2016-4542 - CVE-2016-4543 - CVE-2016-4544
ubuntu/wily-devel	2016-05-24 17:34:37 UTC 2016-05-24	Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security Author: Marc Deslauriers Author Date: 2016-05-19 16:03:33 UTC Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: ce459fd1884cc2398d02e4835c7113d74179f5e9 New changelog entries: * SECURITY UPDATE: heap corruption in tar/zip/phar parser - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in ext/phar/phar_object.c. - CVE-2016-4342 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2016-4343.patch: check lengths in ext/phar/dirstream.c, ext/phar/tar.c. - CVE-2016-4343 * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_ definition - debian/patches/CVE-2016-4537.patch: properly detect scale in ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt. - CVE-2016-4537 - CVE-2016-4538 * SECURITY UPDATE: xml_parse_into_struct segmentation fault - debian/patches/CVE-2016-4539.patch: check parser->level in ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt. - CVE-2016-4539 * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and zif_grapheme_strpos with negative offset - debian/patches/CVE-2016-4540.patch: check bounds in ext/intl/grapheme/grapheme_string.c, added test to ext/intl/tests/bug72061.phpt. - CVE-2016-4540 - CVE-2016-4541 * SECURITY UPDATE: out of bounds heap read access in exif header processing - debian/patches/CVE-2016-4542.patch: check sizes and length in ext/exif/exif.c. - CVE-2016-4542 - CVE-2016-4543 - CVE-2016-4544
applied/ubuntu/wily-devel	2016-05-24 17:34:37 UTC 2016-05-24	Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-... Author: Marc Deslauriers Author Date: 2016-05-19 16:03:33 UTC Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-security Imported using git-ubuntu import. Changelog parent: 0492ff403a794472a2bc1732e4c9e59e65d4f100 Unapplied parent: e72f3f6ea8aa29c5d64e54357fa12d422017231c New changelog entries: * SECURITY UPDATE: heap corruption in tar/zip/phar parser - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in ext/phar/phar_object.c. - CVE-2016-4342 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2016-4343.patch: check lengths in ext/phar/dirstream.c, ext/phar/tar.c. - CVE-2016-4343 * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_ definition - debian/patches/CVE-2016-4537.patch: properly detect scale in ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt. - CVE-2016-4537 - CVE-2016-4538 * SECURITY UPDATE: xml_parse_into_struct segmentation fault - debian/patches/CVE-2016-4539.patch: check parser->level in ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt. - CVE-2016-4539 * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and zif_grapheme_strpos with negative offset - debian/patches/CVE-2016-4540.patch: check bounds in ext/intl/grapheme/grapheme_string.c, added test to ext/intl/tests/bug72061.phpt. - CVE-2016-4540 - CVE-2016-4541 * SECURITY UPDATE: out of bounds heap read access in exif header processing - debian/patches/CVE-2016-4542.patch: check sizes and length in ext/exif/exif.c. - CVE-2016-4542 - CVE-2016-4543 - CVE-2016-4544
debian/wheezy	2016-04-02 23:40:25 UTC 2016-04-02	Import patches-unapplied version 5.4.45-0+deb7u2 to debian/wheezy Author: Ondřej Surý Author Date: 2015-10-04 15:12:28 UTC Import patches-unapplied version 5.4.45-0+deb7u2 to debian/wheezy Imported using git-ubuntu import. Changelog parent: 9af75b699ca1104f58d68a079f0323235717fe92 New changelog entries: * Merge security updates from PHP 5.5.30 into PHP 5.4.45 - Phar: . Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). . Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"). * Add a notice about PHP 5.4 EOL to d/NEWS * New upstream version 5.4.45 - Core: . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). . Fixed bug #70219 (Use after free vulnerability in session deserializer). - EXIF: . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). - hash: . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). - PCRE: . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). - SOAP: . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). - SPL: . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). - XSLT: . Fixed bug #69782 (NULL pointer dereference). - ZIP: . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). * Rebase patches on top of 5.4.45 release
ubuntu/devel	2016-01-22 14:43:54 UTC 2016-01-22	Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed Author: Marc Deslauriers Author Date: 2016-01-21 19:32:01 UTC Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 0dcf22d74ea0c365c96414c876e88e5680fd956a New changelog entries: * Merge from Debian. Remaining changes: - Drop support for firebird, c-client, mcrypt, onig and qdbm as they are in universe: + d/control: drop Build-Depends on firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. + d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt and their reverse dependencies. + d/rules: drop configuration of qdgm, onig, imap, mcrypt. + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. + d/modulelist: drop imap, interbase and mcrypt. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/source_php5.py, d/rules: add apport hook.
ubuntu/xenial	2016-01-22 14:43:54 UTC 2016-01-22	Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed Author: Marc Deslauriers Author Date: 2016-01-21 19:32:01 UTC Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 0dcf22d74ea0c365c96414c876e88e5680fd956a New changelog entries: * Merge from Debian. Remaining changes: - Drop support for firebird, c-client, mcrypt, onig and qdbm as they are in universe: + d/control: drop Build-Depends on firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. + d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt and their reverse dependencies. + d/rules: drop configuration of qdgm, onig, imap, mcrypt. + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. + d/modulelist: drop imap, interbase and mcrypt. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/source_php5.py, d/rules: add apport hook.
ubuntu/xenial-proposed	2016-01-22 14:43:54 UTC 2016-01-22	Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed Author: Marc Deslauriers Author Date: 2016-01-21 19:32:01 UTC Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 0dcf22d74ea0c365c96414c876e88e5680fd956a New changelog entries: * Merge from Debian. Remaining changes: - Drop support for firebird, c-client, mcrypt, onig and qdbm as they are in universe: + d/control: drop Build-Depends on firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. + d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt and their reverse dependencies. + d/rules: drop configuration of qdgm, onig, imap, mcrypt. + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. + d/modulelist: drop imap, interbase and mcrypt. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/source_php5.py, d/rules: add apport hook.
applied/ubuntu/xenial-proposed	2016-01-22 14:43:54 UTC 2016-01-22	Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-... Author: Marc Deslauriers Author Date: 2016-01-21 19:32:01 UTC Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: ca13600a49fa735478859be16e31f09d02a2d573 Unapplied parent: f76528cf654992c4d1e00a3f64b1a7feaa354478 New changelog entries: * Merge from Debian. Remaining changes: - Drop support for firebird, c-client, mcrypt, onig and qdbm as they are in universe: + d/control: drop Build-Depends on firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. + d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt and their reverse dependencies. + d/rules: drop configuration of qdgm, onig, imap, mcrypt. + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. + d/modulelist: drop imap, interbase and mcrypt. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/source_php5.py, d/rules: add apport hook. * Fail gracefully when other PHP module is enabled in Apache2 * php5-maintscript-helper needs update for phpdbg to fix postinst failure * Disable tests on armhf as they take a long time * Merge patch for ODBC bug fix varchars returning with length zero * Fix missing phpdbg sapi from the for loop that prevented the modules to be enabled for phpdbg SAPI * Build-Depend just on libpng-dev * Imported Upstream version 5.6.17+dfsg * Rebase patches on top of 5.6.17 release * Make phar command versioned and use update-alternatives for 'phar' name to allow src:php5 packages to be co-installed with src:php7.0 * Remove invalid patch to not reset packagingroot inside PEAR/Command/Install.php * Revert PEAR version to last working version from PHP 5.6.14 (Closes: #805222)
applied/ubuntu/xenial-devel	2016-01-22 14:43:54 UTC 2016-01-22	Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-... Author: Marc Deslauriers Author Date: 2016-01-21 19:32:01 UTC Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: ca13600a49fa735478859be16e31f09d02a2d573 Unapplied parent: f76528cf654992c4d1e00a3f64b1a7feaa354478 New changelog entries: * Merge from Debian. Remaining changes: - Drop support for firebird, c-client, mcrypt, onig and qdbm as they are in universe: + d/control: drop Build-Depends on firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. + d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt and their reverse dependencies. + d/rules: drop configuration of qdgm, onig, imap, mcrypt. + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. + d/modulelist: drop imap, interbase and mcrypt. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/source_php5.py, d/rules: add apport hook. * Fail gracefully when other PHP module is enabled in Apache2 * php5-maintscript-helper needs update for phpdbg to fix postinst failure * Disable tests on armhf as they take a long time * Merge patch for ODBC bug fix varchars returning with length zero * Fix missing phpdbg sapi from the for loop that prevented the modules to be enabled for phpdbg SAPI * Build-Depend just on libpng-dev * Imported Upstream version 5.6.17+dfsg * Rebase patches on top of 5.6.17 release * Make phar command versioned and use update-alternatives for 'phar' name to allow src:php5 packages to be co-installed with src:php7.0 * Remove invalid patch to not reset packagingroot inside PEAR/Command/Install.php * Revert PEAR version to last working version from PHP 5.6.14 (Closes: #805222)
applied/ubuntu/devel	2016-01-22 14:43:54 UTC 2016-01-22	Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-... Author: Marc Deslauriers Author Date: 2016-01-21 19:32:01 UTC Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: ca13600a49fa735478859be16e31f09d02a2d573 Unapplied parent: f76528cf654992c4d1e00a3f64b1a7feaa354478 New changelog entries: * Merge from Debian. Remaining changes: - Drop support for firebird, c-client, mcrypt, onig and qdbm as they are in universe: + d/control: drop Build-Depends on firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. + d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt and their reverse dependencies. + d/rules: drop configuration of qdgm, onig, imap, mcrypt. + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. + d/modulelist: drop imap, interbase and mcrypt. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/source_php5.py, d/rules: add apport hook. * Fail gracefully when other PHP module is enabled in Apache2 * php5-maintscript-helper needs update for phpdbg to fix postinst failure * Disable tests on armhf as they take a long time * Merge patch for ODBC bug fix varchars returning with length zero * Fix missing phpdbg sapi from the for loop that prevented the modules to be enabled for phpdbg SAPI * Build-Depend just on libpng-dev * Imported Upstream version 5.6.17+dfsg * Rebase patches on top of 5.6.17 release * Make phar command versioned and use update-alternatives for 'phar' name to allow src:php5 packages to be co-installed with src:php7.0 * Remove invalid patch to not reset packagingroot inside PEAR/Command/Install.php * Revert PEAR version to last working version from PHP 5.6.14 (Closes: #805222)
applied/ubuntu/xenial	2016-01-22 14:43:54 UTC 2016-01-22	Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-... Author: Marc Deslauriers Author Date: 2016-01-21 19:32:01 UTC Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: ca13600a49fa735478859be16e31f09d02a2d573 Unapplied parent: f76528cf654992c4d1e00a3f64b1a7feaa354478 New changelog entries: * Merge from Debian. Remaining changes: - Drop support for firebird, c-client, mcrypt, onig and qdbm as they are in universe: + d/control: drop Build-Depends on firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. + d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt and their reverse dependencies. + d/rules: drop configuration of qdgm, onig, imap, mcrypt. + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. + d/modulelist: drop imap, interbase and mcrypt. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/source_php5.py, d/rules: add apport hook. * Fail gracefully when other PHP module is enabled in Apache2 * php5-maintscript-helper needs update for phpdbg to fix postinst failure * Disable tests on armhf as they take a long time * Merge patch for ODBC bug fix varchars returning with length zero * Fix missing phpdbg sapi from the for loop that prevented the modules to be enabled for phpdbg SAPI * Build-Depend just on libpng-dev * Imported Upstream version 5.6.17+dfsg * Rebase patches on top of 5.6.17 release * Make phar command versioned and use update-alternatives for 'phar' name to allow src:php5 packages to be co-installed with src:php7.0 * Remove invalid patch to not reset packagingroot inside PEAR/Command/Install.php * Revert PEAR version to last working version from PHP 5.6.14 (Closes: #805222)
ubuntu/xenial-devel	2016-01-22 14:43:54 UTC 2016-01-22	Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed Author: Marc Deslauriers Author Date: 2016-01-21 19:32:01 UTC Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed Imported using git-ubuntu import. Changelog parent: 0dcf22d74ea0c365c96414c876e88e5680fd956a New changelog entries: * Merge from Debian. Remaining changes: - Drop support for firebird, c-client, mcrypt, onig and qdbm as they are in universe: + d/control: drop Build-Depends on firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. + d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt and their reverse dependencies. + d/rules: drop configuration of qdgm, onig, imap, mcrypt. + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. + d/modulelist: drop imap, interbase and mcrypt. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/source_php5.py, d/rules: add apport hook.
