View Bazaar branches
Get this repository:
git clone https://git.launchpad.net/ubuntu/+source/php5
Members of Ubuntu Server Dev import team can upload to this repository. Log in for directions.

Branches

Name Last Modified Last Commit
importer/ubuntu/dsc 2018-09-18 10:26:03 UTC 2018-09-18
DSC file for 5.5.9+dfsg-1ubuntu4.26

Author: Ubuntu Git Importer
Author Date: 2018-09-18 10:26:03 UTC

DSC file for 5.5.9+dfsg-1ubuntu4.26

applied/ubuntu/trusty-security 2018-09-18 07:19:25 UTC 2018-09-18
Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trust...

Author: Marc Deslauriers
Author Date: 2018-09-17 07:45:24 UTC

Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7fb5795516d107ff31c63dab99b75945d478895a
Unapplied parent: 034b061f3f79747fa2c7cd918a2d12662d08e9b7

New changelog entries:
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
    - CVE-2018-14851
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
    - CVE-2018-14883
  * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
    - debian/patches/bug76582.patch: clean up brigade in
      sapi/apache2handler/sapi_apache2.c.
    - No CVE number

ubuntu/trusty-devel 2018-09-18 07:19:25 UTC 2018-09-18
Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-secu...

Author: Marc Deslauriers
Author Date: 2018-09-17 07:45:24 UTC

Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 61febe3275efdd8af1339ff6ae7eb94a01b2dac4

New changelog entries:
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
    - CVE-2018-14851
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
    - CVE-2018-14883
  * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
    - debian/patches/bug76582.patch: clean up brigade in
      sapi/apache2handler/sapi_apache2.c.
    - No CVE number

applied/ubuntu/trusty-updates 2018-09-18 07:19:25 UTC 2018-09-18
Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trust...

Author: Marc Deslauriers
Author Date: 2018-09-17 07:45:24 UTC

Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7fb5795516d107ff31c63dab99b75945d478895a
Unapplied parent: 034b061f3f79747fa2c7cd918a2d12662d08e9b7

New changelog entries:
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
    - CVE-2018-14851
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
    - CVE-2018-14883
  * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
    - debian/patches/bug76582.patch: clean up brigade in
      sapi/apache2handler/sapi_apache2.c.
    - No CVE number

ubuntu/trusty-updates 2018-09-18 07:19:25 UTC 2018-09-18
Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-secu...

Author: Marc Deslauriers
Author Date: 2018-09-17 07:45:24 UTC

Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 61febe3275efdd8af1339ff6ae7eb94a01b2dac4

New changelog entries:
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
    - CVE-2018-14851
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
    - CVE-2018-14883
  * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
    - debian/patches/bug76582.patch: clean up brigade in
      sapi/apache2handler/sapi_apache2.c.
    - No CVE number

ubuntu/trusty-security 2018-09-18 07:19:25 UTC 2018-09-18
Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-secu...

Author: Marc Deslauriers
Author Date: 2018-09-17 07:45:24 UTC

Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.26 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 61febe3275efdd8af1339ff6ae7eb94a01b2dac4

New changelog entries:
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
    - CVE-2018-14851
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
    - CVE-2018-14883
  * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
    - debian/patches/bug76582.patch: clean up brigade in
      sapi/apache2handler/sapi_apache2.c.
    - No CVE number

applied/ubuntu/trusty-devel 2018-09-18 07:19:25 UTC 2018-09-18
Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trust...

Author: Marc Deslauriers
Author Date: 2018-09-17 07:45:24 UTC

Import patches-applied version 5.5.9+dfsg-1ubuntu4.26 to applied/ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 7fb5795516d107ff31c63dab99b75945d478895a
Unapplied parent: 034b061f3f79747fa2c7cd918a2d12662d08e9b7

New changelog entries:
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
    - CVE-2018-14851
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
    - CVE-2018-14883
  * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
    - debian/patches/bug76582.patch: clean up brigade in
      sapi/apache2handler/sapi_apache2.c.
    - No CVE number

importer/debian/dsc 2018-07-05 14:44:56 UTC 2018-07-05
DSC file for 5.6.33+dfsg-0+deb8u1

Author: Ubuntu Git Importer
Author Date: 2018-07-05 14:44:56 UTC

DSC file for 5.6.33+dfsg-0+deb8u1

debian/jessie 2018-06-23 17:25:31 UTC 2018-06-23
Import patches-unapplied version 5.6.33+dfsg-0+deb8u1 to debian/jessie

Author: Ondřej Surý
Author Date: 2018-01-05 13:31:37 UTC

Import patches-unapplied version 5.6.33+dfsg-0+deb8u1 to debian/jessie

Imported using git-ubuntu import.

Changelog parent: 925286d6a0cdc86901975bce8b8e3bd4aa1fc851

New changelog entries:
  * Add support for signed upstream tarballs
  * Make d/copyright machine readable
  * Remove repack.sh script in favour of uscan repacking
  * Update Vcs-* links to salsa.d.o
  * New upstream version 5.6.33+dfsg
  * Rebase patches on top of new upstream releases.
  * New upstream version 5.6.31+dfsg
  * Refresh patches on top of PHP 5.6.31
  * Pull upstream fix for PHP bug #64827: Segfault in zval_mark_grey (zend_gc.c)
  * [CVE-2017-7272]: Fix detect invalid port in xp_socket parse ip address
  * Add debian/source/include-binaries to allow starting the build in
    Debian stretch

importer/ubuntu/pristine-tar 2018-03-09 00:32:34 UTC 2018-03-09
pristine-tar data for php5_5.6.17+dfsg.orig.tar.xz

Author: Ubuntu Git Importer
Author Date: 2018-03-09 00:32:34 UTC

pristine-tar data for php5_5.6.17+dfsg.orig.tar.xz

importer/debian/pristine-tar 2018-03-08 19:43:49 UTC 2018-03-08
pristine-tar data for php5_5.6.30+dfsg.orig.tar.xz

Author: Ubuntu Git Importer
Author Date: 2018-03-08 19:43:49 UTC

pristine-tar data for php5_5.6.30+dfsg.orig.tar.xz

ubuntu/precise-security 2017-02-14 18:38:23 UTC 2017-02-14
Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-02-10 15:32:09 UTC

Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 3bb7cd4a2f227a122349a88c1f9010d1ff4a82a4

New changelog entries:
  * SECURITY UPDATE: overflow in locale_get_display_name
    - debian/patches/CVE-2014-9912.patch: check locale name length in
      ext/intl/locale/locale_methods.c, added test to
      ext/intl/tests/bug67397.phpt.
    - CVE-2014-9912
  * SECURITY UPDATE: infinite loop via crafted serialized data
    - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value
      in Zend/zend_exceptions.c, fix tests in
      ext/standard/tests/serialize/bug69152.phpt,
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre2.patch: fix test in
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to
      Zend/zend_API.*.
    - debian/patches/CVE-2016-7478.patch: fix memcpy in
      Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c,
      ext/bcmath/libbcmath/src/outofmem.c.
    - CVE-2016-7478
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference
      in ext/standard/var_unserializer.*, added test to
      standard/tests/serialize/bug68545.phpt.
    - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in
      ext/standard/var_unserializer.*.
    - CVE-2016-7479
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c,
      ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt,
      ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt.
    - CVE-2016-9934
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9935-1.patch: fix memory leak in
      ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c.
    - CVE-2016-9935
  * SECURITY UPDATE: exif DoS via FPE
    - debian/patches/CVE-2016-10158.patch: fix integer size issue in
      ext/exif/exif.c.
    - CVE-2016-10158
  * SECURITY UPDATE: integer overflow in phar_parse_pharfile
    - debian/patches/CVE-2016-10159.patch: fix overflows in
      ext/phar/phar.c.
    - CVE-2016-10159
  * SECURITY UPDATE: off-by-one in phar_parse_pharfile
    - debian/patches/CVE-2016-10160.patch: handle length in
      ext/phar/phar.c.
    - CVE-2016-10160
  * SECURITY UPDATE: denial of service via crafted serialized data
    - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/serialize/bug73825.phpt.
    - CVE-2016-10161
  * debian/control: Build-Depends on mysql-server-5.5 to work with
    recent MySQL security updates.

applied/ubuntu/precise-updates 2017-02-14 18:38:23 UTC 2017-02-14
Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2017-02-10 15:32:09 UTC

Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e33dc145ce786c161b8b7f519c4b20a3e42c7fac
Unapplied parent: e4e590cbde2f374accae4f0ccce7477ffe8f047c

New changelog entries:
  * SECURITY UPDATE: overflow in locale_get_display_name
    - debian/patches/CVE-2014-9912.patch: check locale name length in
      ext/intl/locale/locale_methods.c, added test to
      ext/intl/tests/bug67397.phpt.
    - CVE-2014-9912
  * SECURITY UPDATE: infinite loop via crafted serialized data
    - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value
      in Zend/zend_exceptions.c, fix tests in
      ext/standard/tests/serialize/bug69152.phpt,
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre2.patch: fix test in
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to
      Zend/zend_API.*.
    - debian/patches/CVE-2016-7478.patch: fix memcpy in
      Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c,
      ext/bcmath/libbcmath/src/outofmem.c.
    - CVE-2016-7478
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference
      in ext/standard/var_unserializer.*, added test to
      standard/tests/serialize/bug68545.phpt.
    - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in
      ext/standard/var_unserializer.*.
    - CVE-2016-7479
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c,
      ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt,
      ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt.
    - CVE-2016-9934
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9935-1.patch: fix memory leak in
      ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c.
    - CVE-2016-9935
  * SECURITY UPDATE: exif DoS via FPE
    - debian/patches/CVE-2016-10158.patch: fix integer size issue in
      ext/exif/exif.c.
    - CVE-2016-10158
  * SECURITY UPDATE: integer overflow in phar_parse_pharfile
    - debian/patches/CVE-2016-10159.patch: fix overflows in
      ext/phar/phar.c.
    - CVE-2016-10159
  * SECURITY UPDATE: off-by-one in phar_parse_pharfile
    - debian/patches/CVE-2016-10160.patch: handle length in
      ext/phar/phar.c.
    - CVE-2016-10160
  * SECURITY UPDATE: denial of service via crafted serialized data
    - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/serialize/bug73825.phpt.
    - CVE-2016-10161
  * debian/control: Build-Depends on mysql-server-5.5 to work with
    recent MySQL security updates.

ubuntu/precise-devel 2017-02-14 18:38:23 UTC 2017-02-14
Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-02-10 15:32:09 UTC

Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 3bb7cd4a2f227a122349a88c1f9010d1ff4a82a4

New changelog entries:
  * SECURITY UPDATE: overflow in locale_get_display_name
    - debian/patches/CVE-2014-9912.patch: check locale name length in
      ext/intl/locale/locale_methods.c, added test to
      ext/intl/tests/bug67397.phpt.
    - CVE-2014-9912
  * SECURITY UPDATE: infinite loop via crafted serialized data
    - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value
      in Zend/zend_exceptions.c, fix tests in
      ext/standard/tests/serialize/bug69152.phpt,
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre2.patch: fix test in
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to
      Zend/zend_API.*.
    - debian/patches/CVE-2016-7478.patch: fix memcpy in
      Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c,
      ext/bcmath/libbcmath/src/outofmem.c.
    - CVE-2016-7478
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference
      in ext/standard/var_unserializer.*, added test to
      standard/tests/serialize/bug68545.phpt.
    - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in
      ext/standard/var_unserializer.*.
    - CVE-2016-7479
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c,
      ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt,
      ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt.
    - CVE-2016-9934
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9935-1.patch: fix memory leak in
      ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c.
    - CVE-2016-9935
  * SECURITY UPDATE: exif DoS via FPE
    - debian/patches/CVE-2016-10158.patch: fix integer size issue in
      ext/exif/exif.c.
    - CVE-2016-10158
  * SECURITY UPDATE: integer overflow in phar_parse_pharfile
    - debian/patches/CVE-2016-10159.patch: fix overflows in
      ext/phar/phar.c.
    - CVE-2016-10159
  * SECURITY UPDATE: off-by-one in phar_parse_pharfile
    - debian/patches/CVE-2016-10160.patch: handle length in
      ext/phar/phar.c.
    - CVE-2016-10160
  * SECURITY UPDATE: denial of service via crafted serialized data
    - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/serialize/bug73825.phpt.
    - CVE-2016-10161
  * debian/control: Build-Depends on mysql-server-5.5 to work with
    recent MySQL security updates.

applied/ubuntu/precise-devel 2017-02-14 18:38:23 UTC 2017-02-14
Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2017-02-10 15:32:09 UTC

Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e33dc145ce786c161b8b7f519c4b20a3e42c7fac
Unapplied parent: e4e590cbde2f374accae4f0ccce7477ffe8f047c

New changelog entries:
  * SECURITY UPDATE: overflow in locale_get_display_name
    - debian/patches/CVE-2014-9912.patch: check locale name length in
      ext/intl/locale/locale_methods.c, added test to
      ext/intl/tests/bug67397.phpt.
    - CVE-2014-9912
  * SECURITY UPDATE: infinite loop via crafted serialized data
    - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value
      in Zend/zend_exceptions.c, fix tests in
      ext/standard/tests/serialize/bug69152.phpt,
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre2.patch: fix test in
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to
      Zend/zend_API.*.
    - debian/patches/CVE-2016-7478.patch: fix memcpy in
      Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c,
      ext/bcmath/libbcmath/src/outofmem.c.
    - CVE-2016-7478
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference
      in ext/standard/var_unserializer.*, added test to
      standard/tests/serialize/bug68545.phpt.
    - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in
      ext/standard/var_unserializer.*.
    - CVE-2016-7479
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c,
      ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt,
      ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt.
    - CVE-2016-9934
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9935-1.patch: fix memory leak in
      ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c.
    - CVE-2016-9935
  * SECURITY UPDATE: exif DoS via FPE
    - debian/patches/CVE-2016-10158.patch: fix integer size issue in
      ext/exif/exif.c.
    - CVE-2016-10158
  * SECURITY UPDATE: integer overflow in phar_parse_pharfile
    - debian/patches/CVE-2016-10159.patch: fix overflows in
      ext/phar/phar.c.
    - CVE-2016-10159
  * SECURITY UPDATE: off-by-one in phar_parse_pharfile
    - debian/patches/CVE-2016-10160.patch: handle length in
      ext/phar/phar.c.
    - CVE-2016-10160
  * SECURITY UPDATE: denial of service via crafted serialized data
    - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/serialize/bug73825.phpt.
    - CVE-2016-10161
  * debian/control: Build-Depends on mysql-server-5.5 to work with
    recent MySQL security updates.

applied/ubuntu/precise-security 2017-02-14 18:38:23 UTC 2017-02-14
Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-s...

