Ubuntu
php5 package

Branches for Jaunty

Name Status Last Modified Last Commit
lp:ubuntu/jaunty/php5 1 Development 2009-06-27 22:32:39 UTC
43. * SECURITY UPDATE: arbitrary file wri...

Author: Marc Deslauriers
Revision Date: 2009-03-30 19:20:34 UTC

* SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
  entry in a .htaccess file.
  - debian/patches/CVE-2008-5625.patch: enforce restrictions when merging
    in dir entry in sapi/apache/mod_php5.c and sapi/apache2handler/apache_config.c.
  - CVE-2008-5625
* SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects
  other virtual hosts.
  - debian/patches/CVE-2009-0754.patch: don't terminate on the first
    function that is not overloaded in ext/mbstring/mbstring.c.
  - CVE-2009-0754
lp:ubuntu/jaunty-security/php5 bug 1 Development 2010-09-14 15:45:30 UTC
48. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2010-09-14 15:45:30 UTC

* SECURITY UPDATE: denial of service via xmlrpc crafted argument
  - debian/patches/CVE-2010-0397.patch: make sure method_name isn't empty
    in ext/xmlrpc/xmlrpc-epi-php.c, add test to
    ext/xmlrpc/tests/bug51288.phpt.
  - CVE-2010-0397
* SECURITY UPDATE: weak entropy in Linear Congruential Generator (LCG)
  - debian/patches/CVE-2010-1128.patch: add more entropy in
    ext/standard/lcg.c.
  - CVE-2010-1128
* SECURITY UPDATE: safe_mode bypass via trailing slash in dir pathnames
  - debian/patches/CVE-2010-1129.patch: properly validate pathname in
    ext/standard/file.c.
  - CVE-2010-1129
* SECURITY UPDATE: safe_mode bypass via semicolon in session_save_path
  - debian/patches/CVE-2010-1130.patch: check for semicolon in
    ext/session/session.c.
  - CVE-2010-1130
* SECURITY UPDATE: arbitrary code execution via empty SQL query
  - debian/patches/CVE-2010-1868.patch: use ecalloc instead of emalloc in
    ext/sqlite/sqlite.c.
  - CVE-2010-1868
* SECURITY UPDATE: denial of service via fnmatch stack consumption
  - debian/patches/CVE-2010-1917.patch: limit size of pattern in
    ext/standard/file.c.
  - CVE-2010-1917
* SECURITY UPDATE: sensitive information disclosure or arbitrary code
  execution via use-after-free in SplObjectStorage unserializer
  - debian/patches/CVE-2010-2225.patch: fix logic in
    ext/spl/spl_observer.c.
  - CVE-2010-2225
* SECURITY UPDATE: sensitive information disclosure via error messages
  - debian/patches/CVE-2010-2531.patch: don't display data when flushing
    output buffer in ext/standard/{var.c,php_var.h}.
  - CVE-2010-2531
* SECURITY UPDATE: arbitrary session variable modification via crafted
  session variable name
  - debian/patches/CVE-2010-3065.patch: handle PS_UNDEF_MARKER marker in
    ext/session/session.c.
  - CVE-2010-3065
lp:ubuntu/jaunty-updates/php5 1 Development 2010-09-14 15:45:30 UTC
48. * SECURITY UPDATE: denial of service ...

Author: Marc Deslauriers
Revision Date: 2010-09-14 15:45:30 UTC

* SECURITY UPDATE: denial of service via xmlrpc crafted argument
  - debian/patches/CVE-2010-0397.patch: make sure method_name isn't empty
    in ext/xmlrpc/xmlrpc-epi-php.c, add test to
    ext/xmlrpc/tests/bug51288.phpt.
  - CVE-2010-0397
* SECURITY UPDATE: weak entropy in Linear Congruential Generator (LCG)
  - debian/patches/CVE-2010-1128.patch: add more entropy in
    ext/standard/lcg.c.
  - CVE-2010-1128
* SECURITY UPDATE: safe_mode bypass via trailing slash in dir pathnames
  - debian/patches/CVE-2010-1129.patch: properly validate pathname in
    ext/standard/file.c.
  - CVE-2010-1129
* SECURITY UPDATE: safe_mode bypass via semicolon in session_save_path
  - debian/patches/CVE-2010-1130.patch: check for semicolon in
    ext/session/session.c.
  - CVE-2010-1130
* SECURITY UPDATE: arbitrary code execution via empty SQL query
  - debian/patches/CVE-2010-1868.patch: use ecalloc instead of emalloc in
    ext/sqlite/sqlite.c.
  - CVE-2010-1868
* SECURITY UPDATE: denial of service via fnmatch stack consumption
  - debian/patches/CVE-2010-1917.patch: limit size of pattern in
    ext/standard/file.c.
  - CVE-2010-1917
* SECURITY UPDATE: sensitive information disclosure or arbitrary code
  execution via use-after-free in SplObjectStorage unserializer
  - debian/patches/CVE-2010-2225.patch: fix logic in
    ext/spl/spl_observer.c.
  - CVE-2010-2225
* SECURITY UPDATE: sensitive information disclosure via error messages
  - debian/patches/CVE-2010-2531.patch: don't display data when flushing
    output buffer in ext/standard/{var.c,php_var.h}.
  - CVE-2010-2531
* SECURITY UPDATE: arbitrary session variable modification via crafted
  session variable name
  - debian/patches/CVE-2010-3065.patch: handle PS_UNDEF_MARKER marker in
    ext/session/session.c.
  - CVE-2010-3065
13 of 3 results FirstPreviousNextLast