debian/experimental	2015-12-30 04:10:26 UTC 2015-12-30	Import patches-unapplied version 7.0 to debian/experimental Author: Ondřej Surý Author Date: 2015-12-29 08:27:34 UTC Import patches-unapplied version 7.0 to debian/experimental Imported using git-ubuntu import.
applied/debian/stretch	2015-12-07 22:21:49 UTC 2015-12-07	Import patches-applied version 5.6.16+dfsg-2 to applied/debian/sid Author: Ondřej Surý Author Date: 2015-12-07 16:15:51 UTC Import patches-applied version 5.6.16+dfsg-2 to applied/debian/sid Imported using git-ubuntu import. Changelog parent: 81e18b037c154b5b0ae01ca7ffb9d44b5d5238c8 Unapplied parent: 7be1ee7f36059b43fa9f8646e0f4c611ca9cd73a New changelog entries: [ Jan Wagner ] * Adding 'PHP_INI_SCAN_DIR=/etc/php5/${conf_dir}/conf.d/' to session cleanup script when calling php [ Ondřej Surý ] * Add patch to not reset packagingroot inside PEAR/Command/Install.php (Closes: #805222)
applied/debian/sid	2015-12-07 22:21:49 UTC 2015-12-07	Import patches-applied version 5.6.16+dfsg-2 to applied/debian/sid Author: Ondřej Surý Author Date: 2015-12-07 16:15:51 UTC Import patches-applied version 5.6.16+dfsg-2 to applied/debian/sid Imported using git-ubuntu import. Changelog parent: 81e18b037c154b5b0ae01ca7ffb9d44b5d5238c8 Unapplied parent: 7be1ee7f36059b43fa9f8646e0f4c611ca9cd73a New changelog entries: [ Jan Wagner ] * Adding 'PHP_INI_SCAN_DIR=/etc/php5/${conf_dir}/conf.d/' to session cleanup script when calling php [ Ondřej Surý ] * Add patch to not reset packagingroot inside PEAR/Command/Install.php (Closes: #805222)
applied/ubuntu/vivid-security	2015-10-28 13:38:44 UTC 2015-10-28	Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-... Author: Marc Deslauriers Author Date: 2015-10-27 20:52:47 UTC Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 462717321d388d8698ebb077aa85902abdacc38b Unapplied parent: 6df86cd1aa2f7fc0e866d710317c9cf44eabe724 New changelog entries: * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset() - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c. - CVE-2015-7803 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2015-7804.patch: check filename length in ext/phar/util.c, ext/phar/zip.c. - CVE-2015-7804
applied/ubuntu/vivid-updates	2015-10-28 13:38:44 UTC 2015-10-28	Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-... Author: Marc Deslauriers Author Date: 2015-10-27 20:52:47 UTC Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 462717321d388d8698ebb077aa85902abdacc38b Unapplied parent: 6df86cd1aa2f7fc0e866d710317c9cf44eabe724 New changelog entries: * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset() - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c. - CVE-2015-7803 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2015-7804.patch: check filename length in ext/phar/util.c, ext/phar/zip.c. - CVE-2015-7804
ubuntu/vivid-security	2015-10-28 13:38:44 UTC 2015-10-28	Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security Author: Marc Deslauriers Author Date: 2015-10-27 20:52:47 UTC Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 95f6022be2d2eac3efb1af50a9095677f1302f1e New changelog entries: * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset() - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c. - CVE-2015-7803 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2015-7804.patch: check filename length in ext/phar/util.c, ext/phar/zip.c. - CVE-2015-7804
ubuntu/vivid-devel	2015-10-28 13:38:44 UTC 2015-10-28	Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security Author: Marc Deslauriers Author Date: 2015-10-27 20:52:47 UTC Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 95f6022be2d2eac3efb1af50a9095677f1302f1e New changelog entries: * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset() - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c. - CVE-2015-7803 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2015-7804.patch: check filename length in ext/phar/util.c, ext/phar/zip.c. - CVE-2015-7804
ubuntu/vivid-updates	2015-10-28 13:38:44 UTC 2015-10-28	Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security Author: Marc Deslauriers Author Date: 2015-10-27 20:52:47 UTC Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 95f6022be2d2eac3efb1af50a9095677f1302f1e New changelog entries: * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset() - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c. - CVE-2015-7803 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2015-7804.patch: check filename length in ext/phar/util.c, ext/phar/zip.c. - CVE-2015-7804
applied/ubuntu/vivid-devel	2015-10-28 13:38:44 UTC 2015-10-28	Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-... Author: Marc Deslauriers Author Date: 2015-10-27 20:52:47 UTC Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-security Imported using git-ubuntu import. Changelog parent: 462717321d388d8698ebb077aa85902abdacc38b Unapplied parent: 6df86cd1aa2f7fc0e866d710317c9cf44eabe724 New changelog entries: * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset() - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c. - CVE-2015-7803 * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream() - debian/patches/CVE-2015-7804.patch: check filename length in ext/phar/util.c, ext/phar/zip.c. - CVE-2015-7804
applied/ubuntu/wily-proposed	2015-09-29 14:34:00 UTC 2015-09-29	Import patches-applied version 5.6.11+dfsg-1ubuntu3 to applied/ubuntu/wily-pr... Author: Marc Deslauriers Author Date: 2015-09-28 11:26:44 UTC Import patches-applied version 5.6.11+dfsg-1ubuntu3 to applied/ubuntu/wily-proposed Imported using git-ubuntu import. Changelog parent: 35f22c5f1cb8474cca3a2e3949b51594b5ec8998 Unapplied parent: 7b546c6bd8bbcf33ff68ac49eb718244f8f2d4d9 New changelog entries: * SECURITY UPDATE: multiple use-after-free issues in unserialize() - debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt. - debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt. - debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt. - CVE-2015-6831 * SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject items - debian/patches/CVE-2015-6832.patch: fix dangling pointer in ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt. - CVE-2015-6832 * SECURITY UPDATE: phar files extracted outside of destination dir - debian/patches/CVE-2015-6833-1.patch: limit extracted files to given directory in ext/phar/phar_object.c. - debian/patches/CVE-2015-6833-2.patch: use emalloc in ext/phar/phar_object.c. - CVE-2015-6833 * SECURITY UPDATE: multiple vulnerabilities in unserialize() - debian/patches/CVE-2015-6834-1.patch: fix use-after-free in ext/standard/var.c, ext/standard/var_unserializer.. - debian/patches/CVE-2015-6834-2.patch: fix use-after-free in ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt. - debian/patches/CVE-2015-6834-3.patch: fix use-after-free in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt. - CVE-2015-6834 SECURITY UPDATE: use after free in session deserializer - debian/patches/CVE-2015-6835-1.patch: fix use after free in ext/session/session.c, ext/standard/var_unserializer.* fixed tests in ext/session/tests/session_decode_error2.phpt, ext/session/tests/session_decode_variation3.phpt. - debian/patches/CVE-2015-6835-2.patch: add more fixes to ext/session/session.c. - CVE-2015-6835 * SECURITY UPDATE: SOAP serialize_function_call() type confusion - debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c, added test to ext/soap/tests/bug70388.phpt. - CVE-2015-6836 * SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class - debian/patches/CVE-2015-6837-6838.patch: fix logic in ext/xsl/xsltprocessor.c. - CVE-2015-6837 - CVE-2015-6838
ubuntu/wily	2015-09-29 14:34:00 UTC 2015-09-29	Import patches-unapplied version 5.6.11+dfsg-1ubuntu3 to ubuntu/wily-proposed Author: Marc Deslauriers Author Date: 2015-09-28 11:26:44 UTC Import patches-unapplied version 5.6.11+dfsg-1ubuntu3 to ubuntu/wily-proposed Imported using git-ubuntu import. Changelog parent: e116cdec74b323280a63ed52fd42e0331f683534 New changelog entries: * SECURITY UPDATE: multiple use-after-free issues in unserialize() - debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt. - debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt. - debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt. - CVE-2015-6831 * SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject items - debian/patches/CVE-2015-6832.patch: fix dangling pointer in ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt. - CVE-2015-6832 * SECURITY UPDATE: phar files extracted outside of destination dir - debian/patches/CVE-2015-6833-1.patch: limit extracted files to given directory in ext/phar/phar_object.c. - debian/patches/CVE-2015-6833-2.patch: use emalloc in ext/phar/phar_object.c. - CVE-2015-6833 * SECURITY UPDATE: multiple vulnerabilities in unserialize() - debian/patches/CVE-2015-6834-1.patch: fix use-after-free in ext/standard/var.c, ext/standard/var_unserializer.. - debian/patches/CVE-2015-6834-2.patch: fix use-after-free in ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt. - debian/patches/CVE-2015-6834-3.patch: fix use-after-free in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt. - CVE-2015-6834 SECURITY UPDATE: use after free in session deserializer - debian/patches/CVE-2015-6835-1.patch: fix use after free in ext/session/session.c, ext/standard/var_unserializer.* fixed tests in ext/session/tests/session_decode_error2.phpt, ext/session/tests/session_decode_variation3.phpt. - debian/patches/CVE-2015-6835-2.patch: add more fixes to ext/session/session.c. - CVE-2015-6835 * SECURITY UPDATE: SOAP serialize_function_call() type confusion - debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c, added test to ext/soap/tests/bug70388.phpt. - CVE-2015-6836 * SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class - debian/patches/CVE-2015-6837-6838.patch: fix logic in ext/xsl/xsltprocessor.c. - CVE-2015-6837 - CVE-2015-6838
ubuntu/wily-proposed	2015-09-29 14:34:00 UTC 2015-09-29	Import patches-unapplied version 5.6.11+dfsg-1ubuntu3 to ubuntu/wily-proposed Author: Marc Deslauriers Author Date: 2015-09-28 11:26:44 UTC Import patches-unapplied version 5.6.11+dfsg-1ubuntu3 to ubuntu/wily-proposed Imported using git-ubuntu import. Changelog parent: e116cdec74b323280a63ed52fd42e0331f683534 New changelog entries: * SECURITY UPDATE: multiple use-after-free issues in unserialize() - debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt. - debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt. - debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt. - CVE-2015-6831 * SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject items - debian/patches/CVE-2015-6832.patch: fix dangling pointer in ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt. - CVE-2015-6832 * SECURITY UPDATE: phar files extracted outside of destination dir - debian/patches/CVE-2015-6833-1.patch: limit extracted files to given directory in ext/phar/phar_object.c. - debian/patches/CVE-2015-6833-2.patch: use emalloc in ext/phar/phar_object.c. - CVE-2015-6833 * SECURITY UPDATE: multiple vulnerabilities in unserialize() - debian/patches/CVE-2015-6834-1.patch: fix use-after-free in ext/standard/var.c, ext/standard/var_unserializer.. - debian/patches/CVE-2015-6834-2.patch: fix use-after-free in ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt. - debian/patches/CVE-2015-6834-3.patch: fix use-after-free in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt. - CVE-2015-6834 SECURITY UPDATE: use after free in session deserializer - debian/patches/CVE-2015-6835-1.patch: fix use after free in ext/session/session.c, ext/standard/var_unserializer.* fixed tests in ext/session/tests/session_decode_error2.phpt, ext/session/tests/session_decode_variation3.phpt. - debian/patches/CVE-2015-6835-2.patch: add more fixes to ext/session/session.c. - CVE-2015-6835 * SECURITY UPDATE: SOAP serialize_function_call() type confusion - debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c, added test to ext/soap/tests/bug70388.phpt. - CVE-2015-6836 * SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class - debian/patches/CVE-2015-6837-6838.patch: fix logic in ext/xsl/xsltprocessor.c. - CVE-2015-6837 - CVE-2015-6838