Author: Marc Deslauriers
Author Date: 2017-02-10 15:32:09 UTC

Import patches-applied version 5.3.10-1ubuntu3.26 to applied/ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: e33dc145ce786c161b8b7f519c4b20a3e42c7fac
Unapplied parent: e4e590cbde2f374accae4f0ccce7477ffe8f047c

New changelog entries:
  * SECURITY UPDATE: overflow in locale_get_display_name
    - debian/patches/CVE-2014-9912.patch: check locale name length in
      ext/intl/locale/locale_methods.c, added test to
      ext/intl/tests/bug67397.phpt.
    - CVE-2014-9912
  * SECURITY UPDATE: infinite loop via crafted serialized data
    - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value
      in Zend/zend_exceptions.c, fix tests in
      ext/standard/tests/serialize/bug69152.phpt,
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre2.patch: fix test in
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to
      Zend/zend_API.*.
    - debian/patches/CVE-2016-7478.patch: fix memcpy in
      Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c,
      ext/bcmath/libbcmath/src/outofmem.c.
    - CVE-2016-7478
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference
      in ext/standard/var_unserializer.*, added test to
      standard/tests/serialize/bug68545.phpt.
    - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in
      ext/standard/var_unserializer.*.
    - CVE-2016-7479
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c,
      ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt,
      ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt.
    - CVE-2016-9934
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9935-1.patch: fix memory leak in
      ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c.
    - CVE-2016-9935
  * SECURITY UPDATE: exif DoS via FPE
    - debian/patches/CVE-2016-10158.patch: fix integer size issue in
      ext/exif/exif.c.
    - CVE-2016-10158
  * SECURITY UPDATE: integer overflow in phar_parse_pharfile
    - debian/patches/CVE-2016-10159.patch: fix overflows in
      ext/phar/phar.c.
    - CVE-2016-10159
  * SECURITY UPDATE: off-by-one in phar_parse_pharfile
    - debian/patches/CVE-2016-10160.patch: handle length in
      ext/phar/phar.c.
    - CVE-2016-10160
  * SECURITY UPDATE: denial of service via crafted serialized data
    - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/serialize/bug73825.phpt.
    - CVE-2016-10161
  * debian/control: Build-Depends on mysql-server-5.5 to work with
    recent MySQL security updates.

ubuntu/precise-updates 2017-02-14 18:38:23 UTC 2017-02-14
Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security

Author: Marc Deslauriers
Author Date: 2017-02-10 15:32:09 UTC

Import patches-unapplied version 5.3.10-1ubuntu3.26 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 3bb7cd4a2f227a122349a88c1f9010d1ff4a82a4

New changelog entries:
  * SECURITY UPDATE: overflow in locale_get_display_name
    - debian/patches/CVE-2014-9912.patch: check locale name length in
      ext/intl/locale/locale_methods.c, added test to
      ext/intl/tests/bug67397.phpt.
    - CVE-2014-9912
  * SECURITY UPDATE: infinite loop via crafted serialized data
    - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value
      in Zend/zend_exceptions.c, fix tests in
      ext/standard/tests/serialize/bug69152.phpt,
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre2.patch: fix test in
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre3.patch: add zend_unset_property() to
      Zend/zend_API.*.
    - debian/patches/CVE-2016-7478.patch: fix memcpy in
      Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c,
      ext/bcmath/libbcmath/src/outofmem.c.
    - CVE-2016-7478
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference
      in ext/standard/var_unserializer.*, added test to
      standard/tests/serialize/bug68545.phpt.
    - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in
      ext/standard/var_unserializer.*.
    - CVE-2016-7479
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c,
      ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt,
      ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt.
    - CVE-2016-9934
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9935-1.patch: fix memory leak in
      ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c.
    - CVE-2016-9935
  * SECURITY UPDATE: exif DoS via FPE
    - debian/patches/CVE-2016-10158.patch: fix integer size issue in
      ext/exif/exif.c.
    - CVE-2016-10158
  * SECURITY UPDATE: integer overflow in phar_parse_pharfile
    - debian/patches/CVE-2016-10159.patch: fix overflows in
      ext/phar/phar.c.
    - CVE-2016-10159
  * SECURITY UPDATE: off-by-one in phar_parse_pharfile
    - debian/patches/CVE-2016-10160.patch: handle length in
      ext/phar/phar.c.
    - CVE-2016-10160
  * SECURITY UPDATE: denial of service via crafted serialized data
    - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/serialize/bug73825.phpt.
    - CVE-2016-10161
  * debian/control: Build-Depends on mysql-server-5.5 to work with
    recent MySQL security updates.

debian/sid 2016-09-18 22:26:04 UTC 2016-09-18
Import patches-unapplied version 5.6.26+dfsg-1 to debian/sid

Author: Ondřej Surý
Author Date: 2016-09-18 08:59:09 UTC

Import patches-unapplied version 5.6.26+dfsg-1 to debian/sid

Imported using git-ubuntu import.

Changelog parent: cd00196f62db0082a6f9d75f27c63b4e45e31743

New changelog entries:
  * Imported Upstream version 5.6.26+dfsg
  * Rebase patches on top of PHP 5.6.26+dfsg release
  * Imported Upstream version 5.6.25+dfsg
  * Rebase patches on top of 5.6.25+dfsg

debian/stretch 2016-06-16 10:19:56 UTC 2016-06-16
Import patches-unapplied version 5.6.22+dfsg-2 to debian/sid

Author: Ondřej Surý
Author Date: 2016-06-15 16:02:46 UTC

Import patches-unapplied version 5.6.22+dfsg-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 6d17da71047aab3cf46ec748db7ea693700efa1d

New changelog entries:
  * Silence errors from find caused by time race (Closes: #827370)

ubuntu/trusty-proposed 2016-06-01 12:49:03 UTC 2016-06-01
Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.18 to ubuntu/trusty-prop...

Author: Nish Aravamudan
Author Date: 2016-05-31 12:58:02 UTC

Import patches-unapplied version 5.5.9+dfsg-1ubuntu4.18 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 997715b98c4db94fec5538026056b76417898fe1

New changelog entries:
  * Fix zlib function naming with LFS (LP: #1315888).

applied/ubuntu/trusty-proposed 2016-06-01 12:49:03 UTC 2016-06-01
Import patches-applied version 5.5.9+dfsg-1ubuntu4.18 to applied/ubuntu/trust...

Author: Nish Aravamudan
Author Date: 2016-05-31 12:58:02 UTC

Import patches-applied version 5.5.9+dfsg-1ubuntu4.18 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 5869edc535bd6bf178dc3e0e9e175d3097307e6c
Unapplied parent: f1785799bbad924e62dc222b9df565e82b8b87b2

New changelog entries:
  * Fix zlib function naming with LFS (LP: #1315888).

ubuntu/wily-updates 2016-05-24 17:34:37 UTC 2016-05-24
Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-05-19 16:03:33 UTC

Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: ce459fd1884cc2398d02e4835c7113d74179f5e9

New changelog entries:
  * SECURITY UPDATE: heap corruption in tar/zip/phar parser
    - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in
      ext/phar/phar_object.c.
    - CVE-2016-4342
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2016-4343.patch: check lengths in
      ext/phar/dirstream.c, ext/phar/tar.c.
    - CVE-2016-4343
  * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_
    definition
    - debian/patches/CVE-2016-4537.patch: properly detect scale in
      ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt.
    - CVE-2016-4537
    - CVE-2016-4538
  * SECURITY UPDATE: xml_parse_into_struct segmentation fault
    - debian/patches/CVE-2016-4539.patch: check parser->level in
      ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt.
    - CVE-2016-4539
  * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and
    zif_grapheme_strpos with negative offset
    - debian/patches/CVE-2016-4540.patch: check bounds in
      ext/intl/grapheme/grapheme_string.c, added test to
      ext/intl/tests/bug72061.phpt.
    - CVE-2016-4540
    - CVE-2016-4541
  * SECURITY UPDATE: out of bounds heap read access in exif header
    processing
    - debian/patches/CVE-2016-4542.patch: check sizes and length in
      ext/exif/exif.c.
    - CVE-2016-4542
    - CVE-2016-4543
    - CVE-2016-4544

applied/ubuntu/wily-security 2016-05-24 17:34:37 UTC 2016-05-24
Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-...

Author: Marc Deslauriers
Author Date: 2016-05-19 16:03:33 UTC

Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 0492ff403a794472a2bc1732e4c9e59e65d4f100
Unapplied parent: e72f3f6ea8aa29c5d64e54357fa12d422017231c

New changelog entries:
  * SECURITY UPDATE: heap corruption in tar/zip/phar parser
    - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in
      ext/phar/phar_object.c.
    - CVE-2016-4342
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2016-4343.patch: check lengths in
      ext/phar/dirstream.c, ext/phar/tar.c.
    - CVE-2016-4343
  * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_
    definition
    - debian/patches/CVE-2016-4537.patch: properly detect scale in
      ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt.
    - CVE-2016-4537
    - CVE-2016-4538
  * SECURITY UPDATE: xml_parse_into_struct segmentation fault
    - debian/patches/CVE-2016-4539.patch: check parser->level in
      ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt.
    - CVE-2016-4539
  * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and
    zif_grapheme_strpos with negative offset
    - debian/patches/CVE-2016-4540.patch: check bounds in
      ext/intl/grapheme/grapheme_string.c, added test to
      ext/intl/tests/bug72061.phpt.
    - CVE-2016-4540
    - CVE-2016-4541
  * SECURITY UPDATE: out of bounds heap read access in exif header
    processing
    - debian/patches/CVE-2016-4542.patch: check sizes and length in
      ext/exif/exif.c.
    - CVE-2016-4542
    - CVE-2016-4543
    - CVE-2016-4544

ubuntu/wily-security 2016-05-24 17:34:37 UTC 2016-05-24
Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-05-19 16:03:33 UTC

Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: ce459fd1884cc2398d02e4835c7113d74179f5e9

New changelog entries:
  * SECURITY UPDATE: heap corruption in tar/zip/phar parser
    - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in
      ext/phar/phar_object.c.
    - CVE-2016-4342
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2016-4343.patch: check lengths in
      ext/phar/dirstream.c, ext/phar/tar.c.
    - CVE-2016-4343
  * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_
    definition
    - debian/patches/CVE-2016-4537.patch: properly detect scale in
      ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt.
    - CVE-2016-4537
    - CVE-2016-4538
  * SECURITY UPDATE: xml_parse_into_struct segmentation fault
    - debian/patches/CVE-2016-4539.patch: check parser->level in
      ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt.
    - CVE-2016-4539
  * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and
    zif_grapheme_strpos with negative offset
    - debian/patches/CVE-2016-4540.patch: check bounds in
      ext/intl/grapheme/grapheme_string.c, added test to
      ext/intl/tests/bug72061.phpt.
    - CVE-2016-4540
    - CVE-2016-4541
  * SECURITY UPDATE: out of bounds heap read access in exif header
    processing
    - debian/patches/CVE-2016-4542.patch: check sizes and length in
      ext/exif/exif.c.
    - CVE-2016-4542
    - CVE-2016-4543
    - CVE-2016-4544

applied/ubuntu/wily-updates 2016-05-24 17:34:37 UTC 2016-05-24
Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-...

Author: Marc Deslauriers
Author Date: 2016-05-19 16:03:33 UTC

Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 0492ff403a794472a2bc1732e4c9e59e65d4f100
Unapplied parent: e72f3f6ea8aa29c5d64e54357fa12d422017231c

New changelog entries:
  * SECURITY UPDATE: heap corruption in tar/zip/phar parser
    - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in
      ext/phar/phar_object.c.
    - CVE-2016-4342
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2016-4343.patch: check lengths in
      ext/phar/dirstream.c, ext/phar/tar.c.
    - CVE-2016-4343
  * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_
    definition
    - debian/patches/CVE-2016-4537.patch: properly detect scale in
      ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt.
    - CVE-2016-4537
    - CVE-2016-4538
  * SECURITY UPDATE: xml_parse_into_struct segmentation fault
    - debian/patches/CVE-2016-4539.patch: check parser->level in
      ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt.
    - CVE-2016-4539
  * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and
    zif_grapheme_strpos with negative offset
    - debian/patches/CVE-2016-4540.patch: check bounds in
      ext/intl/grapheme/grapheme_string.c, added test to
      ext/intl/tests/bug72061.phpt.
    - CVE-2016-4540
    - CVE-2016-4541
  * SECURITY UPDATE: out of bounds heap read access in exif header
    processing
    - debian/patches/CVE-2016-4542.patch: check sizes and length in
      ext/exif/exif.c.
    - CVE-2016-4542
    - CVE-2016-4543
    - CVE-2016-4544

ubuntu/wily-devel 2016-05-24 17:34:37 UTC 2016-05-24
Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security

Author: Marc Deslauriers
Author Date: 2016-05-19 16:03:33 UTC

Import patches-unapplied version 5.6.11+dfsg-1ubuntu3.4 to ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: ce459fd1884cc2398d02e4835c7113d74179f5e9

New changelog entries:
  * SECURITY UPDATE: heap corruption in tar/zip/phar parser
    - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in
      ext/phar/phar_object.c.
    - CVE-2016-4342
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2016-4343.patch: check lengths in
      ext/phar/dirstream.c, ext/phar/tar.c.
    - CVE-2016-4343
  * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_
    definition
    - debian/patches/CVE-2016-4537.patch: properly detect scale in
      ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt.
    - CVE-2016-4537
    - CVE-2016-4538
  * SECURITY UPDATE: xml_parse_into_struct segmentation fault
    - debian/patches/CVE-2016-4539.patch: check parser->level in
      ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt.
    - CVE-2016-4539
  * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and
    zif_grapheme_strpos with negative offset
    - debian/patches/CVE-2016-4540.patch: check bounds in
      ext/intl/grapheme/grapheme_string.c, added test to
      ext/intl/tests/bug72061.phpt.
    - CVE-2016-4540
    - CVE-2016-4541
  * SECURITY UPDATE: out of bounds heap read access in exif header
    processing
    - debian/patches/CVE-2016-4542.patch: check sizes and length in
      ext/exif/exif.c.
    - CVE-2016-4542
    - CVE-2016-4543
    - CVE-2016-4544

applied/ubuntu/wily-devel 2016-05-24 17:34:37 UTC 2016-05-24
Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-...

Author: Marc Deslauriers
Author Date: 2016-05-19 16:03:33 UTC

Import patches-applied version 5.6.11+dfsg-1ubuntu3.4 to applied/ubuntu/wily-security

Imported using git-ubuntu import.

