Ubuntu
php4 package

lp:ubuntu/breezy-security/php4

Breezy (5.10)
breezy-security

Created by James Westby on 2009-08-22 and last modified on 2009-08-22

Get this branch:: bzr branch lp:ubuntu/breezy-security/php4

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Status:: Development

Recent revisions

4. By Adam Conrad on 2006-03-08: * SECURITY UPDATE: multiple fixes backported from 5.1.2 and CVS:
  - Fix multiple HTTP response splitting vulnerabilities in sessions and
    the header() function, due to lack of input validation; CVE-2006-0207
    + Add safety checks in the header() function to make sure that we
      don't get newlines injected by (mis)use of user input in headers.
    + Add a check for invalid characters in session names, so that we
      aren't subject to HTTP response splitting vulnerabilities in
      the Set-Cookie header we send back out as a result of user input.
  - Filter HTML error reporting, preventing cross-site scripting attacks
    when both display_errors and html_errors are enabled; CVE-2006-0208
3. By Adam Conrad on 2005-12-19: * SECURITY UPDATE: multiple fixes backported from new upstream releases:
  - Resolves a local denial of service in the apache2 SAPI, which can
    be triggered by using session.save_path in .htaccess; CVE-2005-3319
  - Resolves an infinite loop in the exif_read_data function which can
    be triggered with a specially-crafted JPEG image; CVE-2005-3353
  - Resolves an XSS vulnerability in the phpinfo function; CVE-2005-3388
  - Resolves a vulnerability in the parse_str function whereby a remote
    attacker can fool PHP into turning on register_globals, thus making
    applications vulnerable to global variable injections; CVE-2005-3389
  - Resolves a vulnerability in the RFC1867 file upload feature where, if
    register_globals is enabled, a remote attacker can modify the GLOBALS
    array with a multipart/form-data POST request; see CVE-2005-3390
  - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391
  - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode
    and open_basedir bypasses between virtual hosts; CVE-2005-3392
  - Resolves a CRLF injection vulnerability in the mb_send_mail function,
    allowing injection of arbitrary mail headers; see CVE-2005-3883
2. By Adam Conrad on 2005-09-27: * Remove Andres Salomon from the Uploaders field, at his request. Thanks
  for all your work on the PHP packages, Andres, now fix our kernel bugs.
* Add 054-open_basedir_slash.patch, which fixes a bug where if open_basedir
  is set to "/foo/", users can access files in "/foobar/", which is not the
  documented behaviour; this addresses CAN-2005-3054 (closes: #323585)
* Add 055-gd_safe_mode_checks.patch from PHP CVS, adding missing safe_mode
  checks to the _php_image_output and _php_image_output_ctx GD functions.
1. By Adam Conrad on 2005-09-27: Import upstream version 4.4.0

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntuphp4 package