applied/ubuntu/wily	2015-09-29 14:34:00 UTC 2015-09-29	Import patches-applied version 5.6.11+dfsg-1ubuntu3 to applied/ubuntu/wily-pr... Author: Marc Deslauriers Author Date: 2015-09-28 11:26:44 UTC Import patches-applied version 5.6.11+dfsg-1ubuntu3 to applied/ubuntu/wily-proposed Imported using git-ubuntu import. Changelog parent: 35f22c5f1cb8474cca3a2e3949b51594b5ec8998 Unapplied parent: 7b546c6bd8bbcf33ff68ac49eb718244f8f2d4d9 New changelog entries: * SECURITY UPDATE: multiple use-after-free issues in unserialize() - debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt. - debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt. - debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt. - CVE-2015-6831 * SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject items - debian/patches/CVE-2015-6832.patch: fix dangling pointer in ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt. - CVE-2015-6832 * SECURITY UPDATE: phar files extracted outside of destination dir - debian/patches/CVE-2015-6833-1.patch: limit extracted files to given directory in ext/phar/phar_object.c. - debian/patches/CVE-2015-6833-2.patch: use emalloc in ext/phar/phar_object.c. - CVE-2015-6833 * SECURITY UPDATE: multiple vulnerabilities in unserialize() - debian/patches/CVE-2015-6834-1.patch: fix use-after-free in ext/standard/var.c, ext/standard/var_unserializer.. - debian/patches/CVE-2015-6834-2.patch: fix use-after-free in ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt. - debian/patches/CVE-2015-6834-3.patch: fix use-after-free in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt. - CVE-2015-6834 SECURITY UPDATE: use after free in session deserializer - debian/patches/CVE-2015-6835-1.patch: fix use after free in ext/session/session.c, ext/standard/var_unserializer.* fixed tests in ext/session/tests/session_decode_error2.phpt, ext/session/tests/session_decode_variation3.phpt. - debian/patches/CVE-2015-6835-2.patch: add more fixes to ext/session/session.c. - CVE-2015-6835 * SECURITY UPDATE: SOAP serialize_function_call() type confusion - debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c, added test to ext/soap/tests/bug70388.phpt. - CVE-2015-6836 * SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class - debian/patches/CVE-2015-6837-6838.patch: fix logic in ext/xsl/xsltprocessor.c. - CVE-2015-6837 - CVE-2015-6838
applied/debian/wheezy	2015-09-05 17:10:38 UTC 2015-09-05	Import patches-applied version 5.4.44-0+deb7u1 to applied/debian/wheezy Author: Ondřej Surý Author Date: 2015-08-16 09:44:10 UTC Import patches-applied version 5.4.44-0+deb7u1 to applied/debian/wheezy Imported using git-ubuntu import. Changelog parent: 943ca478e9ffce7ef2fed43224603ab46a93bf8c Unapplied parent: 9af75b699ca1104f58d68a079f0323235717fe92 New changelog entries: * New upstream version 5.4.44 - Core: . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls). . Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). . Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref). - OpenSSL: . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). - Phar: . Improved fix for bug #69441. . Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). - SOAP: . Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions). - SPL: . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). * New upstream version 5.4.43 - Core: . Fixed bug #69768 (escapeshell() doesn't cater to !). . Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. - Mysqlnd: . Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152). - Phar: . Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). . Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath). Rebase patches on top of 5.4.44 release * New upstream version 5.4.42 (CVE-2015-4643, CVE-2015-4644, CVE-2015-4598) - Core: . Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). . Fixed bug #69646 (OS command injection vulnerability in escapeshellarg). . Fixed bug #69719 (Incorrect handling of paths with NULs). - Litespeed SAPI: . Fixed bug #68812 (Unchecked return value). - Mail: . Fixed bug #68776 (mail() does not have mail header injection prevention for additional headers). - Postgres: . Fixed bug #69667 (segfault in php_pgsql_meta_data). - Sqlite3: . Upgrade bundled sqlite to 3.8.10.2. * Refresh patches using gbp pq (rebase) * New upstream version 5.4.41 - Core: . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). . Fixed bug #69522 (heap buffer overflow in unpack()). - FTP: . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). - PCNTL: . Fixed bug #68598 (pcntl_exec() should not allow null char). - PCRE . Upgraded pcrelib to 8.37. - Phar: . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). * Rebase patches on top of 5.4.41 version * Fix segfault when using SoapClient::__setSoapHeader (Closes: #781125) * New upstream version 5.4.39 - Core: . Fixed bug #68976 (Use After Free Vulnerability in unserialize()) (CVE-2015-0231). . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). . Fixed bug #69207 (move_uploaded_file allows nulls in path). - Ereg: . Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305). - SOAP: . Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). - ZIP: . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). (Closes: #780713) * Refresh patches for 5.4.39 and remove already merged VU695940 * Start using git pq to manage patches in d/patches/ * Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ since it's not a quilt patch * Add newly assigned CVE identifiers to older d/changelog entries * New patches: - 0060-PHP-SegFault-zend_hash_find-PHP-68486.patch - 0061-Fix-use-after-free-in-phar_object.c-PHP-68901-CVE-20.patch (CVE-2015-2301) * Remove invalid curl patch that got pulled as part of CVE-2015-1352 (Closes: #780771, #780764) * Split upstream fixes for PHP#68740 and PHP#68741 into separate patches * New upstream version 5.4.38 - Core: . Removed support for multi-line headers, as the are deprecated by RFC 7230. . Added NULL byte protection to exec, system and passthru. . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). . Fixed bug #67827 (broken detection of system crypt sha256/sha512 support). . Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273) - Enchant: . Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()). - SOAP: . Fixed bug #67427 (SoapServer cannot handle large messages) * Update patches for 5.4.38 release * Pull patch from DragonFly BSD Project to limit the pattern space to avoid a 32-bit overflow in Henry Spencer regular expressions (regex) library (Closes: #778389) * Drop PHP use system libs crypt patch, it has been broken and it's not strictly needed * Fix NULL Pointer Deference in pgsql (CVE-2015-1352) (Closes: #777036) * New upstream version 5.4.37 + Core: - Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()) (CVE-2015-0231). + CGI: - Fixed bug #68618 (out of bounds read crashes php-cgi) (CVE-2014-9427). + EXIF: - Fixed bug #68799 (Free called on unitialized pointer) (CVE-2015-0232). + Fileinfo: - Removed readelf.c and related code from libmagic sources. - Fixed bug #68735 (fileinfo out-of-bounds memory access) (CVE-2014-9652). + OpenSSL: - Fixed bug #55618 (use case-insensitive cert name matching). * Remove bugfixes that got merged into 5.4.37 release * Fix fileinfo out-of-bounds memory access * Explicitly remove readelf.c to prove we are not vulnerable to recent readelf vulnerabilities (CVE-2014-8116) * Use the noawait variant for deb-triggers to break the dependency loop (Closes: #774559) * Bump Pre-Depends on dpkg to 1.16.1~ to support noawait triggers
ubuntu/utopic-updates	2015-07-06 11:58:29 UTC 2015-07-06	Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-secu... Author: Marc Deslauriers Author Date: 2015-07-02 12:51:10 UTC Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-security Imported using git-ubuntu import. Changelog parent: c6a3dc652ab310881552b23796ddd9a5daa13acd New changelog entries: * SECURITY UPDATE: missing file path null byte checks - debian/patches/CVE-2015-3411.patch: add missing checks to ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c, ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c, ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c, ext/zlib/zlib.c, add tests to ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/fileinfo/tests/finfo_file_basic.phpt, ext/hash/tests/hash_hmac_file_error.phpt - CVE-2015-3411 - CVE-2015-3412 * SECURITY UPDATE: denial of service via crafted tar archive - debian/patches/CVE-2015-4021.patch: handle empty strings in ext/phar/tar.c. - CVE-2015-4021 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c. - CVE-2015-4022 * SECURITY UPDATE: denial of service via crafted form data - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings in main/rfc1867.c. - CVE-2015-4024 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4025.patch: add missing checks to ext/pcntl/pcntl.c, ext/standard/basic_functions.c, ext/standard/dir.c, ext/standard/file.c. - CVE-2015-4025 - CVE-2015-4026 * SECURITY UPDATE: arbitrary code execution via crafted serialized data with unexpected data type - debian/patches/CVE-2015-4147.patch: check variable types in ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c. - CVE-2015-4147 - CVE-2015-4148 - CVE-2015-4600 - CVE-2015-4601 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4598.patch: add missing checks to ext/dom/document.c, ext/gd/gd.c, fix tests in ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/gd/tests/imageloadfont_error1.phpt, ext/zlib/tests/gzopen_variation1.phpt, ext/zlib/tests/readgzfile_variation1.phpt, ext/zlib/tests/readgzfile_variation6.phpt, ext/standard/tests/dir/dir_variation1.phpt, ext/standard/tests/dir/opendir_variation1.phpt, ext/standard/tests/file/mkdir_rmdir_variation2.phpt, ext/standard/tests/file/readlink_variation1.phpt, ext/standard/tests/file/tempnam_variation3-win32.phpt, ext/standard/tests/file/tempnam_variation3.phpt, ext/standard/tests/general_functions/include_path.phpt. - CVE-2015-4598 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4599.patch: use proper types in ext/soap/soap.c. - CVE-2015-4599 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4602.patch: check for proper type in ext/standard/incomplete_class.c. - CVE-2015-4602 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4603.patch: check type in Zend/zend_exceptions.c, add test to ext/standard/tests/serialize/bug69152.phpt. - CVE-2015-4603 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in ext/ftp/ftp.c. - CVE-2015-4643 * SECURITY UPDATE: denial of service via php_pgsql_meta_data - debian/patches/CVE-2015-4644.patch: check return value in ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt. - CVE-2015-4644 * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced by CVE-2015-2783 security update.