Changelog parent: 0492ff403a794472a2bc1732e4c9e59e65d4f100
Unapplied parent: e72f3f6ea8aa29c5d64e54357fa12d422017231c

New changelog entries:
  * SECURITY UPDATE: heap corruption in tar/zip/phar parser
    - debian/patches/CVE-2016-4342.patch: remove UMR when size is 0 in
      ext/phar/phar_object.c.
    - CVE-2016-4342
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2016-4343.patch: check lengths in
      ext/phar/dirstream.c, ext/phar/tar.c.
    - CVE-2016-4343
  * SECURITY UPDATE: bcpowmod accepts negative scale and corrupts _one_
    definition
    - debian/patches/CVE-2016-4537.patch: properly detect scale in
      ext/bcmath/bcmath.c, add test to ext/bcmath/tests/bug72093.phpt.
    - CVE-2016-4537
    - CVE-2016-4538
  * SECURITY UPDATE: xml_parse_into_struct segmentation fault
    - debian/patches/CVE-2016-4539.patch: check parser->level in
      ext/xml/xml.c, added test to ext/xml/tests/bug72099.phpt.
    - CVE-2016-4539
  * SECURITY UPDATE: out-of-bounds reads in zif_grapheme_stripos and
    zif_grapheme_strpos with negative offset
    - debian/patches/CVE-2016-4540.patch: check bounds in
      ext/intl/grapheme/grapheme_string.c, added test to
      ext/intl/tests/bug72061.phpt.
    - CVE-2016-4540
    - CVE-2016-4541
  * SECURITY UPDATE: out of bounds heap read access in exif header
    processing
    - debian/patches/CVE-2016-4542.patch: check sizes and length in
      ext/exif/exif.c.
    - CVE-2016-4542
    - CVE-2016-4543
    - CVE-2016-4544

debian/wheezy 2016-04-02 23:40:25 UTC 2016-04-02
Import patches-unapplied version 5.4.45-0+deb7u2 to debian/wheezy

Author: Ondřej Surý
Author Date: 2015-10-04 15:12:28 UTC

Import patches-unapplied version 5.4.45-0+deb7u2 to debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 9af75b699ca1104f58d68a079f0323235717fe92

New changelog entries:
  * Merge security updates from PHP 5.5.30 into PHP 5.4.45
   - Phar:
    . Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()).
    . Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when
      zip entry filename is "/").
  * Add a notice about PHP 5.4 EOL to d/NEWS
  * New upstream version 5.4.45
   - Core:
    . Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
    . Fixed bug #70219 (Use after free vulnerability in session
      deserializer).
   - EXIF:
    . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD
      tag byte value of 32 bytes).
   - hash:
    . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
   - PCRE:
    . Fixed bug #70345 (Multiple vulnerabilities related to PCRE
      functions).
   - SOAP:
    . Fixed bug #70388 (SOAP serialize_function_call() type confusion /
      RCE).
   - SPL:
    . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with
      SplObjectStorage).
    . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with
      SplDoublyLinkedList).
   - XSLT:
    . Fixed bug #69782 (NULL pointer dereference).
   - ZIP:
    . Fixed bug #70350 (ZipArchive::extractTo allows for directory
      traversal when creating directories).
  * Rebase patches on top of 5.4.45 release

ubuntu/devel 2016-01-22 14:43:54 UTC 2016-01-22
Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed

Author: Marc Deslauriers
Author Date: 2016-01-21 19:32:01 UTC

Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 0dcf22d74ea0c365c96414c876e88e5680fd956a

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop support for firebird, c-client, mcrypt, onig and qdbm as they
      are in universe:
      + d/control: drop Build-Depends on firebird-dev, libc-client-dev,
        libmcrypt-dev, libonig-dev, libqdbm-dev.
      + d/control: drop binary packages php5-imap, php5-interbase and
        php5-mcrypt and their reverse dependencies.
      + d/rules: drop configuration of qdgm, onig, imap, mcrypt.
      + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
        build interbase or firebird.
      + d/modulelist: drop imap, interbase and mcrypt.
    - d/control: switch Build-Depends of netcat-traditional to
      netcat-openbsd as only the latter is in main.
    - d/source_php5.py, d/rules: add apport hook.

ubuntu/xenial 2016-01-22 14:43:54 UTC 2016-01-22
Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed

Author: Marc Deslauriers
Author Date: 2016-01-21 19:32:01 UTC

Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 0dcf22d74ea0c365c96414c876e88e5680fd956a

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop support for firebird, c-client, mcrypt, onig and qdbm as they
      are in universe:
      + d/control: drop Build-Depends on firebird-dev, libc-client-dev,
        libmcrypt-dev, libonig-dev, libqdbm-dev.
      + d/control: drop binary packages php5-imap, php5-interbase and
        php5-mcrypt and their reverse dependencies.
      + d/rules: drop configuration of qdgm, onig, imap, mcrypt.
      + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
        build interbase or firebird.
      + d/modulelist: drop imap, interbase and mcrypt.
    - d/control: switch Build-Depends of netcat-traditional to
      netcat-openbsd as only the latter is in main.
    - d/source_php5.py, d/rules: add apport hook.

ubuntu/xenial-proposed 2016-01-22 14:43:54 UTC 2016-01-22
Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed

Author: Marc Deslauriers
Author Date: 2016-01-21 19:32:01 UTC

Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 0dcf22d74ea0c365c96414c876e88e5680fd956a

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop support for firebird, c-client, mcrypt, onig and qdbm as they
      are in universe:
      + d/control: drop Build-Depends on firebird-dev, libc-client-dev,
        libmcrypt-dev, libonig-dev, libqdbm-dev.
      + d/control: drop binary packages php5-imap, php5-interbase and
        php5-mcrypt and their reverse dependencies.
      + d/rules: drop configuration of qdgm, onig, imap, mcrypt.
      + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
        build interbase or firebird.
      + d/modulelist: drop imap, interbase and mcrypt.
    - d/control: switch Build-Depends of netcat-traditional to
      netcat-openbsd as only the latter is in main.
    - d/source_php5.py, d/rules: add apport hook.

applied/ubuntu/xenial-proposed 2016-01-22 14:43:54 UTC 2016-01-22
Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-...

Author: Marc Deslauriers
Author Date: 2016-01-21 19:32:01 UTC

Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: ca13600a49fa735478859be16e31f09d02a2d573
Unapplied parent: f76528cf654992c4d1e00a3f64b1a7feaa354478

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop support for firebird, c-client, mcrypt, onig and qdbm as they
      are in universe:
      + d/control: drop Build-Depends on firebird-dev, libc-client-dev,
        libmcrypt-dev, libonig-dev, libqdbm-dev.
      + d/control: drop binary packages php5-imap, php5-interbase and
        php5-mcrypt and their reverse dependencies.
      + d/rules: drop configuration of qdgm, onig, imap, mcrypt.
      + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
        build interbase or firebird.
      + d/modulelist: drop imap, interbase and mcrypt.
    - d/control: switch Build-Depends of netcat-traditional to
      netcat-openbsd as only the latter is in main.
    - d/source_php5.py, d/rules: add apport hook.
  * Fail gracefully when other PHP module is enabled in Apache2
  * php5-maintscript-helper needs update for phpdbg to fix postinst
    failure
  * Disable tests on armhf as they take a long time
  * Merge patch for ODBC bug fix varchars returning with length zero
  * Fix missing phpdbg sapi from the for loop that prevented the modules
    to be enabled for phpdbg SAPI
  * Build-Depend just on libpng-dev
  * Imported Upstream version 5.6.17+dfsg
  * Rebase patches on top of 5.6.17 release
  * Make phar command versioned and use update-alternatives for 'phar'
    name to allow src:php5 packages to be co-installed with src:php7.0
  * Remove invalid patch to not reset packagingroot inside
    PEAR/Command/Install.php
  * Revert PEAR version to last working version from PHP 5.6.14
    (Closes: #805222)

applied/ubuntu/xenial-devel 2016-01-22 14:43:54 UTC 2016-01-22
Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-...

Author: Marc Deslauriers
Author Date: 2016-01-21 19:32:01 UTC

Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: ca13600a49fa735478859be16e31f09d02a2d573
Unapplied parent: f76528cf654992c4d1e00a3f64b1a7feaa354478

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop support for firebird, c-client, mcrypt, onig and qdbm as they
      are in universe:
      + d/control: drop Build-Depends on firebird-dev, libc-client-dev,
        libmcrypt-dev, libonig-dev, libqdbm-dev.
      + d/control: drop binary packages php5-imap, php5-interbase and
        php5-mcrypt and their reverse dependencies.
      + d/rules: drop configuration of qdgm, onig, imap, mcrypt.
      + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
        build interbase or firebird.
      + d/modulelist: drop imap, interbase and mcrypt.
    - d/control: switch Build-Depends of netcat-traditional to
      netcat-openbsd as only the latter is in main.
    - d/source_php5.py, d/rules: add apport hook.
  * Fail gracefully when other PHP module is enabled in Apache2
  * php5-maintscript-helper needs update for phpdbg to fix postinst
    failure
  * Disable tests on armhf as they take a long time
  * Merge patch for ODBC bug fix varchars returning with length zero
  * Fix missing phpdbg sapi from the for loop that prevented the modules
    to be enabled for phpdbg SAPI
  * Build-Depend just on libpng-dev
  * Imported Upstream version 5.6.17+dfsg
  * Rebase patches on top of 5.6.17 release
  * Make phar command versioned and use update-alternatives for 'phar'
    name to allow src:php5 packages to be co-installed with src:php7.0
  * Remove invalid patch to not reset packagingroot inside
    PEAR/Command/Install.php
  * Revert PEAR version to last working version from PHP 5.6.14
    (Closes: #805222)

applied/ubuntu/devel 2016-01-22 14:43:54 UTC 2016-01-22
Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-...

Author: Marc Deslauriers
Author Date: 2016-01-21 19:32:01 UTC

Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: ca13600a49fa735478859be16e31f09d02a2d573
Unapplied parent: f76528cf654992c4d1e00a3f64b1a7feaa354478

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop support for firebird, c-client, mcrypt, onig and qdbm as they
      are in universe:
      + d/control: drop Build-Depends on firebird-dev, libc-client-dev,
        libmcrypt-dev, libonig-dev, libqdbm-dev.
      + d/control: drop binary packages php5-imap, php5-interbase and
        php5-mcrypt and their reverse dependencies.
      + d/rules: drop configuration of qdgm, onig, imap, mcrypt.
      + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
        build interbase or firebird.
      + d/modulelist: drop imap, interbase and mcrypt.
    - d/control: switch Build-Depends of netcat-traditional to
      netcat-openbsd as only the latter is in main.
    - d/source_php5.py, d/rules: add apport hook.
  * Fail gracefully when other PHP module is enabled in Apache2
  * php5-maintscript-helper needs update for phpdbg to fix postinst
    failure
  * Disable tests on armhf as they take a long time
  * Merge patch for ODBC bug fix varchars returning with length zero
  * Fix missing phpdbg sapi from the for loop that prevented the modules
    to be enabled for phpdbg SAPI
  * Build-Depend just on libpng-dev
  * Imported Upstream version 5.6.17+dfsg
  * Rebase patches on top of 5.6.17 release
  * Make phar command versioned and use update-alternatives for 'phar'
    name to allow src:php5 packages to be co-installed with src:php7.0
  * Remove invalid patch to not reset packagingroot inside
    PEAR/Command/Install.php
  * Revert PEAR version to last working version from PHP 5.6.14
    (Closes: #805222)

applied/ubuntu/xenial 2016-01-22 14:43:54 UTC 2016-01-22
Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-...

Author: Marc Deslauriers
Author Date: 2016-01-21 19:32:01 UTC

Import patches-applied version 5.6.17+dfsg-3ubuntu1 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: ca13600a49fa735478859be16e31f09d02a2d573
Unapplied parent: f76528cf654992c4d1e00a3f64b1a7feaa354478

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop support for firebird, c-client, mcrypt, onig and qdbm as they
      are in universe:
      + d/control: drop Build-Depends on firebird-dev, libc-client-dev,
        libmcrypt-dev, libonig-dev, libqdbm-dev.
      + d/control: drop binary packages php5-imap, php5-interbase and
        php5-mcrypt and their reverse dependencies.
      + d/rules: drop configuration of qdgm, onig, imap, mcrypt.
      + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
        build interbase or firebird.
      + d/modulelist: drop imap, interbase and mcrypt.
    - d/control: switch Build-Depends of netcat-traditional to
      netcat-openbsd as only the latter is in main.
    - d/source_php5.py, d/rules: add apport hook.
  * Fail gracefully when other PHP module is enabled in Apache2
  * php5-maintscript-helper needs update for phpdbg to fix postinst
    failure
  * Disable tests on armhf as they take a long time
  * Merge patch for ODBC bug fix varchars returning with length zero
  * Fix missing phpdbg sapi from the for loop that prevented the modules
    to be enabled for phpdbg SAPI
  * Build-Depend just on libpng-dev
  * Imported Upstream version 5.6.17+dfsg
  * Rebase patches on top of 5.6.17 release
  * Make phar command versioned and use update-alternatives for 'phar'
    name to allow src:php5 packages to be co-installed with src:php7.0
  * Remove invalid patch to not reset packagingroot inside
    PEAR/Command/Install.php
  * Revert PEAR version to last working version from PHP 5.6.14
    (Closes: #805222)

ubuntu/xenial-devel 2016-01-22 14:43:54 UTC 2016-01-22
Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed

Author: Marc Deslauriers
Author Date: 2016-01-21 19:32:01 UTC

Import patches-unapplied version 5.6.17+dfsg-3ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 0dcf22d74ea0c365c96414c876e88e5680fd956a

New changelog entries:
  * Merge from Debian. Remaining changes:
    - Drop support for firebird, c-client, mcrypt, onig and qdbm as they
      are in universe:
      + d/control: drop Build-Depends on firebird-dev, libc-client-dev,
        libmcrypt-dev, libonig-dev, libqdbm-dev.
      + d/control: drop binary packages php5-imap, php5-interbase and
        php5-mcrypt and their reverse dependencies.
      + d/rules: drop configuration of qdgm, onig, imap, mcrypt.
      + d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't
        build interbase or firebird.
      + d/modulelist: drop imap, interbase and mcrypt.
    - d/control: switch Build-Depends of netcat-traditional to
      netcat-openbsd as only the latter is in main.
    - d/source_php5.py, d/rules: add apport hook.

debian/experimental 2015-12-30 04:10:26 UTC 2015-12-30
Import patches-unapplied version 7.0 to debian/experimental

Author: Ondřej Surý
Author Date: 2015-12-29 08:27:34 UTC

Import patches-unapplied version 7.0 to debian/experimental

Imported using git-ubuntu import.

applied/debian/stretch 2015-12-07 22:21:49 UTC 2015-12-07
Import patches-applied version 5.6.16+dfsg-2 to applied/debian/sid

Author: Ondřej Surý
Author Date: 2015-12-07 16:15:51 UTC

Import patches-applied version 5.6.16+dfsg-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 81e18b037c154b5b0ae01ca7ffb9d44b5d5238c8
Unapplied parent: 7be1ee7f36059b43fa9f8646e0f4c611ca9cd73a

New changelog entries:
  [ Jan Wagner ]
  * Adding 'PHP_INI_SCAN_DIR=/etc/php5/${conf_dir}/conf.d/' to session
    cleanup script when calling php
  [ Ondřej Surý ]
  * Add patch to not reset packagingroot inside PEAR/Command/Install.php
    (Closes: #805222)

applied/debian/sid 2015-12-07 22:21:49 UTC 2015-12-07
Import patches-applied version 5.6.16+dfsg-2 to applied/debian/sid

Author: Ondřej Surý
Author Date: 2015-12-07 16:15:51 UTC

Import patches-applied version 5.6.16+dfsg-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 81e18b037c154b5b0ae01ca7ffb9d44b5d5238c8
Unapplied parent: 7be1ee7f36059b43fa9f8646e0f4c611ca9cd73a

New changelog entries:
  [ Jan Wagner ]
  * Adding 'PHP_INI_SCAN_DIR=/etc/php5/${conf_dir}/conf.d/' to session
    cleanup script when calling php
  [ Ondřej Surý ]
  * Add patch to not reset packagingroot inside PEAR/Command/Install.php
    (Closes: #805222)

applied/ubuntu/vivid-security 2015-10-28 13:38:44 UTC 2015-10-28
Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-...

