Branches for Edgy

Author: Martin Pitt
Revision Date: 2006-10-10 18:25:01 UTC

* SECURITY UPDATE: Safe mode bypass, remote arbitrary code execution.
* Fix/add CVE numbers in/to 5.1.4-0.1 and 5.1.6-1 changelogs.
* Add debian/patches/CVE-2006-4625.patch:
  - Fix open_basedir/safe_mode bypass with ini_restore().
  - Ported from upstream CVS:
    http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?r1=1.39.2.2&r2=1.39.2.3
* Add debian/patches/CVE-2006-4812.patch:
  - Fix integer overflow in Zend's ecalloc().
  - Ported from upstream CVS:
    http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162

Author: Kees Cook
Revision Date: 2007-10-19 12:58:34 UTC

* SECURITY UPDATE: multiple vulnerabilities. Thanks to Sean Finney for
  help locating upstream fixes.
* Add 200-string-wordwrap.patch: wordwrap function can be made to crash.
  Backported upstream fixes (CVE-2007-3998).
* Add 201-strspn-oob-read.patch: memory reading, possible crash via strspn.
  chunk_split. Backported upstream fixes (CVE-2007-4657).
* Add 202-money-format-abuse.patch: money_format format string vulnerable.
  Backported upstream fixes (CVE-2007-4658).
* Add 203-openssl_make_REQ-overflow.patch: overflow in openssl_make_REQ.
  Applied and corrected upstream fixes (CVE-2007-4662).
* Add 204-start-session-cookies.patch: overwrite cookie values.
  Applied upstream fixes (CVE-2007-3799).
* Add 206-chunk_split-fixes.patch: memory reading, possible crash via
  chunk_split. Merged various upstream fixes (CVE-2007-2872, CVE-2007-4660,
  CVE-2007-4661).
* Add 206-cookie-nesting-fix.patch: corruption/crashes via deeply nested
  variables. Backported upstream fixes (CVE-2007-1285, CVE-2007-4670).
* Add 207-htmlentity-utf8-fix.patch: don't accept partial utf8 sequences.
  Backported upstream fixes (CVE-2007-5898).
* Add 208-session-id-leak.patch: don't send session id to remote forms.
  Backported upstream fixes (CVE-2007-5899).
* References
  http://www.php.net/releases/5_2_4.php
  http://www.php.net/releases/5_2_5.php

Author: Kees Cook
Revision Date: 2007-10-19 12:58:34 UTC

* SECURITY UPDATE: multiple vulnerabilities. Thanks to Sean Finney for
  help locating upstream fixes.
* Add 200-string-wordwrap.patch: wordwrap function can be made to crash.
  Backported upstream fixes (CVE-2007-3998).
* Add 201-strspn-oob-read.patch: memory reading, possible crash via strspn.
  chunk_split. Backported upstream fixes (CVE-2007-4657).
* Add 202-money-format-abuse.patch: money_format format string vulnerable.
  Backported upstream fixes (CVE-2007-4658).
* Add 203-openssl_make_REQ-overflow.patch: overflow in openssl_make_REQ.
  Applied and corrected upstream fixes (CVE-2007-4662).
* Add 204-start-session-cookies.patch: overwrite cookie values.
  Applied upstream fixes (CVE-2007-3799).
* Add 206-chunk_split-fixes.patch: memory reading, possible crash via
  chunk_split. Merged various upstream fixes (CVE-2007-2872, CVE-2007-4660,
  CVE-2007-4661).
* Add 206-cookie-nesting-fix.patch: corruption/crashes via deeply nested
  variables. Backported upstream fixes (CVE-2007-1285, CVE-2007-4670).
* Add 207-htmlentity-utf8-fix.patch: don't accept partial utf8 sequences.
  Backported upstream fixes (CVE-2007-5898).
* Add 208-session-id-leak.patch: don't send session id to remote forms.
  Backported upstream fixes (CVE-2007-5899).
* References
  http://www.php.net/releases/5_2_4.php
  http://www.php.net/releases/5_2_5.php