applied/ubuntu/utopic-security	2015-07-06 11:58:29 UTC 2015-07-06	Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopi... Author: Marc Deslauriers Author Date: 2015-07-02 12:51:10 UTC Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopic-security Imported using git-ubuntu import. Changelog parent: e2b611718ceefeab504692c9a9601a26af265b94 Unapplied parent: 6ca9c804716e8f568b7418f5648abab6a4f8afc9 New changelog entries: * SECURITY UPDATE: missing file path null byte checks - debian/patches/CVE-2015-3411.patch: add missing checks to ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c, ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c, ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c, ext/zlib/zlib.c, add tests to ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/fileinfo/tests/finfo_file_basic.phpt, ext/hash/tests/hash_hmac_file_error.phpt - CVE-2015-3411 - CVE-2015-3412 * SECURITY UPDATE: denial of service via crafted tar archive - debian/patches/CVE-2015-4021.patch: handle empty strings in ext/phar/tar.c. - CVE-2015-4021 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c. - CVE-2015-4022 * SECURITY UPDATE: denial of service via crafted form data - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings in main/rfc1867.c. - CVE-2015-4024 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4025.patch: add missing checks to ext/pcntl/pcntl.c, ext/standard/basic_functions.c, ext/standard/dir.c, ext/standard/file.c. - CVE-2015-4025 - CVE-2015-4026 * SECURITY UPDATE: arbitrary code execution via crafted serialized data with unexpected data type - debian/patches/CVE-2015-4147.patch: check variable types in ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c. - CVE-2015-4147 - CVE-2015-4148 - CVE-2015-4600 - CVE-2015-4601 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4598.patch: add missing checks to ext/dom/document.c, ext/gd/gd.c, fix tests in ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/gd/tests/imageloadfont_error1.phpt, ext/zlib/tests/gzopen_variation1.phpt, ext/zlib/tests/readgzfile_variation1.phpt, ext/zlib/tests/readgzfile_variation6.phpt, ext/standard/tests/dir/dir_variation1.phpt, ext/standard/tests/dir/opendir_variation1.phpt, ext/standard/tests/file/mkdir_rmdir_variation2.phpt, ext/standard/tests/file/readlink_variation1.phpt, ext/standard/tests/file/tempnam_variation3-win32.phpt, ext/standard/tests/file/tempnam_variation3.phpt, ext/standard/tests/general_functions/include_path.phpt. - CVE-2015-4598 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4599.patch: use proper types in ext/soap/soap.c. - CVE-2015-4599 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4602.patch: check for proper type in ext/standard/incomplete_class.c. - CVE-2015-4602 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4603.patch: check type in Zend/zend_exceptions.c, add test to ext/standard/tests/serialize/bug69152.phpt. - CVE-2015-4603 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in ext/ftp/ftp.c. - CVE-2015-4643 * SECURITY UPDATE: denial of service via php_pgsql_meta_data - debian/patches/CVE-2015-4644.patch: check return value in ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt. - CVE-2015-4644 * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced by CVE-2015-2783 security update.
applied/ubuntu/utopic-devel	2015-07-06 11:58:29 UTC 2015-07-06	Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopi... Author: Marc Deslauriers Author Date: 2015-07-02 12:51:10 UTC Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopic-security Imported using git-ubuntu import. Changelog parent: e2b611718ceefeab504692c9a9601a26af265b94 Unapplied parent: 6ca9c804716e8f568b7418f5648abab6a4f8afc9 New changelog entries: * SECURITY UPDATE: missing file path null byte checks - debian/patches/CVE-2015-3411.patch: add missing checks to ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c, ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c, ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c, ext/zlib/zlib.c, add tests to ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/fileinfo/tests/finfo_file_basic.phpt, ext/hash/tests/hash_hmac_file_error.phpt - CVE-2015-3411 - CVE-2015-3412 * SECURITY UPDATE: denial of service via crafted tar archive - debian/patches/CVE-2015-4021.patch: handle empty strings in ext/phar/tar.c. - CVE-2015-4021 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c. - CVE-2015-4022 * SECURITY UPDATE: denial of service via crafted form data - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings in main/rfc1867.c. - CVE-2015-4024 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4025.patch: add missing checks to ext/pcntl/pcntl.c, ext/standard/basic_functions.c, ext/standard/dir.c, ext/standard/file.c. - CVE-2015-4025 - CVE-2015-4026 * SECURITY UPDATE: arbitrary code execution via crafted serialized data with unexpected data type - debian/patches/CVE-2015-4147.patch: check variable types in ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c. - CVE-2015-4147 - CVE-2015-4148 - CVE-2015-4600 - CVE-2015-4601 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4598.patch: add missing checks to ext/dom/document.c, ext/gd/gd.c, fix tests in ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/gd/tests/imageloadfont_error1.phpt, ext/zlib/tests/gzopen_variation1.phpt, ext/zlib/tests/readgzfile_variation1.phpt, ext/zlib/tests/readgzfile_variation6.phpt, ext/standard/tests/dir/dir_variation1.phpt, ext/standard/tests/dir/opendir_variation1.phpt, ext/standard/tests/file/mkdir_rmdir_variation2.phpt, ext/standard/tests/file/readlink_variation1.phpt, ext/standard/tests/file/tempnam_variation3-win32.phpt, ext/standard/tests/file/tempnam_variation3.phpt, ext/standard/tests/general_functions/include_path.phpt. - CVE-2015-4598 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4599.patch: use proper types in ext/soap/soap.c. - CVE-2015-4599 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4602.patch: check for proper type in ext/standard/incomplete_class.c. - CVE-2015-4602 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4603.patch: check type in Zend/zend_exceptions.c, add test to ext/standard/tests/serialize/bug69152.phpt. - CVE-2015-4603 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in ext/ftp/ftp.c. - CVE-2015-4643 * SECURITY UPDATE: denial of service via php_pgsql_meta_data - debian/patches/CVE-2015-4644.patch: check return value in ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt. - CVE-2015-4644 * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced by CVE-2015-2783 security update.
applied/ubuntu/utopic-updates	2015-07-06 11:58:29 UTC 2015-07-06	Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopi... Author: Marc Deslauriers Author Date: 2015-07-02 12:51:10 UTC Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopic-security Imported using git-ubuntu import. Changelog parent: e2b611718ceefeab504692c9a9601a26af265b94 Unapplied parent: 6ca9c804716e8f568b7418f5648abab6a4f8afc9 New changelog entries: * SECURITY UPDATE: missing file path null byte checks - debian/patches/CVE-2015-3411.patch: add missing checks to ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c, ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c, ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c, ext/zlib/zlib.c, add tests to ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/fileinfo/tests/finfo_file_basic.phpt, ext/hash/tests/hash_hmac_file_error.phpt - CVE-2015-3411 - CVE-2015-3412 * SECURITY UPDATE: denial of service via crafted tar archive - debian/patches/CVE-2015-4021.patch: handle empty strings in ext/phar/tar.c. - CVE-2015-4021 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c. - CVE-2015-4022 * SECURITY UPDATE: denial of service via crafted form data - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings in main/rfc1867.c. - CVE-2015-4024 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4025.patch: add missing checks to ext/pcntl/pcntl.c, ext/standard/basic_functions.c, ext/standard/dir.c, ext/standard/file.c. - CVE-2015-4025 - CVE-2015-4026 * SECURITY UPDATE: arbitrary code execution via crafted serialized data with unexpected data type - debian/patches/CVE-2015-4147.patch: check variable types in ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c. - CVE-2015-4147 - CVE-2015-4148 - CVE-2015-4600 - CVE-2015-4601 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4598.patch: add missing checks to ext/dom/document.c, ext/gd/gd.c, fix tests in ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/gd/tests/imageloadfont_error1.phpt, ext/zlib/tests/gzopen_variation1.phpt, ext/zlib/tests/readgzfile_variation1.phpt, ext/zlib/tests/readgzfile_variation6.phpt, ext/standard/tests/dir/dir_variation1.phpt, ext/standard/tests/dir/opendir_variation1.phpt, ext/standard/tests/file/mkdir_rmdir_variation2.phpt, ext/standard/tests/file/readlink_variation1.phpt, ext/standard/tests/file/tempnam_variation3-win32.phpt, ext/standard/tests/file/tempnam_variation3.phpt, ext/standard/tests/general_functions/include_path.phpt. - CVE-2015-4598 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4599.patch: use proper types in ext/soap/soap.c. - CVE-2015-4599 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4602.patch: check for proper type in ext/standard/incomplete_class.c. - CVE-2015-4602 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4603.patch: check type in Zend/zend_exceptions.c, add test to ext/standard/tests/serialize/bug69152.phpt. - CVE-2015-4603 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in ext/ftp/ftp.c. - CVE-2015-4643 * SECURITY UPDATE: denial of service via php_pgsql_meta_data - debian/patches/CVE-2015-4644.patch: check return value in ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt. - CVE-2015-4644 * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced by CVE-2015-2783 security update.
ubuntu/utopic-devel	2015-07-06 11:58:29 UTC 2015-07-06	Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-secu... Author: Marc Deslauriers Author Date: 2015-07-02 12:51:10 UTC Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-security Imported using git-ubuntu import. Changelog parent: c6a3dc652ab310881552b23796ddd9a5daa13acd New changelog entries: * SECURITY UPDATE: missing file path null byte checks - debian/patches/CVE-2015-3411.patch: add missing checks to ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c, ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c, ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c, ext/zlib/zlib.c, add tests to ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/fileinfo/tests/finfo_file_basic.phpt, ext/hash/tests/hash_hmac_file_error.phpt - CVE-2015-3411 - CVE-2015-3412 * SECURITY UPDATE: denial of service via crafted tar archive - debian/patches/CVE-2015-4021.patch: handle empty strings in ext/phar/tar.c. - CVE-2015-4021 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c. - CVE-2015-4022 * SECURITY UPDATE: denial of service via crafted form data - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings in main/rfc1867.c. - CVE-2015-4024 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4025.patch: add missing checks to ext/pcntl/pcntl.c, ext/standard/basic_functions.c, ext/standard/dir.c, ext/standard/file.c. - CVE-2015-4025 - CVE-2015-4026 * SECURITY UPDATE: arbitrary code execution via crafted serialized data with unexpected data type - debian/patches/CVE-2015-4147.patch: check variable types in ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c. - CVE-2015-4147 - CVE-2015-4148 - CVE-2015-4600 - CVE-2015-4601 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4598.patch: add missing checks to ext/dom/document.c, ext/gd/gd.c, fix tests in ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/gd/tests/imageloadfont_error1.phpt, ext/zlib/tests/gzopen_variation1.phpt, ext/zlib/tests/readgzfile_variation1.phpt, ext/zlib/tests/readgzfile_variation6.phpt, ext/standard/tests/dir/dir_variation1.phpt, ext/standard/tests/dir/opendir_variation1.phpt, ext/standard/tests/file/mkdir_rmdir_variation2.phpt, ext/standard/tests/file/readlink_variation1.phpt, ext/standard/tests/file/tempnam_variation3-win32.phpt, ext/standard/tests/file/tempnam_variation3.phpt, ext/standard/tests/general_functions/include_path.phpt. - CVE-2015-4598 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4599.patch: use proper types in ext/soap/soap.c. - CVE-2015-4599 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4602.patch: check for proper type in ext/standard/incomplete_class.c. - CVE-2015-4602 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4603.patch: check type in Zend/zend_exceptions.c, add test to ext/standard/tests/serialize/bug69152.phpt. - CVE-2015-4603 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in ext/ftp/ftp.c. - CVE-2015-4643 * SECURITY UPDATE: denial of service via php_pgsql_meta_data - debian/patches/CVE-2015-4644.patch: check return value in ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt. - CVE-2015-4644 * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced by CVE-2015-2783 security update.