Author: Marc Deslauriers
Author Date: 2015-10-27 20:52:47 UTC

Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 462717321d388d8698ebb077aa85902abdacc38b
Unapplied parent: 6df86cd1aa2f7fc0e866d710317c9cf44eabe724

New changelog entries:
  * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset()
    - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c.
    - CVE-2015-7803
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2015-7804.patch: check filename length in
      ext/phar/util.c, ext/phar/zip.c.
    - CVE-2015-7804

applied/ubuntu/vivid-updates 2015-10-28 13:38:44 UTC 2015-10-28
Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-...

Author: Marc Deslauriers
Author Date: 2015-10-27 20:52:47 UTC

Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 462717321d388d8698ebb077aa85902abdacc38b
Unapplied parent: 6df86cd1aa2f7fc0e866d710317c9cf44eabe724

New changelog entries:
  * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset()
    - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c.
    - CVE-2015-7803
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2015-7804.patch: check filename length in
      ext/phar/util.c, ext/phar/zip.c.
    - CVE-2015-7804

ubuntu/vivid-security 2015-10-28 13:38:44 UTC 2015-10-28
Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security

Author: Marc Deslauriers
Author Date: 2015-10-27 20:52:47 UTC

Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 95f6022be2d2eac3efb1af50a9095677f1302f1e

New changelog entries:
  * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset()
    - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c.
    - CVE-2015-7803
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2015-7804.patch: check filename length in
      ext/phar/util.c, ext/phar/zip.c.
    - CVE-2015-7804

ubuntu/vivid-devel 2015-10-28 13:38:44 UTC 2015-10-28
Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security

Author: Marc Deslauriers
Author Date: 2015-10-27 20:52:47 UTC

Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 95f6022be2d2eac3efb1af50a9095677f1302f1e

New changelog entries:
  * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset()
    - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c.
    - CVE-2015-7803
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2015-7804.patch: check filename length in
      ext/phar/util.c, ext/phar/zip.c.
    - CVE-2015-7804

ubuntu/vivid-updates 2015-10-28 13:38:44 UTC 2015-10-28
Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security

Author: Marc Deslauriers
Author Date: 2015-10-27 20:52:47 UTC

Import patches-unapplied version 5.6.4+dfsg-4ubuntu6.4 to ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 95f6022be2d2eac3efb1af50a9095677f1302f1e

New changelog entries:
  * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset()
    - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c.
    - CVE-2015-7803
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2015-7804.patch: check filename length in
      ext/phar/util.c, ext/phar/zip.c.
    - CVE-2015-7804

applied/ubuntu/vivid-devel 2015-10-28 13:38:44 UTC 2015-10-28
Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-...

Author: Marc Deslauriers
Author Date: 2015-10-27 20:52:47 UTC

Import patches-applied version 5.6.4+dfsg-4ubuntu6.4 to applied/ubuntu/vivid-security

Imported using git-ubuntu import.

Changelog parent: 462717321d388d8698ebb077aa85902abdacc38b
Unapplied parent: 6df86cd1aa2f7fc0e866d710317c9cf44eabe724

New changelog entries:
  * SECURITY UPDATE: null pointer dereference in phar_get_fp_offset()
    - debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c.
    - CVE-2015-7803
  * SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
    - debian/patches/CVE-2015-7804.patch: check filename length in
      ext/phar/util.c, ext/phar/zip.c.
    - CVE-2015-7804

applied/ubuntu/wily-proposed 2015-09-29 14:34:00 UTC 2015-09-29
Import patches-applied version 5.6.11+dfsg-1ubuntu3 to applied/ubuntu/wily-pr...

Author: Marc Deslauriers
Author Date: 2015-09-28 11:26:44 UTC

Import patches-applied version 5.6.11+dfsg-1ubuntu3 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 35f22c5f1cb8474cca3a2e3949b51594b5ec8998
Unapplied parent: 7b546c6bd8bbcf33ff68ac49eb718244f8f2d4d9

New changelog entries:
  * SECURITY UPDATE: multiple use-after-free issues in unserialize()
    - debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in
      ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt.
    - debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in
      ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt.
    - debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt.
    - CVE-2015-6831
  * SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject
    items
    - debian/patches/CVE-2015-6832.patch: fix dangling pointer in
      ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt.
    - CVE-2015-6832
  * SECURITY UPDATE: phar files extracted outside of destination dir
    - debian/patches/CVE-2015-6833-1.patch: limit extracted files to given
      directory in ext/phar/phar_object.c.
    - debian/patches/CVE-2015-6833-2.patch: use emalloc in
      ext/phar/phar_object.c.
    - CVE-2015-6833
  * SECURITY UPDATE: multiple vulnerabilities in unserialize()
    - debian/patches/CVE-2015-6834-1.patch: fix use-after-free in
      ext/standard/var.c, ext/standard/var_unserializer.*.
    - debian/patches/CVE-2015-6834-2.patch: fix use-after-free in
      ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt.
    - debian/patches/CVE-2015-6834-3.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt.
    - CVE-2015-6834
  * SECURITY UPDATE: use after free in session deserializer
    - debian/patches/CVE-2015-6835-1.patch: fix use after free in
      ext/session/session.c, ext/standard/var_unserializer.*
      fixed tests in ext/session/tests/session_decode_error2.phpt,
      ext/session/tests/session_decode_variation3.phpt.
    - debian/patches/CVE-2015-6835-2.patch: add more fixes to
      ext/session/session.c.
    - CVE-2015-6835
  * SECURITY UPDATE: SOAP serialize_function_call() type confusion
    - debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c,
      added test to ext/soap/tests/bug70388.phpt.
    - CVE-2015-6836
  * SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class
    - debian/patches/CVE-2015-6837-6838.patch: fix logic in
      ext/xsl/xsltprocessor.c.
    - CVE-2015-6837
    - CVE-2015-6838

ubuntu/wily 2015-09-29 14:34:00 UTC 2015-09-29
Import patches-unapplied version 5.6.11+dfsg-1ubuntu3 to ubuntu/wily-proposed

Author: Marc Deslauriers
Author Date: 2015-09-28 11:26:44 UTC

Import patches-unapplied version 5.6.11+dfsg-1ubuntu3 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: e116cdec74b323280a63ed52fd42e0331f683534

New changelog entries:
  * SECURITY UPDATE: multiple use-after-free issues in unserialize()
    - debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in
      ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt.
    - debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in
      ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt.
    - debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt.
    - CVE-2015-6831
  * SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject
    items
    - debian/patches/CVE-2015-6832.patch: fix dangling pointer in
      ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt.
    - CVE-2015-6832
  * SECURITY UPDATE: phar files extracted outside of destination dir
    - debian/patches/CVE-2015-6833-1.patch: limit extracted files to given
      directory in ext/phar/phar_object.c.
    - debian/patches/CVE-2015-6833-2.patch: use emalloc in
      ext/phar/phar_object.c.
    - CVE-2015-6833
  * SECURITY UPDATE: multiple vulnerabilities in unserialize()
    - debian/patches/CVE-2015-6834-1.patch: fix use-after-free in
      ext/standard/var.c, ext/standard/var_unserializer.*.
    - debian/patches/CVE-2015-6834-2.patch: fix use-after-free in
      ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt.
    - debian/patches/CVE-2015-6834-3.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt.
    - CVE-2015-6834
  * SECURITY UPDATE: use after free in session deserializer
    - debian/patches/CVE-2015-6835-1.patch: fix use after free in
      ext/session/session.c, ext/standard/var_unserializer.*
      fixed tests in ext/session/tests/session_decode_error2.phpt,
      ext/session/tests/session_decode_variation3.phpt.
    - debian/patches/CVE-2015-6835-2.patch: add more fixes to
      ext/session/session.c.
    - CVE-2015-6835
  * SECURITY UPDATE: SOAP serialize_function_call() type confusion
    - debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c,
      added test to ext/soap/tests/bug70388.phpt.
    - CVE-2015-6836
  * SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class
    - debian/patches/CVE-2015-6837-6838.patch: fix logic in
      ext/xsl/xsltprocessor.c.
    - CVE-2015-6837
    - CVE-2015-6838

ubuntu/wily-proposed 2015-09-29 14:34:00 UTC 2015-09-29
Import patches-unapplied version 5.6.11+dfsg-1ubuntu3 to ubuntu/wily-proposed

Author: Marc Deslauriers
Author Date: 2015-09-28 11:26:44 UTC

Import patches-unapplied version 5.6.11+dfsg-1ubuntu3 to ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: e116cdec74b323280a63ed52fd42e0331f683534

New changelog entries:
  * SECURITY UPDATE: multiple use-after-free issues in unserialize()
    - debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in
      ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt.
    - debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in
      ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt.
    - debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt.
    - CVE-2015-6831
  * SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject
    items
    - debian/patches/CVE-2015-6832.patch: fix dangling pointer in
      ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt.
    - CVE-2015-6832
  * SECURITY UPDATE: phar files extracted outside of destination dir
    - debian/patches/CVE-2015-6833-1.patch: limit extracted files to given
      directory in ext/phar/phar_object.c.
    - debian/patches/CVE-2015-6833-2.patch: use emalloc in
      ext/phar/phar_object.c.
    - CVE-2015-6833
  * SECURITY UPDATE: multiple vulnerabilities in unserialize()
    - debian/patches/CVE-2015-6834-1.patch: fix use-after-free in
      ext/standard/var.c, ext/standard/var_unserializer.*.
    - debian/patches/CVE-2015-6834-2.patch: fix use-after-free in
      ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt.
    - debian/patches/CVE-2015-6834-3.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt.
    - CVE-2015-6834
  * SECURITY UPDATE: use after free in session deserializer
    - debian/patches/CVE-2015-6835-1.patch: fix use after free in
      ext/session/session.c, ext/standard/var_unserializer.*
      fixed tests in ext/session/tests/session_decode_error2.phpt,
      ext/session/tests/session_decode_variation3.phpt.
    - debian/patches/CVE-2015-6835-2.patch: add more fixes to
      ext/session/session.c.
    - CVE-2015-6835
  * SECURITY UPDATE: SOAP serialize_function_call() type confusion
    - debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c,
      added test to ext/soap/tests/bug70388.phpt.
    - CVE-2015-6836
  * SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class
    - debian/patches/CVE-2015-6837-6838.patch: fix logic in
      ext/xsl/xsltprocessor.c.
    - CVE-2015-6837
    - CVE-2015-6838

applied/ubuntu/wily 2015-09-29 14:34:00 UTC 2015-09-29
Import patches-applied version 5.6.11+dfsg-1ubuntu3 to applied/ubuntu/wily-pr...

Author: Marc Deslauriers
Author Date: 2015-09-28 11:26:44 UTC

Import patches-applied version 5.6.11+dfsg-1ubuntu3 to applied/ubuntu/wily-proposed

Imported using git-ubuntu import.

Changelog parent: 35f22c5f1cb8474cca3a2e3949b51594b5ec8998
Unapplied parent: 7b546c6bd8bbcf33ff68ac49eb718244f8f2d4d9

New changelog entries:
  * SECURITY UPDATE: multiple use-after-free issues in unserialize()
    - debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in
      ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt.
    - debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in
      ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt.
    - debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt.
    - CVE-2015-6831
  * SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject
    items
    - debian/patches/CVE-2015-6832.patch: fix dangling pointer in
      ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt.
    - CVE-2015-6832
  * SECURITY UPDATE: phar files extracted outside of destination dir
    - debian/patches/CVE-2015-6833-1.patch: limit extracted files to given
      directory in ext/phar/phar_object.c.
    - debian/patches/CVE-2015-6833-2.patch: use emalloc in
      ext/phar/phar_object.c.
    - CVE-2015-6833
  * SECURITY UPDATE: multiple vulnerabilities in unserialize()
    - debian/patches/CVE-2015-6834-1.patch: fix use-after-free in
      ext/standard/var.c, ext/standard/var_unserializer.*.
    - debian/patches/CVE-2015-6834-2.patch: fix use-after-free in
      ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt.
    - debian/patches/CVE-2015-6834-3.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt.
    - CVE-2015-6834
  * SECURITY UPDATE: use after free in session deserializer
    - debian/patches/CVE-2015-6835-1.patch: fix use after free in
      ext/session/session.c, ext/standard/var_unserializer.*
      fixed tests in ext/session/tests/session_decode_error2.phpt,
      ext/session/tests/session_decode_variation3.phpt.
    - debian/patches/CVE-2015-6835-2.patch: add more fixes to
      ext/session/session.c.
    - CVE-2015-6835
  * SECURITY UPDATE: SOAP serialize_function_call() type confusion
    - debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c,
      added test to ext/soap/tests/bug70388.phpt.
    - CVE-2015-6836
  * SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class
    - debian/patches/CVE-2015-6837-6838.patch: fix logic in
      ext/xsl/xsltprocessor.c.
    - CVE-2015-6837
    - CVE-2015-6838

applied/debian/wheezy 2015-09-05 17:10:38 UTC 2015-09-05
Import patches-applied version 5.4.44-0+deb7u1 to applied/debian/wheezy

Author: Ondřej Surý
Author Date: 2015-08-16 09:44:10 UTC

Import patches-applied version 5.4.44-0+deb7u1 to applied/debian/wheezy

Imported using git-ubuntu import.

