lp:debian/lenny/php5
- Get this branch:
- bzr branch lp:debian/lenny/php5
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 6. By Raphael Geissert
-
* Fix CVE-2010-1917: stack consumption on the fnmatch() function
* Fix CVE-2010-2225: use-after-free in the SplObjectStorage
unserializer
* Fix MOPS-2010-60: arbitrary session variables injection - 5. By Raphael Geissert
-
Fix CVE-2010-0397: null pointer dereference when processing invalid
XML-RPC requests (Closes: #573573) - 4. By Raphael Geissert
-
* CVE-2009-2687: DoS via malformed JPEG images with invalid offset fields
(Closes: #535888)
* CVE-2009-2626: remote memory disclosure via ini_* functions
(Closes: #540605)
* CVE-2009-3292: multiple missing checks processing exif image data
* CVE-2009-3291: improper handling of nul character in CommonName fields
of X509 certificates
* max_file_uploads: prevent, by limiting, temporary files exhaustion DoS
* Add an entry to debian/NEWS about the new per-request file uploads limit - 3. By Sean Finney <email address hidden>
-
[ Sean Finney ]
* CVE-2008-5814: XSS vulnerability via display_errors (Closes: #523028)
* CVE-2009-0754.patch: mbstring. func_overload leakage between apache2
vhosts (Closes: #523049)
* CVE-2009-1271: remote DoS in json_decode()
* add note about CVE-2009-1272 in previous version's changelog entry[ Mark A. Hershberger ]
* fix clean target to keep source in a consistant state for multiple builds - 2. By Sean Finney <email address hidden>
-
[ Sean Finney ]
* Do not add -O2 to CFLAGS if DEB_BUILD_OPTIONS contains noopt.
* Security related fixes:
- php: inifile handler for the dba functions can be used to truncate a file
Patch: dba-inifile-truncation. patch (closes: #507101).
- CVE-2008-5658.patch: ZipArchive: :extractTo directory traversal
Patch: CVE-2008-5658.patch (closes: #507857).
Thanks to Pierre Joye for help with the patch.[ Raphael Geissert ]
* Picked up some patches from Gentoo (most included in PHP 5.2.7 and later):
+ patches/gentoo/ 005_stream_ context_ set_params- crash.patch
+ patches/gentoo/ 006_PDORow- crash.patch
+ patches/gentoo/ 007_dom- setAttributeNod e-crash. patch
+ patches/gentoo/ 009_array- function- crashes. patch
+ patches/gentoo/ 010_ticks- zts-crashes. patch
+ patches/gentoo/ 015_CVE- 2008-2665- wrapper- safemode- bypass. patch
+ patches/gentoo/ 017_xmlrpc- invalid- callback- crash.patch
+ patches/gentoo/ 019_new- memory- corruption. patch
+ patches/gentoo/ freetds- compat. patch
- was deprecated_freetds_ check.patch
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:debian/squeeze/php5