ubuntu/utopic-security	2015-07-06 11:58:29 UTC 2015-07-06	Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-secu... Author: Marc Deslauriers Author Date: 2015-07-02 12:51:10 UTC Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-security Imported using git-ubuntu import. Changelog parent: c6a3dc652ab310881552b23796ddd9a5daa13acd New changelog entries: * SECURITY UPDATE: missing file path null byte checks - debian/patches/CVE-2015-3411.patch: add missing checks to ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c, ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c, ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c, ext/zlib/zlib.c, add tests to ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/fileinfo/tests/finfo_file_basic.phpt, ext/hash/tests/hash_hmac_file_error.phpt - CVE-2015-3411 - CVE-2015-3412 * SECURITY UPDATE: denial of service via crafted tar archive - debian/patches/CVE-2015-4021.patch: handle empty strings in ext/phar/tar.c. - CVE-2015-4021 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c. - CVE-2015-4022 * SECURITY UPDATE: denial of service via crafted form data - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings in main/rfc1867.c. - CVE-2015-4024 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4025.patch: add missing checks to ext/pcntl/pcntl.c, ext/standard/basic_functions.c, ext/standard/dir.c, ext/standard/file.c. - CVE-2015-4025 - CVE-2015-4026 * SECURITY UPDATE: arbitrary code execution via crafted serialized data with unexpected data type - debian/patches/CVE-2015-4147.patch: check variable types in ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c. - CVE-2015-4147 - CVE-2015-4148 - CVE-2015-4600 - CVE-2015-4601 * SECURITY UPDATE: more missing file path null byte checks - debian/patches/CVE-2015-4598.patch: add missing checks to ext/dom/document.c, ext/gd/gd.c, fix tests in ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt, ext/gd/tests/imageloadfont_error1.phpt, ext/zlib/tests/gzopen_variation1.phpt, ext/zlib/tests/readgzfile_variation1.phpt, ext/zlib/tests/readgzfile_variation6.phpt, ext/standard/tests/dir/dir_variation1.phpt, ext/standard/tests/dir/opendir_variation1.phpt, ext/standard/tests/file/mkdir_rmdir_variation2.phpt, ext/standard/tests/file/readlink_variation1.phpt, ext/standard/tests/file/tempnam_variation3-win32.phpt, ext/standard/tests/file/tempnam_variation3.phpt, ext/standard/tests/general_functions/include_path.phpt. - CVE-2015-4598 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4599.patch: use proper types in ext/soap/soap.c. - CVE-2015-4599 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4602.patch: check for proper type in ext/standard/incomplete_class.c. - CVE-2015-4602 * SECURITY UPDATE: denial of service or information leak via type confusion with crafted serialized data - debian/patches/CVE-2015-4603.patch: check type in Zend/zend_exceptions.c, add test to ext/standard/tests/serialize/bug69152.phpt. - CVE-2015-4603 * SECURITY UPDATE: arbitrary code execution via ftp server long reply to a LIST command - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in ext/ftp/ftp.c. - CVE-2015-4643 * SECURITY UPDATE: denial of service via php_pgsql_meta_data - debian/patches/CVE-2015-4644.patch: check return value in ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt. - CVE-2015-4644 * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced by CVE-2015-2783 security update.
ubuntu/lucid-devel	2015-04-20 15:48:24 UTC 2015-04-20	Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security Author: Marc Deslauriers Author Date: 2015-04-17 11:37:39 UTC Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security Imported using git-ubuntu import. Changelog parent: fc6c01610fd9bf4e5419fb355c52cde8bdd98f88 New changelog entries: * SECURITY UPDATE: potential remote code execution vulnerability when used with the Apache 2.4 apache2handler - debian/patches/bug69218.patch: perform proper cleanup in sapi/apache2handler/sapi_apache2.c. - CVE number pending * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar - debian/patches/bug69441.patch: check lengths in ext/phar/phar_internal.h. - CVE number pending * SECURITY UPDATE: heap overflow in regexp library - debian/patches/CVE-2015-2305.patch: check for overflow in ext/ereg/regex/regcomp.c. - CVE-2015-2305 * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar - debian/patches/CVE-2015-2783.patch: properly check lengths in ext/phar/phar.c, ext/phar/phar_internal.h. - CVE-2015-2783 * SECURITY UPDATE: arbitrary code exection via process_nested_data use-after-free - debian/patches/CVE-2015-2787.patch: fix logic in ext/standard/var_unserializer.*. - CVE-2015-2787
ubuntu/lucid-security	2015-04-20 15:48:24 UTC 2015-04-20	Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security Author: Marc Deslauriers Author Date: 2015-04-17 11:37:39 UTC Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security Imported using git-ubuntu import. Changelog parent: fc6c01610fd9bf4e5419fb355c52cde8bdd98f88 New changelog entries: * SECURITY UPDATE: potential remote code execution vulnerability when used with the Apache 2.4 apache2handler - debian/patches/bug69218.patch: perform proper cleanup in sapi/apache2handler/sapi_apache2.c. - CVE number pending * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar - debian/patches/bug69441.patch: check lengths in ext/phar/phar_internal.h. - CVE number pending * SECURITY UPDATE: heap overflow in regexp library - debian/patches/CVE-2015-2305.patch: check for overflow in ext/ereg/regex/regcomp.c. - CVE-2015-2305 * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar - debian/patches/CVE-2015-2783.patch: properly check lengths in ext/phar/phar.c, ext/phar/phar_internal.h. - CVE-2015-2783 * SECURITY UPDATE: arbitrary code exection via process_nested_data use-after-free - debian/patches/CVE-2015-2787.patch: fix logic in ext/standard/var_unserializer.*. - CVE-2015-2787
ubuntu/lucid-updates	2015-04-20 15:48:24 UTC 2015-04-20	Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security Author: Marc Deslauriers Author Date: 2015-04-17 11:37:39 UTC Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security Imported using git-ubuntu import. Changelog parent: fc6c01610fd9bf4e5419fb355c52cde8bdd98f88 New changelog entries: * SECURITY UPDATE: potential remote code execution vulnerability when used with the Apache 2.4 apache2handler - debian/patches/bug69218.patch: perform proper cleanup in sapi/apache2handler/sapi_apache2.c. - CVE number pending * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar - debian/patches/bug69441.patch: check lengths in ext/phar/phar_internal.h. - CVE number pending * SECURITY UPDATE: heap overflow in regexp library - debian/patches/CVE-2015-2305.patch: check for overflow in ext/ereg/regex/regcomp.c. - CVE-2015-2305 * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar - debian/patches/CVE-2015-2783.patch: properly check lengths in ext/phar/phar.c, ext/phar/phar_internal.h. - CVE-2015-2783 * SECURITY UPDATE: arbitrary code exection via process_nested_data use-after-free - debian/patches/CVE-2015-2787.patch: fix logic in ext/standard/var_unserializer.*. - CVE-2015-2787
applied/ubuntu/lucid-updates	2015-04-20 15:48:24 UTC 2015-04-20	Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-secu... Author: Marc Deslauriers Author Date: 2015-04-17 11:37:39 UTC Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-security Imported using git-ubuntu import. Changelog parent: c1748d34336ae13d925c4c477dddbfe22020fd13 Unapplied parent: 043c08428e5433b67c631242792c96ec961971aa New changelog entries: * SECURITY UPDATE: potential remote code execution vulnerability when used with the Apache 2.4 apache2handler - debian/patches/bug69218.patch: perform proper cleanup in sapi/apache2handler/sapi_apache2.c. - CVE number pending * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar - debian/patches/bug69441.patch: check lengths in ext/phar/phar_internal.h. - CVE number pending * SECURITY UPDATE: heap overflow in regexp library - debian/patches/CVE-2015-2305.patch: check for overflow in ext/ereg/regex/regcomp.c. - CVE-2015-2305 * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar - debian/patches/CVE-2015-2783.patch: properly check lengths in ext/phar/phar.c, ext/phar/phar_internal.h. - CVE-2015-2783 * SECURITY UPDATE: arbitrary code exection via process_nested_data use-after-free - debian/patches/CVE-2015-2787.patch: fix logic in ext/standard/var_unserializer.*. - CVE-2015-2787
applied/ubuntu/lucid-devel	2015-04-20 15:48:24 UTC 2015-04-20	Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-secu... Author: Marc Deslauriers Author Date: 2015-04-17 11:37:39 UTC Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-security Imported using git-ubuntu import. Changelog parent: c1748d34336ae13d925c4c477dddbfe22020fd13 Unapplied parent: 043c08428e5433b67c631242792c96ec961971aa New changelog entries: * SECURITY UPDATE: potential remote code execution vulnerability when used with the Apache 2.4 apache2handler - debian/patches/bug69218.patch: perform proper cleanup in sapi/apache2handler/sapi_apache2.c. - CVE number pending * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar - debian/patches/bug69441.patch: check lengths in ext/phar/phar_internal.h. - CVE number pending * SECURITY UPDATE: heap overflow in regexp library - debian/patches/CVE-2015-2305.patch: check for overflow in ext/ereg/regex/regcomp.c. - CVE-2015-2305 * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar - debian/patches/CVE-2015-2783.patch: properly check lengths in ext/phar/phar.c, ext/phar/phar_internal.h. - CVE-2015-2783 * SECURITY UPDATE: arbitrary code exection via process_nested_data use-after-free - debian/patches/CVE-2015-2787.patch: fix logic in ext/standard/var_unserializer.*. - CVE-2015-2787
applied/ubuntu/lucid-security	2015-04-20 15:48:24 UTC 2015-04-20	Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-secu... Author: Marc Deslauriers Author Date: 2015-04-17 11:37:39 UTC Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-security Imported using git-ubuntu import. Changelog parent: c1748d34336ae13d925c4c477dddbfe22020fd13 Unapplied parent: 043c08428e5433b67c631242792c96ec961971aa New changelog entries: * SECURITY UPDATE: potential remote code execution vulnerability when used with the Apache 2.4 apache2handler - debian/patches/bug69218.patch: perform proper cleanup in sapi/apache2handler/sapi_apache2.c. - CVE number pending * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar - debian/patches/bug69441.patch: check lengths in ext/phar/phar_internal.h. - CVE number pending * SECURITY UPDATE: heap overflow in regexp library - debian/patches/CVE-2015-2305.patch: check for overflow in ext/ereg/regex/regcomp.c. - CVE-2015-2305 * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar - debian/patches/CVE-2015-2783.patch: properly check lengths in ext/phar/phar.c, ext/phar/phar_internal.h. - CVE-2015-2783 * SECURITY UPDATE: arbitrary code exection via process_nested_data use-after-free - debian/patches/CVE-2015-2787.patch: fix logic in ext/standard/var_unserializer.*. - CVE-2015-2787