Changelog parent: 943ca478e9ffce7ef2fed43224603ab46a93bf8c
Unapplied parent: 9af75b699ca1104f58d68a079f0323235717fe92

New changelog entries:
  * New upstream version 5.4.44
   - Core:
    . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive
      method calls).
    . Fixed bug #69892 (Different arrays compare indentical due to integer key
      truncation).
    . Fixed bug #70121 (unserialize() could lead to unexpected methods execution
      / NULL pointer deref).
   - OpenSSL:
    . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically
      secure).
   - Phar:
    . Improved fix for bug #69441.
    . Fixed bug #70019 (Files extracted from archive may be placed outside of
      destination directory).
   - SOAP:
    . Fixed bug #70081 (SoapClient info leak / null pointer dereference via
       multiple type confusions).
   - SPL:
    . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject
      items).
    . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with
      SPLArrayObject).
    . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with
      SplObjectStorage).
    . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with
      SplDoublyLinkedList).
  * New upstream version 5.4.43
   - Core:
    . Fixed bug #69768 (escapeshell*() doesn't cater to !).
    . Fixed bug #69874 (Can't set empty additional_headers for mail()), regression
      from fix to bug #68776.
   - Mysqlnd:
    . Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152).
   - Phar:
    . Fixed bug #69958 (Segfault in Phar::convertToData on invalid file).
    . Fixed bug #69923 (Buffer overflow and stack smashing error in
      phar_fix_filepath).
  * Rebase patches on top of 5.4.44 release
  * New upstream version 5.4.42
    (CVE-2015-4643, CVE-2015-4644, CVE-2015-4598)
   - Core:
    . Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in
      heap overflow).
    . Fixed bug #69646 (OS command injection vulnerability in escapeshellarg).
    . Fixed bug #69719 (Incorrect handling of paths with NULs).
   - Litespeed SAPI:
    . Fixed bug #68812 (Unchecked return value).
   - Mail:
    . Fixed bug #68776 (mail() does not have mail header injection prevention for
      additional headers).
   - Postgres:
    . Fixed bug #69667 (segfault in php_pgsql_meta_data).
   - Sqlite3:
    . Upgrade bundled sqlite to 3.8.10.2.
  * Refresh patches using gbp pq (rebase)
  * New upstream version 5.4.41
   - Core:
    . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability).
    . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption).
    . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+).
    . Fixed bug #69522 (heap buffer overflow in unpack()).
   - FTP:
    . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap
      overflow).
   - PCNTL:
    . Fixed bug #68598 (pcntl_exec() should not allow null char).
   - PCRE
    . Upgraded pcrelib to 8.37.
   - Phar:
    . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry
      filename starts with null).
  * Rebase patches on top of 5.4.41 version
  * Fix segfault when using SoapClient::__setSoapHeader (Closes: #781125)
  * New upstream version 5.4.39
   - Core:
    . Fixed bug #68976 (Use After Free Vulnerability in unserialize())
      (CVE-2015-0231).
    . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
      configuration options).
    . Fixed bug #69207 (move_uploaded_file allows nulls in path).
   - Ereg:
    . Fixed bug #69248 (heap overflow vulnerability in regcomp.c)
      (CVE-2015-2305).
   - SOAP:
    . Fixed bug #69085 (SoapClient's __call() type confusion through
      unserialize()).
   - ZIP:
    . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
      boundary) (CVE-2015-2331). (Closes: #780713)
  * Refresh patches for 5.4.39 and remove already merged VU695940
  * Start using git pq to manage patches in d/patches/
  * Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ since
    it's not a quilt patch
  * Add newly assigned CVE identifiers to older d/changelog entries
  * New patches:
    - 0060-PHP-SegFault-zend_hash_find-PHP-68486.patch
    - 0061-Fix-use-after-free-in-phar_object.c-PHP-68901-CVE-20.patch
      (CVE-2015-2301)
  * Remove invalid curl patch that got pulled as part of CVE-2015-1352
    (Closes: #780771, #780764)
  * Split upstream fixes for PHP#68740 and PHP#68741 into separate patches
  * New upstream version 5.4.38
   - Core:
    . Removed support for multi-line headers, as the are deprecated by
      RFC 7230.
    . Added NULL byte protection to exec, system and passthru.
    . Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc
      gethostbyname buffer overflow).
    . Fixed bug #67827 (broken detection of system crypt sha256/sha512
      support).
    . Fixed bug #68942 (Use after free vulnerability in unserialize() with
      DateTimeZone). (CVE-2015-0273)
   - Enchant:
    . Fixed bug #6855 (heap buffer overflow in enchant_broker_request_dict()).
   - SOAP:
    . Fixed bug #67427 (SoapServer cannot handle large messages)
  * Update patches for 5.4.38 release
  * Pull patch from DragonFly BSD Project to limit the pattern space to
    avoid a 32-bit overflow in Henry Spencer regular expressions (regex)
    library (Closes: #778389)
  * Drop PHP use system libs crypt patch, it has been broken and it's not
    strictly needed
  * Fix NULL Pointer Deference in pgsql (CVE-2015-1352) (Closes: #777036)
  * New upstream version 5.4.37
    + Core:
     - Fixed bug #68710 (Use After Free Vulnerability in PHP's
       unserialize()) (CVE-2015-0231).
    + CGI:
     - Fixed bug #68618 (out of bounds read crashes php-cgi)
       (CVE-2014-9427).
    + EXIF:
     - Fixed bug #68799 (Free called on unitialized pointer)
       (CVE-2015-0232).
    + Fileinfo:
     - Removed readelf.c and related code from libmagic sources.
     - Fixed bug #68735 (fileinfo out-of-bounds memory access)
       (CVE-2014-9652).
    + OpenSSL:
     - Fixed bug #55618 (use case-insensitive cert name matching).
  * Remove bugfixes that got merged into 5.4.37 release
  * Fix fileinfo out-of-bounds memory access
  * Explicitly remove readelf.c to prove we are not vulnerable to recent
    readelf vulnerabilities (CVE-2014-8116)
  * Use the noawait variant for deb-triggers to break the dependency loop
    (Closes: #774559)
  * Bump Pre-Depends on dpkg to 1.16.1~ to support noawait triggers

ubuntu/utopic-updates 2015-07-06 11:58:29 UTC 2015-07-06
Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-secu...

Author: Marc Deslauriers
Author Date: 2015-07-02 12:51:10 UTC

Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: c6a3dc652ab310881552b23796ddd9a5daa13acd

New changelog entries:
  * SECURITY UPDATE: missing file path null byte checks
    - debian/patches/CVE-2015-3411.patch: add missing checks to
      ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
      ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c,
      ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c,
      ext/zlib/zlib.c, add tests to
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/fileinfo/tests/finfo_file_basic.phpt,
      ext/hash/tests/hash_hmac_file_error.phpt
    - CVE-2015-3411
    - CVE-2015-3412
  * SECURITY UPDATE: denial of service via crafted tar archive
    - debian/patches/CVE-2015-4021.patch: handle empty strings in
      ext/phar/tar.c.
    - CVE-2015-4021
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
    - CVE-2015-4022
  * SECURITY UPDATE: denial of service via crafted form data
    - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
      in main/rfc1867.c.
    - CVE-2015-4024
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4025.patch: add missing checks to
      ext/pcntl/pcntl.c, ext/standard/basic_functions.c,
      ext/standard/dir.c, ext/standard/file.c.
    - CVE-2015-4025
    - CVE-2015-4026
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    with unexpected data type
    - debian/patches/CVE-2015-4147.patch: check variable types in
      ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
    - CVE-2015-4147
    - CVE-2015-4148
    - CVE-2015-4600
    - CVE-2015-4601
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4598.patch: add missing checks to
      ext/dom/document.c, ext/gd/gd.c, fix tests in
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/gd/tests/imageloadfont_error1.phpt,
      ext/zlib/tests/gzopen_variation1.phpt,
      ext/zlib/tests/readgzfile_variation1.phpt,
      ext/zlib/tests/readgzfile_variation6.phpt,
      ext/standard/tests/dir/dir_variation1.phpt,
      ext/standard/tests/dir/opendir_variation1.phpt,
      ext/standard/tests/file/mkdir_rmdir_variation2.phpt,
      ext/standard/tests/file/readlink_variation1.phpt,
      ext/standard/tests/file/tempnam_variation3-win32.phpt,
      ext/standard/tests/file/tempnam_variation3.phpt,
      ext/standard/tests/general_functions/include_path.phpt.
    - CVE-2015-4598
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4599.patch: use proper types in
      ext/soap/soap.c.
    - CVE-2015-4599
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4602.patch: check for proper type in
      ext/standard/incomplete_class.c.
    - CVE-2015-4602
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4603.patch: check type in
      Zend/zend_exceptions.c, add test to
      ext/standard/tests/serialize/bug69152.phpt.
    - CVE-2015-4603
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
      ext/ftp/ftp.c.
    - CVE-2015-4643
  * SECURITY UPDATE: denial of service via php_pgsql_meta_data
    - debian/patches/CVE-2015-4644.patch: check return value in
      ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
    - CVE-2015-4644
  * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
    by CVE-2015-2783 security update.

applied/ubuntu/utopic-security 2015-07-06 11:58:29 UTC 2015-07-06
Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopi...

Author: Marc Deslauriers
Author Date: 2015-07-02 12:51:10 UTC

Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: e2b611718ceefeab504692c9a9601a26af265b94
Unapplied parent: 6ca9c804716e8f568b7418f5648abab6a4f8afc9

New changelog entries:
  * SECURITY UPDATE: missing file path null byte checks
    - debian/patches/CVE-2015-3411.patch: add missing checks to
      ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
      ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c,
      ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c,
      ext/zlib/zlib.c, add tests to
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/fileinfo/tests/finfo_file_basic.phpt,
      ext/hash/tests/hash_hmac_file_error.phpt
    - CVE-2015-3411
    - CVE-2015-3412
  * SECURITY UPDATE: denial of service via crafted tar archive
    - debian/patches/CVE-2015-4021.patch: handle empty strings in
      ext/phar/tar.c.
    - CVE-2015-4021
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
    - CVE-2015-4022
  * SECURITY UPDATE: denial of service via crafted form data
    - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
      in main/rfc1867.c.
    - CVE-2015-4024
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4025.patch: add missing checks to
      ext/pcntl/pcntl.c, ext/standard/basic_functions.c,
      ext/standard/dir.c, ext/standard/file.c.
    - CVE-2015-4025
    - CVE-2015-4026
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    with unexpected data type
    - debian/patches/CVE-2015-4147.patch: check variable types in
      ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
    - CVE-2015-4147
    - CVE-2015-4148
    - CVE-2015-4600
    - CVE-2015-4601
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4598.patch: add missing checks to
      ext/dom/document.c, ext/gd/gd.c, fix tests in
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/gd/tests/imageloadfont_error1.phpt,
      ext/zlib/tests/gzopen_variation1.phpt,
      ext/zlib/tests/readgzfile_variation1.phpt,
      ext/zlib/tests/readgzfile_variation6.phpt,
      ext/standard/tests/dir/dir_variation1.phpt,
      ext/standard/tests/dir/opendir_variation1.phpt,
      ext/standard/tests/file/mkdir_rmdir_variation2.phpt,
      ext/standard/tests/file/readlink_variation1.phpt,
      ext/standard/tests/file/tempnam_variation3-win32.phpt,
      ext/standard/tests/file/tempnam_variation3.phpt,
      ext/standard/tests/general_functions/include_path.phpt.
    - CVE-2015-4598
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4599.patch: use proper types in
      ext/soap/soap.c.
    - CVE-2015-4599
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4602.patch: check for proper type in
      ext/standard/incomplete_class.c.
    - CVE-2015-4602
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4603.patch: check type in
      Zend/zend_exceptions.c, add test to
      ext/standard/tests/serialize/bug69152.phpt.
    - CVE-2015-4603
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
      ext/ftp/ftp.c.
    - CVE-2015-4643
  * SECURITY UPDATE: denial of service via php_pgsql_meta_data
    - debian/patches/CVE-2015-4644.patch: check return value in
      ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
    - CVE-2015-4644
  * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
    by CVE-2015-2783 security update.

applied/ubuntu/utopic-devel 2015-07-06 11:58:29 UTC 2015-07-06
Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopi...

Author: Marc Deslauriers
Author Date: 2015-07-02 12:51:10 UTC

Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: e2b611718ceefeab504692c9a9601a26af265b94
Unapplied parent: 6ca9c804716e8f568b7418f5648abab6a4f8afc9

New changelog entries:
  * SECURITY UPDATE: missing file path null byte checks
    - debian/patches/CVE-2015-3411.patch: add missing checks to
      ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
      ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c,
      ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c,
      ext/zlib/zlib.c, add tests to
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/fileinfo/tests/finfo_file_basic.phpt,
      ext/hash/tests/hash_hmac_file_error.phpt
    - CVE-2015-3411
    - CVE-2015-3412
  * SECURITY UPDATE: denial of service via crafted tar archive
    - debian/patches/CVE-2015-4021.patch: handle empty strings in
      ext/phar/tar.c.
    - CVE-2015-4021
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
    - CVE-2015-4022
  * SECURITY UPDATE: denial of service via crafted form data
    - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
      in main/rfc1867.c.
    - CVE-2015-4024
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4025.patch: add missing checks to
      ext/pcntl/pcntl.c, ext/standard/basic_functions.c,
      ext/standard/dir.c, ext/standard/file.c.
    - CVE-2015-4025
    - CVE-2015-4026
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    with unexpected data type
    - debian/patches/CVE-2015-4147.patch: check variable types in
      ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
    - CVE-2015-4147
    - CVE-2015-4148
    - CVE-2015-4600
    - CVE-2015-4601
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4598.patch: add missing checks to
      ext/dom/document.c, ext/gd/gd.c, fix tests in
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/gd/tests/imageloadfont_error1.phpt,
      ext/zlib/tests/gzopen_variation1.phpt,
      ext/zlib/tests/readgzfile_variation1.phpt,
      ext/zlib/tests/readgzfile_variation6.phpt,
      ext/standard/tests/dir/dir_variation1.phpt,
      ext/standard/tests/dir/opendir_variation1.phpt,
      ext/standard/tests/file/mkdir_rmdir_variation2.phpt,
      ext/standard/tests/file/readlink_variation1.phpt,
      ext/standard/tests/file/tempnam_variation3-win32.phpt,
      ext/standard/tests/file/tempnam_variation3.phpt,
      ext/standard/tests/general_functions/include_path.phpt.
    - CVE-2015-4598
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4599.patch: use proper types in
      ext/soap/soap.c.
    - CVE-2015-4599
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4602.patch: check for proper type in
      ext/standard/incomplete_class.c.
    - CVE-2015-4602
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4603.patch: check type in
      Zend/zend_exceptions.c, add test to
      ext/standard/tests/serialize/bug69152.phpt.
    - CVE-2015-4603
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
      ext/ftp/ftp.c.
    - CVE-2015-4643
  * SECURITY UPDATE: denial of service via php_pgsql_meta_data
    - debian/patches/CVE-2015-4644.patch: check return value in
      ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
    - CVE-2015-4644
  * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
    by CVE-2015-2783 security update.

applied/ubuntu/utopic-updates 2015-07-06 11:58:29 UTC 2015-07-06
Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopi...

