lp:ubuntu/breezy-security/php4
- Get this branch:
- bzr branch lp:ubuntu/breezy-security/php4
Branch merges
Branch information
- Owner:
- Ubuntu branches
- Status:
- Development
Recent revisions
- 4. By Adam Conrad
-
* SECURITY UPDATE: multiple fixes backported from 5.1.2 and CVS:
- Fix multiple HTTP response splitting vulnerabilities in sessions and
the header() function, due to lack of input validation; CVE-2006-0207
+ Add safety checks in the header() function to make sure that we
don't get newlines injected by (mis)use of user input in headers.
+ Add a check for invalid characters in session names, so that we
aren't subject to HTTP response splitting vulnerabilities in
the Set-Cookie header we send back out as a result of user input.
- Filter HTML error reporting, preventing cross-site scripting attacks
when both display_errors and html_errors are enabled; CVE-2006-0208 - 3. By Adam Conrad
-
* SECURITY UPDATE: multiple fixes backported from new upstream releases:
- Resolves a local denial of service in the apache2 SAPI, which can
be triggered by using session.save_path in .htaccess; CVE-2005-3319
- Resolves an infinite loop in the exif_read_data function which can
be triggered with a specially-crafted JPEG image; CVE-2005-3353
- Resolves an XSS vulnerability in the phpinfo function; CVE-2005-3388
- Resolves a vulnerability in the parse_str function whereby a remote
attacker can fool PHP into turning on register_globals, thus making
applications vulnerable to global variable injections; CVE-2005-3389
- Resolves a vulnerability in the RFC1867 file upload feature where, if
register_globals is enabled, a remote attacker can modify the GLOBALS
array with a multipart/form-data POST request; see CVE-2005-3390
- Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391
- Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode
and open_basedir bypasses between virtual hosts; CVE-2005-3392
- Resolves a CRLF injection vulnerability in the mb_send_mail function,
allowing injection of arbitrary mail headers; see CVE-2005-3883 - 2. By Adam Conrad
-
* Remove Andres Salomon from the Uploaders field, at his request. Thanks
for all your work on the PHP packages, Andres, now fix our kernel bugs.
* Add 054-open_basedir_ slash.patch, which fixes a bug where if open_basedir
is set to "/foo/", users can access files in "/foobar/", which is not the
documented behaviour; this addresses CAN-2005-3054 (closes: #323585)
* Add 055-gd_safe_mode_ checks. patch from PHP CVS, adding missing safe_mode
checks to the _php_image_output and _php_image_output_ ctx GD functions.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)