ubuntu/vivid	2015-04-17 15:38:45 UTC 2015-04-17	Import patches-unapplied version 5.6.4+dfsg-4ubuntu6 to ubuntu/vivid-proposed Author: Marc Deslauriers Author Date: 2015-04-17 09:15:49 UTC Import patches-unapplied version 5.6.4+dfsg-4ubuntu6 to ubuntu/vivid-proposed Imported using git-ubuntu import. Changelog parent: 3ea6ba44bf6102b1118d5be023f8c9a381bcfc98 New changelog entries: * SECURITY UPDATE: potential remote code execution vulnerability when used with the Apache 2.4 apache2handler - debian/patches/bug69218.patch: perform proper cleanup in sapi/apache2handler/sapi_apache2.c. - CVE number pending * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar - debian/patches/bug69441.patch: check lengths in ext/phar/phar_internal.h. - CVE number pending * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar - debian/patches/CVE-2015-2783.patch: properly check lengths in ext/phar/phar.c, ext/phar/phar_internal.h. - CVE-2015-2783
applied/ubuntu/vivid-proposed	2015-04-17 15:38:45 UTC 2015-04-17	Import patches-applied version 5.6.4+dfsg-4ubuntu6 to applied/ubuntu/vivid-pr... Author: Marc Deslauriers Author Date: 2015-04-17 09:15:49 UTC Import patches-applied version 5.6.4+dfsg-4ubuntu6 to applied/ubuntu/vivid-proposed Imported using git-ubuntu import. Changelog parent: 6b8692e32f08a27cddd749ba1a74dddad0055e95 Unapplied parent: a18d46f8e21e7543d84b01f9d698a1a9c3d8067f New changelog entries: * SECURITY UPDATE: potential remote code execution vulnerability when used with the Apache 2.4 apache2handler - debian/patches/bug69218.patch: perform proper cleanup in sapi/apache2handler/sapi_apache2.c. - CVE number pending * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar - debian/patches/bug69441.patch: check lengths in ext/phar/phar_internal.h. - CVE number pending * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar - debian/patches/CVE-2015-2783.patch: properly check lengths in ext/phar/phar.c, ext/phar/phar_internal.h. - CVE-2015-2783
applied/ubuntu/vivid	2015-04-17 15:38:45 UTC 2015-04-17	Import patches-applied version 5.6.4+dfsg-4ubuntu6 to applied/ubuntu/vivid-pr... Author: Marc Deslauriers Author Date: 2015-04-17 09:15:49 UTC Import patches-applied version 5.6.4+dfsg-4ubuntu6 to applied/ubuntu/vivid-proposed Imported using git-ubuntu import. Changelog parent: 6b8692e32f08a27cddd749ba1a74dddad0055e95 Unapplied parent: a18d46f8e21e7543d84b01f9d698a1a9c3d8067f New changelog entries: * SECURITY UPDATE: potential remote code execution vulnerability when used with the Apache 2.4 apache2handler - debian/patches/bug69218.patch: perform proper cleanup in sapi/apache2handler/sapi_apache2.c. - CVE number pending * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar - debian/patches/bug69441.patch: check lengths in ext/phar/phar_internal.h. - CVE number pending * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar - debian/patches/CVE-2015-2783.patch: properly check lengths in ext/phar/phar.c, ext/phar/phar_internal.h. - CVE-2015-2783
ubuntu/vivid-proposed	2015-04-17 15:38:45 UTC 2015-04-17	Import patches-unapplied version 5.6.4+dfsg-4ubuntu6 to ubuntu/vivid-proposed Author: Marc Deslauriers Author Date: 2015-04-17 09:15:49 UTC Import patches-unapplied version 5.6.4+dfsg-4ubuntu6 to ubuntu/vivid-proposed Imported using git-ubuntu import. Changelog parent: 3ea6ba44bf6102b1118d5be023f8c9a381bcfc98 New changelog entries: * SECURITY UPDATE: potential remote code execution vulnerability when used with the Apache 2.4 apache2handler - debian/patches/bug69218.patch: perform proper cleanup in sapi/apache2handler/sapi_apache2.c. - CVE number pending * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar - debian/patches/bug69441.patch: check lengths in ext/phar/phar_internal.h. - CVE number pending * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar - debian/patches/CVE-2015-2783.patch: properly check lengths in ext/phar/phar.c, ext/phar/phar_internal.h. - CVE-2015-2783
applied/debian/jessie	2015-03-24 16:15:20 UTC 2015-03-24	Import patches-applied version 5.6.7+dfsg-1 to applied/debian/sid Author: Ondřej Surý Author Date: 2015-03-24 10:19:21 UTC Import patches-applied version 5.6.7+dfsg-1 to applied/debian/sid Imported using git-ubuntu import. Changelog parent: 84a0dea5755c8a3ef6f193bb0aadca14f44b029b Unapplied parent: c228827db098a0fd204eaac91d6963e1ae6a3c66 New changelog entries: * New upstream version 5.6.7+dfsg - Core: . Fixed bug #69174 (leaks when unused inner class use traits precedence). . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). . Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). . Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). . Fixed bug #68166 (Exception with invalid character causes segv). . Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). . Fixed bug #68976 (Use After Free Vulnerability in unserialize()) (CVE-2015-0231). . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). . Fixed bug #69207 (move_uploaded_file allows nulls in path). - CGI: . Fixed bug #69015 (php-cgi's getopt does not see $argv). - CLI: . Fixed bug #67741 (auto_prepend_file messes up __LINE__). - cURL: . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. - Ereg: . Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305). - FPM: . Fixed bug #68822 (request time is reset too early). - ODBC: . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). - Opcache: . Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function). . Fixed bug #69125 (Array numeric string as key). . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). - OpenSSL: . Fixed bug #68912 (Segmentation fault at openssl_spki_new). . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). . Fixed bug #68920 (use strict peer_fingerprint input checks) . Fixed bug #68879 (IP Address fields in subjectAltNames not used) . Fixed bug #68265 (SAN match fails with trailing DNS dot) . Fixed bug #67403 (Add signatureType to openssl_x509_parse) . Fixed bug (#69195 Inconsistent stream crypto values across versions) - pgsql: . Fixed bug #68638 (pg_update() fails to store infinite values). - Readline: . Fixed bug #69054 (Null dereference in readline_(read\|write)_history() without parameters). - SOAP: . Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). - SPL: . Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). - ZIP: . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). * Refresh patches for 5.6.7 release * Pull a patch to fix SQL_DESC_OCTET_LENGTH not supported by ADS ODBC driver (PHP#68350) from Debian wheezy PHP 5.4 branch * Fix PHP segfault in zend_hash_find (PHP#68486) * Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ as it's not a quilt patch
applied/debian/experimental	2015-01-08 22:10:26 UTC 2015-01-08	Import patches-applied version 5.6.4+dfsg-3+exp1 to applied/debian/experimental Author: Ondřej Surý Author Date: 2015-01-08 14:41:29 UTC Import patches-applied version 5.6.4+dfsg-3+exp1 to applied/debian/experimental Imported using git-ubuntu import. Changelog parent: 7a2fe091785920b44903f564c1cadb68d3ac99d9 Unapplied parent: efc5cd1b776bacd328eea4b22e85bf7d3ca3d8d9 New changelog entries: * Disable tests on ppc64* to workaround crashing mysql-server on ppc64el
ubuntu/utopic	2014-09-10 14:54:30 UTC 2014-09-10	Import patches-unapplied version 5.5.12+dfsg-2ubuntu4 to ubuntu/utopic-proposed Author: Seth Arnold Author Date: 2014-09-04 06:27:47 UTC Import patches-unapplied version 5.5.12+dfsg-2ubuntu4 to ubuntu/utopic-proposed Imported using git-ubuntu import. Changelog parent: 1ee82816baaf1b8e9f33ad7fbb9196942e348b64 New changelog entries: * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-3587.patch: check for array under-runs as well as over-runs in ext/fileinfo/libmagic/cdf.c - CVE-2014-3587 * SECURITY UPDATE: denial of service in dns_get_record - debian/patches/CVE-2014-3597.patch: check for DNS overflows in ext/standard/dns.c - CVE-2014-3587
ubuntu/utopic-proposed	2014-09-10 14:54:30 UTC 2014-09-10	Import patches-unapplied version 5.5.12+dfsg-2ubuntu4 to ubuntu/utopic-proposed Author: Seth Arnold Author Date: 2014-09-04 06:27:47 UTC Import patches-unapplied version 5.5.12+dfsg-2ubuntu4 to ubuntu/utopic-proposed Imported using git-ubuntu import. Changelog parent: 1ee82816baaf1b8e9f33ad7fbb9196942e348b64 New changelog entries: * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-3587.patch: check for array under-runs as well as over-runs in ext/fileinfo/libmagic/cdf.c - CVE-2014-3587 * SECURITY UPDATE: denial of service in dns_get_record - debian/patches/CVE-2014-3597.patch: check for DNS overflows in ext/standard/dns.c - CVE-2014-3587
applied/ubuntu/utopic-proposed	2014-09-10 14:54:30 UTC 2014-09-10	Import patches-applied version 5.5.12+dfsg-2ubuntu4 to applied/ubuntu/utopic-... Author: Seth Arnold Author Date: 2014-09-04 06:27:47 UTC Import patches-applied version 5.5.12+dfsg-2ubuntu4 to applied/ubuntu/utopic-proposed Imported using git-ubuntu import. Changelog parent: 09572b29eefa8d2cc76e9cdba7118034ce8ecc12 Unapplied parent: 22d2d18f56c11dedfc55de1231432fb453fdb870 New changelog entries: * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-3587.patch: check for array under-runs as well as over-runs in ext/fileinfo/libmagic/cdf.c - CVE-2014-3587 * SECURITY UPDATE: denial of service in dns_get_record - debian/patches/CVE-2014-3597.patch: check for DNS overflows in ext/standard/dns.c - CVE-2014-3587
applied/ubuntu/utopic	2014-09-10 14:54:30 UTC 2014-09-10	Import patches-applied version 5.5.12+dfsg-2ubuntu4 to applied/ubuntu/utopic-... Author: Seth Arnold Author Date: 2014-09-04 06:27:47 UTC Import patches-applied version 5.5.12+dfsg-2ubuntu4 to applied/ubuntu/utopic-proposed Imported using git-ubuntu import. Changelog parent: 09572b29eefa8d2cc76e9cdba7118034ce8ecc12 Unapplied parent: 22d2d18f56c11dedfc55de1231432fb453fdb870 New changelog entries: * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-3587.patch: check for array under-runs as well as over-runs in ext/fileinfo/libmagic/cdf.c - CVE-2014-3587 * SECURITY UPDATE: denial of service in dns_get_record - debian/patches/CVE-2014-3597.patch: check for DNS overflows in ext/standard/dns.c - CVE-2014-3587
debian/squeeze	2014-07-19 17:05:50 UTC 2014-07-19	Import patches-unapplied version 5.3.3-7+squeeze19 to debian/squeeze Author: Ondřej Surý Author Date: 2014-02-17 09:52:15 UTC Import patches-unapplied version 5.3.3-7+squeeze19 to debian/squeeze Imported using git-ubuntu import. Changelog parent: df6d8630d1dfe6c5d6dcb231a16365ac418cca89 New changelog entries: * [CVE-2014-1943]: Fix segmentation fault in libmagic (Closes: #739012) * [CVE-2013-6420]: Fix memory corruption in openssl_x509_parse (Closes: #731895) * [CVE-2013-6712] Fix heap buffer over-read in DateInterval (Closes: #731112)
applied/debian/squeeze	2014-07-19 17:05:50 UTC 2014-07-19	Import patches-applied version 5.3.3-7+squeeze19 to applied/debian/squeeze Author: Ondřej Surý Author Date: 2014-02-17 09:52:15 UTC Import patches-applied version 5.3.3-7+squeeze19 to applied/debian/squeeze Imported using git-ubuntu import. Changelog parent: 94f61fadaa7e0b480fb7c587f0c3d7e83899db73 Unapplied parent: e7f691ceb5e66c6717a34c8e89ab2d7d4a9fbfde New changelog entries: * [CVE-2014-1943]: Fix segmentation fault in libmagic (Closes: #739012) * [CVE-2013-6420]: Fix memory corruption in openssl_x509_parse (Closes: #731895) * [CVE-2013-6712] Fix heap buffer over-read in DateInterval (Closes: #731112)