Author: Marc Deslauriers
Author Date: 2015-07-02 12:51:10 UTC

Import patches-applied version 5.5.12+dfsg-2ubuntu4.6 to applied/ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: e2b611718ceefeab504692c9a9601a26af265b94
Unapplied parent: 6ca9c804716e8f568b7418f5648abab6a4f8afc9

New changelog entries:
  * SECURITY UPDATE: missing file path null byte checks
    - debian/patches/CVE-2015-3411.patch: add missing checks to
      ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
      ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c,
      ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c,
      ext/zlib/zlib.c, add tests to
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/fileinfo/tests/finfo_file_basic.phpt,
      ext/hash/tests/hash_hmac_file_error.phpt
    - CVE-2015-3411
    - CVE-2015-3412
  * SECURITY UPDATE: denial of service via crafted tar archive
    - debian/patches/CVE-2015-4021.patch: handle empty strings in
      ext/phar/tar.c.
    - CVE-2015-4021
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
    - CVE-2015-4022
  * SECURITY UPDATE: denial of service via crafted form data
    - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
      in main/rfc1867.c.
    - CVE-2015-4024
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4025.patch: add missing checks to
      ext/pcntl/pcntl.c, ext/standard/basic_functions.c,
      ext/standard/dir.c, ext/standard/file.c.
    - CVE-2015-4025
    - CVE-2015-4026
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    with unexpected data type
    - debian/patches/CVE-2015-4147.patch: check variable types in
      ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
    - CVE-2015-4147
    - CVE-2015-4148
    - CVE-2015-4600
    - CVE-2015-4601
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4598.patch: add missing checks to
      ext/dom/document.c, ext/gd/gd.c, fix tests in
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/gd/tests/imageloadfont_error1.phpt,
      ext/zlib/tests/gzopen_variation1.phpt,
      ext/zlib/tests/readgzfile_variation1.phpt,
      ext/zlib/tests/readgzfile_variation6.phpt,
      ext/standard/tests/dir/dir_variation1.phpt,
      ext/standard/tests/dir/opendir_variation1.phpt,
      ext/standard/tests/file/mkdir_rmdir_variation2.phpt,
      ext/standard/tests/file/readlink_variation1.phpt,
      ext/standard/tests/file/tempnam_variation3-win32.phpt,
      ext/standard/tests/file/tempnam_variation3.phpt,
      ext/standard/tests/general_functions/include_path.phpt.
    - CVE-2015-4598
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4599.patch: use proper types in
      ext/soap/soap.c.
    - CVE-2015-4599
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4602.patch: check for proper type in
      ext/standard/incomplete_class.c.
    - CVE-2015-4602
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4603.patch: check type in
      Zend/zend_exceptions.c, add test to
      ext/standard/tests/serialize/bug69152.phpt.
    - CVE-2015-4603
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
      ext/ftp/ftp.c.
    - CVE-2015-4643
  * SECURITY UPDATE: denial of service via php_pgsql_meta_data
    - debian/patches/CVE-2015-4644.patch: check return value in
      ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
    - CVE-2015-4644
  * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
    by CVE-2015-2783 security update.

ubuntu/utopic-devel 2015-07-06 11:58:29 UTC 2015-07-06
Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-secu...

Author: Marc Deslauriers
Author Date: 2015-07-02 12:51:10 UTC

Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: c6a3dc652ab310881552b23796ddd9a5daa13acd

New changelog entries:
  * SECURITY UPDATE: missing file path null byte checks
    - debian/patches/CVE-2015-3411.patch: add missing checks to
      ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
      ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c,
      ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c,
      ext/zlib/zlib.c, add tests to
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/fileinfo/tests/finfo_file_basic.phpt,
      ext/hash/tests/hash_hmac_file_error.phpt
    - CVE-2015-3411
    - CVE-2015-3412
  * SECURITY UPDATE: denial of service via crafted tar archive
    - debian/patches/CVE-2015-4021.patch: handle empty strings in
      ext/phar/tar.c.
    - CVE-2015-4021
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
    - CVE-2015-4022
  * SECURITY UPDATE: denial of service via crafted form data
    - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
      in main/rfc1867.c.
    - CVE-2015-4024
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4025.patch: add missing checks to
      ext/pcntl/pcntl.c, ext/standard/basic_functions.c,
      ext/standard/dir.c, ext/standard/file.c.
    - CVE-2015-4025
    - CVE-2015-4026
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    with unexpected data type
    - debian/patches/CVE-2015-4147.patch: check variable types in
      ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
    - CVE-2015-4147
    - CVE-2015-4148
    - CVE-2015-4600
    - CVE-2015-4601
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4598.patch: add missing checks to
      ext/dom/document.c, ext/gd/gd.c, fix tests in
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/gd/tests/imageloadfont_error1.phpt,
      ext/zlib/tests/gzopen_variation1.phpt,
      ext/zlib/tests/readgzfile_variation1.phpt,
      ext/zlib/tests/readgzfile_variation6.phpt,
      ext/standard/tests/dir/dir_variation1.phpt,
      ext/standard/tests/dir/opendir_variation1.phpt,
      ext/standard/tests/file/mkdir_rmdir_variation2.phpt,
      ext/standard/tests/file/readlink_variation1.phpt,
      ext/standard/tests/file/tempnam_variation3-win32.phpt,
      ext/standard/tests/file/tempnam_variation3.phpt,
      ext/standard/tests/general_functions/include_path.phpt.
    - CVE-2015-4598
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4599.patch: use proper types in
      ext/soap/soap.c.
    - CVE-2015-4599
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4602.patch: check for proper type in
      ext/standard/incomplete_class.c.
    - CVE-2015-4602
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4603.patch: check type in
      Zend/zend_exceptions.c, add test to
      ext/standard/tests/serialize/bug69152.phpt.
    - CVE-2015-4603
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
      ext/ftp/ftp.c.
    - CVE-2015-4643
  * SECURITY UPDATE: denial of service via php_pgsql_meta_data
    - debian/patches/CVE-2015-4644.patch: check return value in
      ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
    - CVE-2015-4644
  * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
    by CVE-2015-2783 security update.

ubuntu/utopic-security 2015-07-06 11:58:29 UTC 2015-07-06
Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-secu...

Author: Marc Deslauriers
Author Date: 2015-07-02 12:51:10 UTC

Import patches-unapplied version 5.5.12+dfsg-2ubuntu4.6 to ubuntu/utopic-security

Imported using git-ubuntu import.

Changelog parent: c6a3dc652ab310881552b23796ddd9a5daa13acd

New changelog entries:
  * SECURITY UPDATE: missing file path null byte checks
    - debian/patches/CVE-2015-3411.patch: add missing checks to
      ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
      ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c,
      ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c,
      ext/zlib/zlib.c, add tests to
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/fileinfo/tests/finfo_file_basic.phpt,
      ext/hash/tests/hash_hmac_file_error.phpt
    - CVE-2015-3411
    - CVE-2015-3412
  * SECURITY UPDATE: denial of service via crafted tar archive
    - debian/patches/CVE-2015-4021.patch: handle empty strings in
      ext/phar/tar.c.
    - CVE-2015-4021
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
    - CVE-2015-4022
  * SECURITY UPDATE: denial of service via crafted form data
    - debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
      in main/rfc1867.c.
    - CVE-2015-4024
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4025.patch: add missing checks to
      ext/pcntl/pcntl.c, ext/standard/basic_functions.c,
      ext/standard/dir.c, ext/standard/file.c.
    - CVE-2015-4025
    - CVE-2015-4026
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    with unexpected data type
    - debian/patches/CVE-2015-4147.patch: check variable types in
      ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
    - CVE-2015-4147
    - CVE-2015-4148
    - CVE-2015-4600
    - CVE-2015-4601
  * SECURITY UPDATE: more missing file path null byte checks
    - debian/patches/CVE-2015-4598.patch: add missing checks to
      ext/dom/document.c, ext/gd/gd.c, fix tests in
      ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
      ext/gd/tests/imageloadfont_error1.phpt,
      ext/zlib/tests/gzopen_variation1.phpt,
      ext/zlib/tests/readgzfile_variation1.phpt,
      ext/zlib/tests/readgzfile_variation6.phpt,
      ext/standard/tests/dir/dir_variation1.phpt,
      ext/standard/tests/dir/opendir_variation1.phpt,
      ext/standard/tests/file/mkdir_rmdir_variation2.phpt,
      ext/standard/tests/file/readlink_variation1.phpt,
      ext/standard/tests/file/tempnam_variation3-win32.phpt,
      ext/standard/tests/file/tempnam_variation3.phpt,
      ext/standard/tests/general_functions/include_path.phpt.
    - CVE-2015-4598
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4599.patch: use proper types in
      ext/soap/soap.c.
    - CVE-2015-4599
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4602.patch: check for proper type in
      ext/standard/incomplete_class.c.
    - CVE-2015-4602
  * SECURITY UPDATE: denial of service or information leak via type
    confusion with crafted serialized data
    - debian/patches/CVE-2015-4603.patch: check type in
      Zend/zend_exceptions.c, add test to
      ext/standard/tests/serialize/bug69152.phpt.
    - CVE-2015-4603
  * SECURITY UPDATE: arbitrary code execution via ftp server long reply to
    a LIST command
    - debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
      ext/ftp/ftp.c.
    - CVE-2015-4643
  * SECURITY UPDATE: denial of service via php_pgsql_meta_data
    - debian/patches/CVE-2015-4644.patch: check return value in
      ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
    - CVE-2015-4644
  * debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
    by CVE-2015-2783 security update.

ubuntu/lucid-devel 2015-04-20 15:48:24 UTC 2015-04-20
Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security

Author: Marc Deslauriers
Author Date: 2015-04-17 11:37:39 UTC

Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: fc6c01610fd9bf4e5419fb355c52cde8bdd98f88

New changelog entries:
  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: heap overflow in regexp library
    - debian/patches/CVE-2015-2305.patch: check for overflow in
      ext/ereg/regex/regcomp.c.
    - CVE-2015-2305
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783
  * SECURITY UPDATE: arbitrary code exection via process_nested_data
    use-after-free
    - debian/patches/CVE-2015-2787.patch: fix logic in
      ext/standard/var_unserializer.*.
    - CVE-2015-2787

ubuntu/lucid-security 2015-04-20 15:48:24 UTC 2015-04-20
Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security

Author: Marc Deslauriers
Author Date: 2015-04-17 11:37:39 UTC

Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: fc6c01610fd9bf4e5419fb355c52cde8bdd98f88

New changelog entries:
  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: heap overflow in regexp library
    - debian/patches/CVE-2015-2305.patch: check for overflow in
      ext/ereg/regex/regcomp.c.
    - CVE-2015-2305
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783
  * SECURITY UPDATE: arbitrary code exection via process_nested_data
    use-after-free
    - debian/patches/CVE-2015-2787.patch: fix logic in
      ext/standard/var_unserializer.*.
    - CVE-2015-2787

ubuntu/lucid-updates 2015-04-20 15:48:24 UTC 2015-04-20
Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security

Author: Marc Deslauriers
Author Date: 2015-04-17 11:37:39 UTC

Import patches-unapplied version 5.3.2-1ubuntu4.30 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: fc6c01610fd9bf4e5419fb355c52cde8bdd98f88

New changelog entries:
  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: heap overflow in regexp library
    - debian/patches/CVE-2015-2305.patch: check for overflow in
      ext/ereg/regex/regcomp.c.
    - CVE-2015-2305
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783
  * SECURITY UPDATE: arbitrary code exection via process_nested_data
    use-after-free
    - debian/patches/CVE-2015-2787.patch: fix logic in
      ext/standard/var_unserializer.*.
    - CVE-2015-2787

applied/ubuntu/lucid-updates 2015-04-20 15:48:24 UTC 2015-04-20
Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-secu...

Author: Marc Deslauriers
Author Date: 2015-04-17 11:37:39 UTC

Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: c1748d34336ae13d925c4c477dddbfe22020fd13
Unapplied parent: 043c08428e5433b67c631242792c96ec961971aa

New changelog entries:
  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: heap overflow in regexp library
    - debian/patches/CVE-2015-2305.patch: check for overflow in
      ext/ereg/regex/regcomp.c.
    - CVE-2015-2305
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783
  * SECURITY UPDATE: arbitrary code exection via process_nested_data
    use-after-free
    - debian/patches/CVE-2015-2787.patch: fix logic in
      ext/standard/var_unserializer.*.
    - CVE-2015-2787

applied/ubuntu/lucid-devel 2015-04-20 15:48:24 UTC 2015-04-20
Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-secu...

Author: Marc Deslauriers
Author Date: 2015-04-17 11:37:39 UTC

Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: c1748d34336ae13d925c4c477dddbfe22020fd13
Unapplied parent: 043c08428e5433b67c631242792c96ec961971aa

New changelog entries:
  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: heap overflow in regexp library
    - debian/patches/CVE-2015-2305.patch: check for overflow in
      ext/ereg/regex/regcomp.c.
    - CVE-2015-2305
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783
  * SECURITY UPDATE: arbitrary code exection via process_nested_data
    use-after-free
    - debian/patches/CVE-2015-2787.patch: fix logic in
      ext/standard/var_unserializer.*.
    - CVE-2015-2787

applied/ubuntu/lucid-security 2015-04-20 15:48:24 UTC 2015-04-20
Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-secu...

Author: Marc Deslauriers
Author Date: 2015-04-17 11:37:39 UTC

Import patches-applied version 5.3.2-1ubuntu4.30 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: c1748d34336ae13d925c4c477dddbfe22020fd13
Unapplied parent: 043c08428e5433b67c631242792c96ec961971aa

New changelog entries:
  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: heap overflow in regexp library
    - debian/patches/CVE-2015-2305.patch: check for overflow in
      ext/ereg/regex/regcomp.c.
    - CVE-2015-2305
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783
  * SECURITY UPDATE: arbitrary code exection via process_nested_data
    use-after-free
    - debian/patches/CVE-2015-2787.patch: fix logic in
      ext/standard/var_unserializer.*.
    - CVE-2015-2787

ubuntu/vivid 2015-04-17 15:38:45 UTC 2015-04-17
Import patches-unapplied version 5.6.4+dfsg-4ubuntu6 to ubuntu/vivid-proposed

Author: Marc Deslauriers
Author Date: 2015-04-17 09:15:49 UTC

Import patches-unapplied version 5.6.4+dfsg-4ubuntu6 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 3ea6ba44bf6102b1118d5be023f8c9a381bcfc98

New changelog entries:
  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783

applied/ubuntu/vivid-proposed 2015-04-17 15:38:45 UTC 2015-04-17
Import patches-applied version 5.6.4+dfsg-4ubuntu6 to applied/ubuntu/vivid-pr...

Author: Marc Deslauriers
Author Date: 2015-04-17 09:15:49 UTC

Import patches-applied version 5.6.4+dfsg-4ubuntu6 to applied/ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 6b8692e32f08a27cddd749ba1a74dddad0055e95
Unapplied parent: a18d46f8e21e7543d84b01f9d698a1a9c3d8067f

New changelog entries:
  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783

applied/ubuntu/vivid 2015-04-17 15:38:45 UTC 2015-04-17
Import patches-applied version 5.6.4+dfsg-4ubuntu6 to applied/ubuntu/vivid-pr...

Author: Marc Deslauriers
Author Date: 2015-04-17 09:15:49 UTC

Import patches-applied version 5.6.4+dfsg-4ubuntu6 to applied/ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 6b8692e32f08a27cddd749ba1a74dddad0055e95
Unapplied parent: a18d46f8e21e7543d84b01f9d698a1a9c3d8067f

New changelog entries:
  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783

ubuntu/vivid-proposed 2015-04-17 15:38:45 UTC 2015-04-17
Import patches-unapplied version 5.6.4+dfsg-4ubuntu6 to ubuntu/vivid-proposed

Author: Marc Deslauriers
Author Date: 2015-04-17 09:15:49 UTC

Import patches-unapplied version 5.6.4+dfsg-4ubuntu6 to ubuntu/vivid-proposed

Imported using git-ubuntu import.