ubuntu/saucy-security	2014-07-09 16:23:45 UTC 2014-07-09	Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security Author: Marc Deslauriers Author Date: 2014-07-07 11:46:31 UTC Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security Imported using git-ubuntu import. Changelog parent: b871bd1225f675694942a3c3cb3c415be6f0a602 New changelog entries: * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector - debian/patches/CVE-2014-0207.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0207 * SECURITY UPDATE: denial of service in FileInfo mconvert - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal string size in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-3478 * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset - debian/patches/CVE-2014-3479.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3479 * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain - debian/patches/CVE-2014-3480.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3480 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-3487.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3487 * SECURITY UPDATE: denial of service and possible code execution via unserialize() SPL type confusion - debian/patches/CVE-2014-3515.patch: properly check types in ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to ext/spl/tests/SplObjectStorage_unserialize_bad.phpt. - CVE-2014-3515 * SECURITY UPDATE: denial of service via SPL Iterators use-after-free - debian/patches/CVE-2014-4670.patch: fix use-after-free in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt. - CVE-2014-4670 * SECURITY UPDATE: denial of service via ArrayIterator use-after-free - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject during sorting in ext/spl/spl_array.c, added test to ext/spl/tests/bug67539.phpt. - CVE-2014-4698 * SECURITY UPDATE: information leak via phpinfo (LP: #1338170) - debian/patches/CVE-2014-4721.patch: fix type confusion in ext/standard/info.c, added test to ext/standard/tests/general_functions/bug67498.phpt. - CVE-2014-4721
ubuntu/saucy-devel	2014-07-09 16:23:45 UTC 2014-07-09	Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security Author: Marc Deslauriers Author Date: 2014-07-07 11:46:31 UTC Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security Imported using git-ubuntu import. Changelog parent: b871bd1225f675694942a3c3cb3c415be6f0a602 New changelog entries: * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector - debian/patches/CVE-2014-0207.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0207 * SECURITY UPDATE: denial of service in FileInfo mconvert - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal string size in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-3478 * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset - debian/patches/CVE-2014-3479.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3479 * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain - debian/patches/CVE-2014-3480.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3480 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-3487.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3487 * SECURITY UPDATE: denial of service and possible code execution via unserialize() SPL type confusion - debian/patches/CVE-2014-3515.patch: properly check types in ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to ext/spl/tests/SplObjectStorage_unserialize_bad.phpt. - CVE-2014-3515 * SECURITY UPDATE: denial of service via SPL Iterators use-after-free - debian/patches/CVE-2014-4670.patch: fix use-after-free in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt. - CVE-2014-4670 * SECURITY UPDATE: denial of service via ArrayIterator use-after-free - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject during sorting in ext/spl/spl_array.c, added test to ext/spl/tests/bug67539.phpt. - CVE-2014-4698 * SECURITY UPDATE: information leak via phpinfo (LP: #1338170) - debian/patches/CVE-2014-4721.patch: fix type confusion in ext/standard/info.c, added test to ext/standard/tests/general_functions/bug67498.phpt. - CVE-2014-4721
applied/ubuntu/saucy-updates	2014-07-09 16:23:45 UTC 2014-07-09	Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-... Author: Marc Deslauriers Author Date: 2014-07-07 11:46:31 UTC Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-security Imported using git-ubuntu import. Changelog parent: 93755d8945b22c7b898e823d4e794846edbe1283 Unapplied parent: 0a560138313410a0f1e22a8a1faa1ebca7249972 New changelog entries: * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector - debian/patches/CVE-2014-0207.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0207 * SECURITY UPDATE: denial of service in FileInfo mconvert - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal string size in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-3478 * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset - debian/patches/CVE-2014-3479.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3479 * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain - debian/patches/CVE-2014-3480.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3480 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-3487.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3487 * SECURITY UPDATE: denial of service and possible code execution via unserialize() SPL type confusion - debian/patches/CVE-2014-3515.patch: properly check types in ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to ext/spl/tests/SplObjectStorage_unserialize_bad.phpt. - CVE-2014-3515 * SECURITY UPDATE: denial of service via SPL Iterators use-after-free - debian/patches/CVE-2014-4670.patch: fix use-after-free in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt. - CVE-2014-4670 * SECURITY UPDATE: denial of service via ArrayIterator use-after-free - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject during sorting in ext/spl/spl_array.c, added test to ext/spl/tests/bug67539.phpt. - CVE-2014-4698 * SECURITY UPDATE: information leak via phpinfo (LP: #1338170) - debian/patches/CVE-2014-4721.patch: fix type confusion in ext/standard/info.c, added test to ext/standard/tests/general_functions/bug67498.phpt. - CVE-2014-4721
applied/ubuntu/saucy-security	2014-07-09 16:23:45 UTC 2014-07-09	Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-... Author: Marc Deslauriers Author Date: 2014-07-07 11:46:31 UTC Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-security Imported using git-ubuntu import. Changelog parent: 93755d8945b22c7b898e823d4e794846edbe1283 Unapplied parent: 0a560138313410a0f1e22a8a1faa1ebca7249972 New changelog entries: * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector - debian/patches/CVE-2014-0207.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0207 * SECURITY UPDATE: denial of service in FileInfo mconvert - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal string size in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-3478 * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset - debian/patches/CVE-2014-3479.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3479 * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain - debian/patches/CVE-2014-3480.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3480 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-3487.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3487 * SECURITY UPDATE: denial of service and possible code execution via unserialize() SPL type confusion - debian/patches/CVE-2014-3515.patch: properly check types in ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to ext/spl/tests/SplObjectStorage_unserialize_bad.phpt. - CVE-2014-3515 * SECURITY UPDATE: denial of service via SPL Iterators use-after-free - debian/patches/CVE-2014-4670.patch: fix use-after-free in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt. - CVE-2014-4670 * SECURITY UPDATE: denial of service via ArrayIterator use-after-free - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject during sorting in ext/spl/spl_array.c, added test to ext/spl/tests/bug67539.phpt. - CVE-2014-4698 * SECURITY UPDATE: information leak via phpinfo (LP: #1338170) - debian/patches/CVE-2014-4721.patch: fix type confusion in ext/standard/info.c, added test to ext/standard/tests/general_functions/bug67498.phpt. - CVE-2014-4721
applied/ubuntu/saucy-devel	2014-07-09 16:23:45 UTC 2014-07-09	Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-... Author: Marc Deslauriers Author Date: 2014-07-07 11:46:31 UTC Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-security Imported using git-ubuntu import. Changelog parent: 93755d8945b22c7b898e823d4e794846edbe1283 Unapplied parent: 0a560138313410a0f1e22a8a1faa1ebca7249972 New changelog entries: * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector - debian/patches/CVE-2014-0207.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0207 * SECURITY UPDATE: denial of service in FileInfo mconvert - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal string size in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-3478 * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset - debian/patches/CVE-2014-3479.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3479 * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain - debian/patches/CVE-2014-3480.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3480 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-3487.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3487 * SECURITY UPDATE: denial of service and possible code execution via unserialize() SPL type confusion - debian/patches/CVE-2014-3515.patch: properly check types in ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to ext/spl/tests/SplObjectStorage_unserialize_bad.phpt. - CVE-2014-3515 * SECURITY UPDATE: denial of service via SPL Iterators use-after-free - debian/patches/CVE-2014-4670.patch: fix use-after-free in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt. - CVE-2014-4670 * SECURITY UPDATE: denial of service via ArrayIterator use-after-free - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject during sorting in ext/spl/spl_array.c, added test to ext/spl/tests/bug67539.phpt. - CVE-2014-4698 * SECURITY UPDATE: information leak via phpinfo (LP: #1338170) - debian/patches/CVE-2014-4721.patch: fix type confusion in ext/standard/info.c, added test to ext/standard/tests/general_functions/bug67498.phpt. - CVE-2014-4721
ubuntu/saucy-updates	2014-07-09 16:23:45 UTC 2014-07-09	Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security Author: Marc Deslauriers Author Date: 2014-07-07 11:46:31 UTC Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security Imported using git-ubuntu import. Changelog parent: b871bd1225f675694942a3c3cb3c415be6f0a602 New changelog entries: * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector - debian/patches/CVE-2014-0207.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0207 * SECURITY UPDATE: denial of service in FileInfo mconvert - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal string size in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-3478 * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset - debian/patches/CVE-2014-3479.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3479 * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain - debian/patches/CVE-2014-3480.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3480 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-3487.patch: properly calculate sizes in ext/fileinfo/libmagic/cdf.c. - CVE-2014-3487 * SECURITY UPDATE: denial of service and possible code execution via unserialize() SPL type confusion - debian/patches/CVE-2014-3515.patch: properly check types in ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to ext/spl/tests/SplObjectStorage_unserialize_bad.phpt. - CVE-2014-3515 * SECURITY UPDATE: denial of service via SPL Iterators use-after-free - debian/patches/CVE-2014-4670.patch: fix use-after-free in ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt. - CVE-2014-4670 * SECURITY UPDATE: denial of service via ArrayIterator use-after-free - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject during sorting in ext/spl/spl_array.c, added test to ext/spl/tests/bug67539.phpt. - CVE-2014-4698 * SECURITY UPDATE: information leak via phpinfo (LP: #1338170) - debian/patches/CVE-2014-4721.patch: fix type confusion in ext/standard/info.c, added test to ext/standard/tests/general_functions/bug67498.phpt. - CVE-2014-4721