Changelog parent: 3ea6ba44bf6102b1118d5be023f8c9a381bcfc98

New changelog entries:
  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
      sapi/apache2handler/sapi_apache2.c.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
      ext/phar/phar_internal.h.
    - CVE number pending
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783

applied/debian/jessie 2015-03-24 16:15:20 UTC 2015-03-24
Import patches-applied version 5.6.7+dfsg-1 to applied/debian/sid

Author: Ondřej Surý
Author Date: 2015-03-24 10:19:21 UTC

Import patches-applied version 5.6.7+dfsg-1 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 84a0dea5755c8a3ef6f193bb0aadca14f44b029b
Unapplied parent: c228827db098a0fd204eaac91d6963e1ae6a3c66

New changelog entries:
  * New upstream version 5.6.7+dfsg
   - Core:
    . Fixed bug #69174 (leaks when unused inner class use traits
      precedence).
    . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize).
    . Fixed bug #69121 (Segfault in get_current_user when script owner is
      not in passwd with ZTS build).
    . Fixed bug #65593 (Segfault when calling ob_start from output
      buffering callback).
    . Fixed bug #68986 (pointer returned by
      php_stream_fopen_temporary_file not validated in memory.c).
    . Fixed bug #68166 (Exception with invalid character causes segv).
    . Fixed bug #69141 (Missing arguments in reflection info for some
      builtin functions).
    . Fixed bug #68976 (Use After Free Vulnerability in unserialize())
      (CVE-2015-0231).
    . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
      configuration options).
    . Fixed bug #69207 (move_uploaded_file allows nulls in path).
   - CGI:
    . Fixed bug #69015 (php-cgi's getopt does not see $argv).
   - CLI:
    . Fixed bug #67741 (auto_prepend_file messes up __LINE__).
   - cURL:
    . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL
      on Win32).
    . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if
      supported by libcurl.
   - Ereg:
    . Fixed bug #69248 (heap overflow vulnerability in regcomp.c)
      (CVE-2015-2305).
   - FPM:
    . Fixed bug #68822 (request time is reset too early).
   - ODBC:
    . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec).
   - Opcache:
    . Fixed bug #69159 (Opcache causes problem when passing a variable
      variable to a function).
    . Fixed bug #69125 (Array numeric string as key).
    . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves).
   - OpenSSL:
    . Fixed bug #68912 (Segmentation fault at openssl_spki_new).
    . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't
      observe socket timeouts).
    . Fixed bug #68920 (use strict peer_fingerprint input checks)
    . Fixed bug #68879 (IP Address fields in subjectAltNames not used)
    . Fixed bug #68265 (SAN match fails with trailing DNS dot)
    . Fixed bug #67403 (Add signatureType to openssl_x509_parse)
    . Fixed bug (#69195 Inconsistent stream crypto values across versions)
   - pgsql:
    . Fixed bug #68638 (pg_update() fails to store infinite values).
   - Readline:
    . Fixed bug #69054 (Null dereference in
      readline_(read|write)_history() without parameters).
   - SOAP:
    . Fixed bug #69085 (SoapClient's __call() type confusion through
      unserialize()).
   - SPL:
    . Fixed bug #69108 ("Segmentation fault" when (de)serializing
      SplObjectStorage).
    . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after
      calling getChildren()).
   - ZIP:
    . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
      boundary) (CVE-2015-2331).
  * Refresh patches for 5.6.7 release
  * Pull a patch to fix SQL_DESC_OCTET_LENGTH not supported by ADS ODBC
    driver (PHP#68350) from Debian wheezy PHP 5.4 branch
  * Fix PHP segfault in zend_hash_find (PHP#68486)
  * Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ as it's
    not a quilt patch

applied/debian/experimental 2015-01-08 22:10:26 UTC 2015-01-08
Import patches-applied version 5.6.4+dfsg-3+exp1 to applied/debian/experimental

Author: Ondřej Surý
Author Date: 2015-01-08 14:41:29 UTC

Import patches-applied version 5.6.4+dfsg-3+exp1 to applied/debian/experimental

Imported using git-ubuntu import.

Changelog parent: 7a2fe091785920b44903f564c1cadb68d3ac99d9
Unapplied parent: efc5cd1b776bacd328eea4b22e85bf7d3ca3d8d9

New changelog entries:
  * Disable tests on ppc64* to workaround crashing mysql-server on ppc64el

ubuntu/utopic 2014-09-10 14:54:30 UTC 2014-09-10
Import patches-unapplied version 5.5.12+dfsg-2ubuntu4 to ubuntu/utopic-proposed

Author: Seth Arnold
Author Date: 2014-09-04 06:27:47 UTC

Import patches-unapplied version 5.5.12+dfsg-2ubuntu4 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 1ee82816baaf1b8e9f33ad7fbb9196942e348b64

New changelog entries:
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-3587.patch: check for array under-runs as well
      as over-runs in ext/fileinfo/libmagic/cdf.c
    - CVE-2014-3587
  * SECURITY UPDATE: denial of service in dns_get_record
    - debian/patches/CVE-2014-3597.patch: check for DNS overflows in
      ext/standard/dns.c
    - CVE-2014-3587

ubuntu/utopic-proposed 2014-09-10 14:54:30 UTC 2014-09-10
Import patches-unapplied version 5.5.12+dfsg-2ubuntu4 to ubuntu/utopic-proposed

Author: Seth Arnold
Author Date: 2014-09-04 06:27:47 UTC

Import patches-unapplied version 5.5.12+dfsg-2ubuntu4 to ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 1ee82816baaf1b8e9f33ad7fbb9196942e348b64

New changelog entries:
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-3587.patch: check for array under-runs as well
      as over-runs in ext/fileinfo/libmagic/cdf.c
    - CVE-2014-3587
  * SECURITY UPDATE: denial of service in dns_get_record
    - debian/patches/CVE-2014-3597.patch: check for DNS overflows in
      ext/standard/dns.c
    - CVE-2014-3587

applied/ubuntu/utopic-proposed 2014-09-10 14:54:30 UTC 2014-09-10
Import patches-applied version 5.5.12+dfsg-2ubuntu4 to applied/ubuntu/utopic-...

Author: Seth Arnold
Author Date: 2014-09-04 06:27:47 UTC

Import patches-applied version 5.5.12+dfsg-2ubuntu4 to applied/ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 09572b29eefa8d2cc76e9cdba7118034ce8ecc12
Unapplied parent: 22d2d18f56c11dedfc55de1231432fb453fdb870

New changelog entries:
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-3587.patch: check for array under-runs as well
      as over-runs in ext/fileinfo/libmagic/cdf.c
    - CVE-2014-3587
  * SECURITY UPDATE: denial of service in dns_get_record
    - debian/patches/CVE-2014-3597.patch: check for DNS overflows in
      ext/standard/dns.c
    - CVE-2014-3587

applied/ubuntu/utopic 2014-09-10 14:54:30 UTC 2014-09-10
Import patches-applied version 5.5.12+dfsg-2ubuntu4 to applied/ubuntu/utopic-...

Author: Seth Arnold
Author Date: 2014-09-04 06:27:47 UTC

Import patches-applied version 5.5.12+dfsg-2ubuntu4 to applied/ubuntu/utopic-proposed

Imported using git-ubuntu import.

Changelog parent: 09572b29eefa8d2cc76e9cdba7118034ce8ecc12
Unapplied parent: 22d2d18f56c11dedfc55de1231432fb453fdb870

New changelog entries:
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-3587.patch: check for array under-runs as well
      as over-runs in ext/fileinfo/libmagic/cdf.c
    - CVE-2014-3587
  * SECURITY UPDATE: denial of service in dns_get_record
    - debian/patches/CVE-2014-3597.patch: check for DNS overflows in
      ext/standard/dns.c
    - CVE-2014-3587

debian/squeeze 2014-07-19 17:05:50 UTC 2014-07-19
Import patches-unapplied version 5.3.3-7+squeeze19 to debian/squeeze

Author: Ondřej Surý
Author Date: 2014-02-17 09:52:15 UTC

Import patches-unapplied version 5.3.3-7+squeeze19 to debian/squeeze

Imported using git-ubuntu import.

Changelog parent: df6d8630d1dfe6c5d6dcb231a16365ac418cca89

New changelog entries:
  * [CVE-2014-1943]: Fix segmentation fault in libmagic (Closes: #739012)
  * [CVE-2013-6420]: Fix memory corruption in openssl_x509_parse (Closes: #731895)
  * [CVE-2013-6712] Fix heap buffer over-read in DateInterval (Closes: #731112)

applied/debian/squeeze 2014-07-19 17:05:50 UTC 2014-07-19
Import patches-applied version 5.3.3-7+squeeze19 to applied/debian/squeeze

Author: Ondřej Surý
Author Date: 2014-02-17 09:52:15 UTC

Import patches-applied version 5.3.3-7+squeeze19 to applied/debian/squeeze

Imported using git-ubuntu import.

Changelog parent: 94f61fadaa7e0b480fb7c587f0c3d7e83899db73
Unapplied parent: e7f691ceb5e66c6717a34c8e89ab2d7d4a9fbfde

New changelog entries:
  * [CVE-2014-1943]: Fix segmentation fault in libmagic (Closes: #739012)
  * [CVE-2013-6420]: Fix memory corruption in openssl_x509_parse (Closes: #731895)
  * [CVE-2013-6712] Fix heap buffer over-read in DateInterval (Closes: #731112)

ubuntu/saucy-security 2014-07-09 16:23:45 UTC 2014-07-09
Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-07-07 11:46:31 UTC

Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: b871bd1225f675694942a3c3cb3c415be6f0a602

New changelog entries:
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in FileInfo mconvert
    - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
      string size in ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-3478
  * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset
    - debian/patches/CVE-2014-3479.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3479
  * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-3487.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3487
  * SECURITY UPDATE: denial of service and possible code execution via
    unserialize() SPL type confusion
    - debian/patches/CVE-2014-3515.patch: properly check types in
      ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
      ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
    - CVE-2014-3515
  * SECURITY UPDATE: denial of service via SPL Iterators use-after-free
    - debian/patches/CVE-2014-4670.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
    - CVE-2014-4670
  * SECURITY UPDATE: denial of service via ArrayIterator use-after-free
    - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
      during sorting in ext/spl/spl_array.c, added test to
      ext/spl/tests/bug67539.phpt.
    - CVE-2014-4698
  * SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
    - debian/patches/CVE-2014-4721.patch: fix type confusion in
      ext/standard/info.c, added test to
      ext/standard/tests/general_functions/bug67498.phpt.
    - CVE-2014-4721

ubuntu/saucy-devel 2014-07-09 16:23:45 UTC 2014-07-09
Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-07-07 11:46:31 UTC

Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: b871bd1225f675694942a3c3cb3c415be6f0a602

New changelog entries:
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in FileInfo mconvert
    - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
      string size in ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-3478
  * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset
    - debian/patches/CVE-2014-3479.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3479
  * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-3487.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3487
  * SECURITY UPDATE: denial of service and possible code execution via
    unserialize() SPL type confusion
    - debian/patches/CVE-2014-3515.patch: properly check types in
      ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
      ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
    - CVE-2014-3515
  * SECURITY UPDATE: denial of service via SPL Iterators use-after-free
    - debian/patches/CVE-2014-4670.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
    - CVE-2014-4670
  * SECURITY UPDATE: denial of service via ArrayIterator use-after-free
    - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
      during sorting in ext/spl/spl_array.c, added test to
      ext/spl/tests/bug67539.phpt.
    - CVE-2014-4698
  * SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
    - debian/patches/CVE-2014-4721.patch: fix type confusion in
      ext/standard/info.c, added test to
      ext/standard/tests/general_functions/bug67498.phpt.
    - CVE-2014-4721

applied/ubuntu/saucy-updates 2014-07-09 16:23:45 UTC 2014-07-09
Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-...

Author: Marc Deslauriers
Author Date: 2014-07-07 11:46:31 UTC

Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 93755d8945b22c7b898e823d4e794846edbe1283
Unapplied parent: 0a560138313410a0f1e22a8a1faa1ebca7249972

New changelog entries:
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in FileInfo mconvert
    - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
      string size in ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-3478
  * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset
    - debian/patches/CVE-2014-3479.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3479
  * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-3487.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3487
  * SECURITY UPDATE: denial of service and possible code execution via
    unserialize() SPL type confusion
    - debian/patches/CVE-2014-3515.patch: properly check types in
      ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
      ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
    - CVE-2014-3515
  * SECURITY UPDATE: denial of service via SPL Iterators use-after-free
    - debian/patches/CVE-2014-4670.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
    - CVE-2014-4670
  * SECURITY UPDATE: denial of service via ArrayIterator use-after-free
    - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
      during sorting in ext/spl/spl_array.c, added test to
      ext/spl/tests/bug67539.phpt.
    - CVE-2014-4698
  * SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
    - debian/patches/CVE-2014-4721.patch: fix type confusion in
      ext/standard/info.c, added test to
      ext/standard/tests/general_functions/bug67498.phpt.
    - CVE-2014-4721

applied/ubuntu/saucy-security 2014-07-09 16:23:45 UTC 2014-07-09
Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-...

Author: Marc Deslauriers
Author Date: 2014-07-07 11:46:31 UTC

Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 93755d8945b22c7b898e823d4e794846edbe1283
Unapplied parent: 0a560138313410a0f1e22a8a1faa1ebca7249972

New changelog entries:
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in FileInfo mconvert
    - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
      string size in ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-3478
  * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset
    - debian/patches/CVE-2014-3479.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3479
  * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-3487.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3487
  * SECURITY UPDATE: denial of service and possible code execution via
    unserialize() SPL type confusion
    - debian/patches/CVE-2014-3515.patch: properly check types in
      ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
      ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
    - CVE-2014-3515
  * SECURITY UPDATE: denial of service via SPL Iterators use-after-free
    - debian/patches/CVE-2014-4670.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
    - CVE-2014-4670
  * SECURITY UPDATE: denial of service via ArrayIterator use-after-free
    - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
      during sorting in ext/spl/spl_array.c, added test to
      ext/spl/tests/bug67539.phpt.
    - CVE-2014-4698
  * SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
    - debian/patches/CVE-2014-4721.patch: fix type confusion in
      ext/standard/info.c, added test to
      ext/standard/tests/general_functions/bug67498.phpt.
    - CVE-2014-4721

applied/ubuntu/saucy-devel 2014-07-09 16:23:45 UTC 2014-07-09
Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-...

Author: Marc Deslauriers
Author Date: 2014-07-07 11:46:31 UTC

Import patches-applied version 5.5.3+dfsg-1ubuntu2.6 to applied/ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: 93755d8945b22c7b898e823d4e794846edbe1283
Unapplied parent: 0a560138313410a0f1e22a8a1faa1ebca7249972

New changelog entries:
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in FileInfo mconvert
    - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
      string size in ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-3478
  * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset
    - debian/patches/CVE-2014-3479.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3479
  * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-3487.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3487
  * SECURITY UPDATE: denial of service and possible code execution via
    unserialize() SPL type confusion
    - debian/patches/CVE-2014-3515.patch: properly check types in
      ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
      ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
    - CVE-2014-3515
  * SECURITY UPDATE: denial of service via SPL Iterators use-after-free
    - debian/patches/CVE-2014-4670.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
    - CVE-2014-4670
  * SECURITY UPDATE: denial of service via ArrayIterator use-after-free
    - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
      during sorting in ext/spl/spl_array.c, added test to
      ext/spl/tests/bug67539.phpt.
    - CVE-2014-4698
  * SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
    - debian/patches/CVE-2014-4721.patch: fix type confusion in
      ext/standard/info.c, added test to
      ext/standard/tests/general_functions/bug67498.phpt.
    - CVE-2014-4721

ubuntu/saucy-updates 2014-07-09 16:23:45 UTC 2014-07-09
Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security

Author: Marc Deslauriers
Author Date: 2014-07-07 11:46:31 UTC

Import patches-unapplied version 5.5.3+dfsg-1ubuntu2.6 to ubuntu/saucy-security

Imported using git-ubuntu import.

Changelog parent: b871bd1225f675694942a3c3cb3c415be6f0a602

New changelog entries:
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_short_sector
    - debian/patches/CVE-2014-0207.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0207
  * SECURITY UPDATE: denial of service in FileInfo mconvert
    - debian/patches/CVE-2014-3478.patch: properly handle truncated pascal
      string size in ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-3478
  * SECURITY UPDATE: denial of service in FileInfo cdf_check_stream_offset
    - debian/patches/CVE-2014-3479.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3479
  * SECURITY UPDATE: denial of service in FileInfo cdf_count_chain
    - debian/patches/CVE-2014-3480.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3480
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-3487.patch: properly calculate sizes in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-3487
  * SECURITY UPDATE: denial of service and possible code execution via
    unserialize() SPL type confusion
    - debian/patches/CVE-2014-3515.patch: properly check types in
      ext/spl/spl_array.c, ext/spl/spl_observer.c, added test to
      ext/spl/tests/SplObjectStorage_unserialize_bad.phpt.
    - CVE-2014-3515
  * SECURITY UPDATE: denial of service via SPL Iterators use-after-free
    - debian/patches/CVE-2014-4670.patch: fix use-after-free in
      ext/spl/spl_dllist.c, added test to ext/spl/tests/bug67538.phpt.
    - CVE-2014-4670
  * SECURITY UPDATE: denial of service via ArrayIterator use-after-free
    - debian/patches/CVE-2014-4698.patch: don't allow modifying ArrayObject
      during sorting in ext/spl/spl_array.c, added test to
      ext/spl/tests/bug67539.phpt.
    - CVE-2014-4698
  * SECURITY UPDATE: information leak via phpinfo (LP: #1338170)
    - debian/patches/CVE-2014-4721.patch: fix type confusion in
      ext/standard/info.c, added test to
      ext/standard/tests/general_functions/bug67498.phpt.
    - CVE-2014-4721

applied/ubuntu/trusty 2014-04-09 17:13:55 UTC 2014-04-09
Import patches-applied version 5.5.9+dfsg-1ubuntu4 to applied/ubuntu/trusty-p...

Author: Dimitri John Ledkov
Author Date: 2014-04-09 15:23:30 UTC

Import patches-applied version 5.5.9+dfsg-1ubuntu4 to applied/ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: b470f7a93a707ac30ead1257a5de1b9d83673b4d
Unapplied parent: 0d807a5f4879659d49aab5ae8b02d978c850464f

New changelog entries:
  * Comment out "reload signal USR2" stanza from php5-fpm to make the job
    compatible with Precise upstart, when it's still running as pid1
    during upgrade to trusty and before the restart. We'd rather support
    shorter down-time then reload interface. (LP: #1272788)

ubuntu/trusty 2014-04-09 17:13:55 UTC 2014-04-09
Import patches-unapplied version 5.5.9+dfsg-1ubuntu4 to ubuntu/trusty-proposed

Author: Dimitri John Ledkov
Author Date: 2014-04-09 15:23:30 UTC

Import patches-unapplied version 5.5.9+dfsg-1ubuntu4 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 6c5e1aad2ca5a36bbbbb4c2aac16e8a91ad22d21

New changelog entries:
  * Comment out "reload signal USR2" stanza from php5-fpm to make the job
    compatible with Precise upstart, when it's still running as pid1
    during upgrade to trusty and before the restart. We'd rather support
    shorter down-time then reload interface. (LP: #1272788)

ubuntu/quantal-updates 2014-04-07 12:23:22 UTC 2014-04-07
Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-04-03 19:18:45 UTC

Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 68057c8a285855d64701dfc355ed2bb366676dbf

New changelog entries:
  * SECURITY UPDATE: denial of service in fileinfo via crafted offset in
    PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-2270

ubuntu/quantal-devel 2014-04-07 12:23:22 UTC 2014-04-07
Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-04-03 19:18:45 UTC

Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 68057c8a285855d64701dfc355ed2bb366676dbf

New changelog entries:
  * SECURITY UPDATE: denial of service in fileinfo via crafted offset in
    PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-2270

ubuntu/quantal-security 2014-04-07 12:23:22 UTC 2014-04-07
Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security

Author: Marc Deslauriers
Author Date: 2014-04-03 19:18:45 UTC

Import patches-unapplied version 5.4.6-1ubuntu1.8 to ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 68057c8a285855d64701dfc355ed2bb366676dbf

New changelog entries:
  * SECURITY UPDATE: denial of service in fileinfo via crafted offset in
    PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-2270

applied/ubuntu/quantal-updates 2014-04-07 12:23:22 UTC 2014-04-07
Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-sec...

Author: Marc Deslauriers
Author Date: 2014-04-03 19:18:45 UTC

Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 61a13f10ed1410fb5938c0ea4991d595df30dafa
Unapplied parent: cf9f2154c6284077cd04a4d734245f67f2dc9a40

New changelog entries:
  * SECURITY UPDATE: denial of service in fileinfo via crafted offset in
    PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-2270

applied/ubuntu/quantal-security 2014-04-07 12:23:22 UTC 2014-04-07
Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-sec...

Author: Marc Deslauriers
Author Date: 2014-04-03 19:18:45 UTC

Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 61a13f10ed1410fb5938c0ea4991d595df30dafa
Unapplied parent: cf9f2154c6284077cd04a4d734245f67f2dc9a40

New changelog entries:
  * SECURITY UPDATE: denial of service in fileinfo via crafted offset in
    PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-2270

applied/ubuntu/quantal-devel 2014-04-07 12:23:22 UTC 2014-04-07
Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-sec...

Author: Marc Deslauriers
Author Date: 2014-04-03 19:18:45 UTC

Import patches-applied version 5.4.6-1ubuntu1.8 to applied/ubuntu/quantal-security

Imported using git-ubuntu import.

Changelog parent: 61a13f10ed1410fb5938c0ea4991d595df30dafa
Unapplied parent: cf9f2154c6284077cd04a4d734245f67f2dc9a40

New changelog entries:
  * SECURITY UPDATE: denial of service in fileinfo via crafted offset in
    PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-2270

ubuntu/quantal-proposed 2014-01-09 21:33:17 UTC 2014-01-09
Import patches-unapplied version 5.4.6-1ubuntu1.6 to ubuntu/quantal-proposed

Author: Marc Deslauriers
Author Date: 2013-12-23 14:00:58 UTC

Import patches-unapplied version 5.4.6-1ubuntu1.6 to ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 88271fe15007b7c0ab0afc9e384f6e449195b89b

New changelog entries:
  * debian/patches/lp1102366.patch: properly reset rfc1867 callbacks to
    prevent segfault. (LP: #1102366)

applied/ubuntu/quantal-proposed 2014-01-09 21:33:17 UTC 2014-01-09
Import patches-applied version 5.4.6-1ubuntu1.6 to applied/ubuntu/quantal-pro...

Author: Marc Deslauriers
Author Date: 2013-12-23 14:00:58 UTC

Import patches-applied version 5.4.6-1ubuntu1.6 to applied/ubuntu/quantal-proposed

Imported using git-ubuntu import.

Changelog parent: 249badea3537f60b575eceda43a36bd4274bef7f
Unapplied parent: 529c3cfef7d223cdbfd267347c0cb37e579deed5

New changelog entries:
  * debian/patches/lp1102366.patch: properly reset rfc1867 callbacks to
    prevent segfault. (LP: #1102366)

applied/ubuntu/raring-updates 2013-12-12 16:08:28 UTC 2013-12-12
Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-secu...

Author: Marc Deslauriers
Author Date: 2013-12-12 00:19:30 UTC

Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 13cf5455727ad380a21acc3963f0f40a870a8258
Unapplied parent: 4041f959f7977e268d63bf1f5778536a29387937

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    malicious certificate
    - debian/patches/CVE-2013-6420.patch: properly validate timestr in
      ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*.
    - CVE-2013-6420
  * SECURITY UPDATE: denial of service via crafted interval specification
    - debian/patches/CVE-2013-6712.patch: check error_count in
      ext/date/lib/parse_iso_intervals.*.
    - CVE-2013-6712

applied/ubuntu/raring-security 2013-12-12 16:08:28 UTC 2013-12-12
Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-secu...

Author: Marc Deslauriers
Author Date: 2013-12-12 00:19:30 UTC

Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 13cf5455727ad380a21acc3963f0f40a870a8258
Unapplied parent: 4041f959f7977e268d63bf1f5778536a29387937

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    malicious certificate
    - debian/patches/CVE-2013-6420.patch: properly validate timestr in
      ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*.
    - CVE-2013-6420
  * SECURITY UPDATE: denial of service via crafted interval specification
    - debian/patches/CVE-2013-6712.patch: check error_count in
      ext/date/lib/parse_iso_intervals.*.
    - CVE-2013-6712

applied/ubuntu/raring-devel 2013-12-12 16:08:28 UTC 2013-12-12
Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-secu...

Author: Marc Deslauriers
Author Date: 2013-12-12 00:19:30 UTC

Import patches-applied version 5.4.9-4ubuntu2.4 to applied/ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 13cf5455727ad380a21acc3963f0f40a870a8258
Unapplied parent: 4041f959f7977e268d63bf1f5778536a29387937

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    malicious certificate
    - debian/patches/CVE-2013-6420.patch: properly validate timestr in
      ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*.
    - CVE-2013-6420
  * SECURITY UPDATE: denial of service via crafted interval specification
    - debian/patches/CVE-2013-6712.patch: check error_count in
      ext/date/lib/parse_iso_intervals.*.
    - CVE-2013-6712

ubuntu/raring-updates 2013-12-12 16:08:28 UTC 2013-12-12
Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security

Author: Marc Deslauriers
Author Date: 2013-12-12 00:19:30 UTC

Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 1a41caab2033d0d8a331be49fec5b7f195860c61

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    malicious certificate
    - debian/patches/CVE-2013-6420.patch: properly validate timestr in
      ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*.
    - CVE-2013-6420
  * SECURITY UPDATE: denial of service via crafted interval specification
    - debian/patches/CVE-2013-6712.patch: check error_count in
      ext/date/lib/parse_iso_intervals.*.
    - CVE-2013-6712

ubuntu/raring-security 2013-12-12 16:08:28 UTC 2013-12-12
Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security

Author: Marc Deslauriers
Author Date: 2013-12-12 00:19:30 UTC

Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 1a41caab2033d0d8a331be49fec5b7f195860c61

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    malicious certificate
    - debian/patches/CVE-2013-6420.patch: properly validate timestr in
      ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*.
    - CVE-2013-6420
  * SECURITY UPDATE: denial of service via crafted interval specification
    - debian/patches/CVE-2013-6712.patch: check error_count in
      ext/date/lib/parse_iso_intervals.*.
    - CVE-2013-6712

ubuntu/raring-devel 2013-12-12 16:08:28 UTC 2013-12-12
Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security

Author: Marc Deslauriers
Author Date: 2013-12-12 00:19:30 UTC

Import patches-unapplied version 5.4.9-4ubuntu2.4 to ubuntu/raring-security

Imported using git-ubuntu import.

Changelog parent: 1a41caab2033d0d8a331be49fec5b7f195860c61

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    malicious certificate
    - debian/patches/CVE-2013-6420.patch: properly validate timestr in
      ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*.
    - CVE-2013-6420
  * SECURITY UPDATE: denial of service via crafted interval specification
    - debian/patches/CVE-2013-6712.patch: check error_count in
      ext/date/lib/parse_iso_intervals.*.
    - CVE-2013-6712

ubuntu/saucy-proposed 2013-10-09 14:38:20 UTC 2013-10-09
Import patches-unapplied version 5.5.3+dfsg-1ubuntu2 to ubuntu/saucy-proposed

Author: Robie Basak
Author Date: 2013-10-09 11:29:29 UTC

Import patches-unapplied version 5.5.3+dfsg-1ubuntu2 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 143e3e34536e69d218ed6c54b64e3fa68dad8cf4

New changelog entries:
  * d/p/crash_in_get_zval_ptr_ptr_var.patch: cherry-pick from upstream to fix
    segfault (LP: #1236733).

ubuntu/saucy 2013-10-09 14:38:20 UTC 2013-10-09
Import patches-unapplied version 5.5.3+dfsg-1ubuntu2 to ubuntu/saucy-proposed

Author: Robie Basak
Author Date: 2013-10-09 11:29:29 UTC

Import patches-unapplied version 5.5.3+dfsg-1ubuntu2 to ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: 143e3e34536e69d218ed6c54b64e3fa68dad8cf4

New changelog entries:
  * d/p/crash_in_get_zval_ptr_ptr_var.patch: cherry-pick from upstream to fix
    segfault (LP: #1236733).

applied/ubuntu/saucy-proposed 2013-10-09 14:38:20 UTC 2013-10-09
Import patches-applied version 5.5.3+dfsg-1ubuntu2 to applied/ubuntu/saucy-pr...

Author: Robie Basak
Author Date: 2013-10-09 11:29:29 UTC

Import patches-applied version 5.5.3+dfsg-1ubuntu2 to applied/ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: c88d7cf0c98b43bc8ea7ec2efe931f5185ab2862
Unapplied parent: 82dd8fb3651de2187e2239a12dcbf7e5a2a95baa

New changelog entries:
  * d/p/crash_in_get_zval_ptr_ptr_var.patch: cherry-pick from upstream to fix
    segfault (LP: #1236733).

applied/ubuntu/saucy 2013-10-09 14:38:20 UTC 2013-10-09
Import patches-applied version 5.5.3+dfsg-1ubuntu2 to applied/ubuntu/saucy-pr...

Author: Robie Basak
Author Date: 2013-10-09 11:29:29 UTC

Import patches-applied version 5.5.3+dfsg-1ubuntu2 to applied/ubuntu/saucy-proposed

Imported using git-ubuntu import.

Changelog parent: c88d7cf0c98b43bc8ea7ec2efe931f5185ab2862
Unapplied parent: 82dd8fb3651de2187e2239a12dcbf7e5a2a95baa

New changelog entries:
  * d/p/crash_in_get_zval_ptr_ptr_var.patch: cherry-pick from upstream to fix
    segfault (LP: #1236733).

1100 of 220 results

Other repositories

Name Last Modified
lp:ubuntu/+source/php5 2018-09-18
11 of 1 result
You can't create new repositories for php5 in Ubuntu.