applied/ubuntu/trusty	2014-04-09 17:13:55 UTC 2014-04-09	Import patches-applied version 5.5.9+dfsg-1ubuntu4 to applied/ubuntu/trusty-p... Author: Dimitri John Ledkov Author Date: 2014-04-09 15:23:30 UTC Import patches-applied version 5.5.9+dfsg-1ubuntu4 to applied/ubuntu/trusty-proposed Imported using git-ubuntu import. Changelog parent: b470f7a93a707ac30ead1257a5de1b9d83673b4d Unapplied parent: 0d807a5f4879659d49aab5ae8b02d978c850464f New changelog entries: * Comment out "reload signal USR2" stanza from php5-fpm to make the job compatible with Precise upstart, when it's still running as pid1 during upgrade to trusty and before the restart. We'd rather support shorter down-time then reload interface. (LP: #1272788)
ubuntu/trusty	2014-04-09 17:13:55 UTC 2014-04-09	Import patches-unapplied version 5.5.9+dfsg-1ubuntu4 to ubuntu/trusty-proposed Author: Dimitri John Ledkov Author Date: 2014-04-09 15:23:30 UTC Import patches-unapplied version 5.5.9+dfsg-1ubuntu4 to ubuntu/trusty-proposed Imported using git-ubuntu import. Changelog parent: 6c5e1aad2ca5a36bbbbb4c2aac16e8a91ad22d21 New changelog entries: * Comment out "reload signal USR2" stanza from php5-fpm to make the job compatible with Precise upstart, when it's still running as pid1 during upgrade to trusty and before the restart. We'd rather support shorter down-time then reload interface. (LP: #1272788)
ubuntu/quantal-updates	2014-04-07 12:23:22 UTC 2014-04-07	Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security Author: Marc Deslauriers Author Date: 2014-04-03 19:18:45 UTC Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security Imported using git-ubuntu import. Changelog parent: 68057c8a285855d64701dfc355ed2bb366676dbf New changelog entries: * SECURITY UPDATE: denial of service in fileinfo via crafted offset in PE executable - debian/patches/CVE-2014-2270.patch: check bounds in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-2270
ubuntu/quantal-devel	2014-04-07 12:23:22 UTC 2014-04-07	Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security Author: Marc Deslauriers Author Date: 2014-04-03 19:18:45 UTC Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security Imported using git-ubuntu import. Changelog parent: 68057c8a285855d64701dfc355ed2bb366676dbf New changelog entries: * SECURITY UPDATE: denial of service in fileinfo via crafted offset in PE executable - debian/patches/CVE-2014-2270.patch: check bounds in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-2270
ubuntu/quantal-security	2014-04-07 12:23:22 UTC 2014-04-07	Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security Author: Marc Deslauriers Author Date: 2014-04-03 19:18:45 UTC Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security Imported using git-ubuntu import. Changelog parent: 68057c8a285855d64701dfc355ed2bb366676dbf New changelog entries: * SECURITY UPDATE: denial of service in fileinfo via crafted offset in PE executable - debian/patches/CVE-2014-2270.patch: check bounds in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-2270
applied/ubuntu/quantal-updates	2014-04-07 12:23:22 UTC 2014-04-07	Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-sec... Author: Marc Deslauriers Author Date: 2014-04-03 19:18:45 UTC Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-security Imported using git-ubuntu import. Changelog parent: 61a13f10ed1410fb5938c0ea4991d595df30dafa Unapplied parent: cf9f2154c6284077cd04a4d734245f67f2dc9a40 New changelog entries: * SECURITY UPDATE: denial of service in fileinfo via crafted offset in PE executable - debian/patches/CVE-2014-2270.patch: check bounds in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-2270
applied/ubuntu/quantal-security	2014-04-07 12:23:22 UTC 2014-04-07	Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-sec... Author: Marc Deslauriers Author Date: 2014-04-03 19:18:45 UTC Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-security Imported using git-ubuntu import. Changelog parent: 61a13f10ed1410fb5938c0ea4991d595df30dafa Unapplied parent: cf9f2154c6284077cd04a4d734245f67f2dc9a40 New changelog entries: * SECURITY UPDATE: denial of service in fileinfo via crafted offset in PE executable - debian/patches/CVE-2014-2270.patch: check bounds in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-2270
applied/ubuntu/quantal-devel	2014-04-07 12:23:22 UTC 2014-04-07	Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-sec... Author: Marc Deslauriers Author Date: 2014-04-03 19:18:45 UTC Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-security Imported using git-ubuntu import. Changelog parent: 61a13f10ed1410fb5938c0ea4991d595df30dafa Unapplied parent: cf9f2154c6284077cd04a4d734245f67f2dc9a40 New changelog entries: * SECURITY UPDATE: denial of service in fileinfo via crafted offset in PE executable - debian/patches/CVE-2014-2270.patch: check bounds in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-2270
ubuntu/quantal-proposed	2014-01-09 21:33:17 UTC 2014-01-09	Import patches-unapplied version 5.4.6-1ubuntu1.6 to ubuntu/quantal-proposed Author: Marc Deslauriers Author Date: 2013-12-23 14:00:58 UTC Import patches-unapplied version 5.4.6-1ubuntu1.6 to ubuntu/quantal-proposed Imported using git-ubuntu import. Changelog parent: 88271fe15007b7c0ab0afc9e384f6e449195b89b New changelog entries: * debian/patches/lp1102366.patch: properly reset rfc1867 callbacks to prevent segfault. (LP: #1102366)
applied/ubuntu/quantal-proposed	2014-01-09 21:33:17 UTC 2014-01-09	Import patches-applied version 5.4.6-1ubuntu1.6 to applied/ubuntu/quantal-pro... Author: Marc Deslauriers Author Date: 2013-12-23 14:00:58 UTC Import patches-applied version 5.4.6-1ubuntu1.6 to applied/ubuntu/quantal-proposed Imported using git-ubuntu import. Changelog parent: 249badea3537f60b575eceda43a36bd4274bef7f Unapplied parent: 529c3cfef7d223cdbfd267347c0cb37e579deed5 New changelog entries: * debian/patches/lp1102366.patch: properly reset rfc1867 callbacks to prevent segfault. (LP: #1102366)
applied/ubuntu/raring-updates	2013-12-12 16:08:28 UTC 2013-12-12	Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-secu... Author: Marc Deslauriers Author Date: 2013-12-12 00:19:30 UTC Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-security Imported using git-ubuntu import. Changelog parent: 13cf5455727ad380a21acc3963f0f40a870a8258 Unapplied parent: 4041f959f7977e268d63bf1f5778536a29387937 New changelog entries: * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.. - CVE-2013-6420 SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712
applied/ubuntu/raring-security	2013-12-12 16:08:28 UTC 2013-12-12	Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-secu... Author: Marc Deslauriers Author Date: 2013-12-12 00:19:30 UTC Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-security Imported using git-ubuntu import. Changelog parent: 13cf5455727ad380a21acc3963f0f40a870a8258 Unapplied parent: 4041f959f7977e268d63bf1f5778536a29387937 New changelog entries: * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.. - CVE-2013-6420 SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712
applied/ubuntu/raring-devel	2013-12-12 16:08:28 UTC 2013-12-12	Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-secu... Author: Marc Deslauriers Author Date: 2013-12-12 00:19:30 UTC Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-security Imported using git-ubuntu import. Changelog parent: 13cf5455727ad380a21acc3963f0f40a870a8258 Unapplied parent: 4041f959f7977e268d63bf1f5778536a29387937 New changelog entries: * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.. - CVE-2013-6420 SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712
ubuntu/raring-updates	2013-12-12 16:08:28 UTC 2013-12-12	Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security Author: Marc Deslauriers Author Date: 2013-12-12 00:19:30 UTC Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security Imported using git-ubuntu import. Changelog parent: 1a41caab2033d0d8a331be49fec5b7f195860c61 New changelog entries: * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.. - CVE-2013-6420 SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712
ubuntu/raring-security	2013-12-12 16:08:28 UTC 2013-12-12	Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security Author: Marc Deslauriers Author Date: 2013-12-12 00:19:30 UTC Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security Imported using git-ubuntu import. Changelog parent: 1a41caab2033d0d8a331be49fec5b7f195860c61 New changelog entries: * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.. - CVE-2013-6420 SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712
ubuntu/raring-devel	2013-12-12 16:08:28 UTC 2013-12-12	Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security Author: Marc Deslauriers Author Date: 2013-12-12 00:19:30 UTC Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security Imported using git-ubuntu import. Changelog parent: 1a41caab2033d0d8a331be49fec5b7f195860c61 New changelog entries: * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.. - CVE-2013-6420 SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712
ubuntu/saucy-proposed	2013-10-09 14:38:20 UTC 2013-10-09	Import patches-unapplied version 5.5.3+dfsg-1ubuntu2 to ubuntu/saucy-proposed Author: Robie Basak Author Date: 2013-10-09 11:29:29 UTC Import patches-unapplied version 5.5.3+dfsg-1ubuntu2 to ubuntu/saucy-proposed Imported using git-ubuntu import. Changelog parent: 143e3e34536e69d218ed6c54b64e3fa68dad8cf4 New changelog entries: * d/p/crash_in_get_zval_ptr_ptr_var.patch: cherry-pick from upstream to fix segfault (LP: #1236733).
ubuntu/saucy	2013-10-09 14:38:20 UTC 2013-10-09	Import patches-unapplied version 5.5.3+dfsg-1ubuntu2 to ubuntu/saucy-proposed Author: Robie Basak Author Date: 2013-10-09 11:29:29 UTC Import patches-unapplied version 5.5.3+dfsg-1ubuntu2 to ubuntu/saucy-proposed Imported using git-ubuntu import. Changelog parent: 143e3e34536e69d218ed6c54b64e3fa68dad8cf4 New changelog entries: * d/p/crash_in_get_zval_ptr_ptr_var.patch: cherry-pick from upstream to fix segfault (LP: #1236733).
applied/ubuntu/saucy-proposed	2013-10-09 14:38:20 UTC 2013-10-09	Import patches-applied version 5.5.3+dfsg-1ubuntu2 to applied/ubuntu/saucy-pr... Author: Robie Basak Author Date: 2013-10-09 11:29:29 UTC Import patches-applied version 5.5.3+dfsg-1ubuntu2 to applied/ubuntu/saucy-proposed Imported using git-ubuntu import. Changelog parent: c88d7cf0c98b43bc8ea7ec2efe931f5185ab2862 Unapplied parent: 82dd8fb3651de2187e2239a12dcbf7e5a2a95baa New changelog entries: * d/p/crash_in_get_zval_ptr_ptr_var.patch: cherry-pick from upstream to fix segfault (LP: #1236733).
applied/ubuntu/saucy	2013-10-09 14:38:20 UTC 2013-10-09	Import patches-applied version 5.5.3+dfsg-1ubuntu2 to applied/ubuntu/saucy-pr... Author: Robie Basak Author Date: 2013-10-09 11:29:29 UTC Import patches-applied version 5.5.3+dfsg-1ubuntu2 to applied/ubuntu/saucy-proposed Imported using git-ubuntu import. Changelog parent: c88d7cf0c98b43bc8ea7ec2efe931f5185ab2862 Unapplied parent: 82dd8fb3651de2187e2239a12dcbf7e5a2a95baa New changelog entries: * d/p/crash_in_get_zval_ptr_ptr_var.patch: cherry-pick from upstream to fix segfault (LP: #1236733).

Other repositories

Name	Last Modified
lp:ubuntu/+source/php5	2018-09-18

You can't create new repositories for php5 in Ubuntu.