lp:ubuntu/dapper-proposed/php5
- Get this branch:
- bzr branch lp:ubuntu/dapper-proposed/php5
Branch merges
Branch information
Recent revisions
- 18. By Mathias Gug
-
* debian/
patches/ 209-array- soap-response. patch: Fix SOAP response for
associative array (LP: #52866).
* debian/rules: don't package an empty debian/copyright file as it would be
rejected by launchpad. The copyright file is generated at build time. - 17. By Kees Cook
-
* SECURITY UPDATE: multiple vulnerabilities. Thanks to Sean Finney for
help locating upstream fixes.
* Add 200-string-wordwrap. patch: wordwrap function can be made to crash.
Backported upstream fixes (CVE-2007-3998).
* Add 201-strspn-oob-read. patch: memory reading, possible crash via strspn.
chunk_split. Backported upstream fixes (CVE-2007-4657).
* Add 202-money-format- abuse.patch: money_format format string vulnerable.
Backported upstream fixes (CVE-2007-4658).
* Add 203-openssl_make_REQ- overflow. patch: overflow in openssl_make_REQ.
Applied and corrected upstream fixes (CVE-2007-4662).
* Add 204-start-session- cookies. patch: overwrite cookie values.
Applied upstream fixes (CVE-2007-3799).
* Add 206-chunk_split-fixes. patch: memory reading, possible crash via
chunk_split. Merged various upstream fixes (CVE-2007-2872, CVE-2007-4660,
CVE-2007-4661).
* Add 206-cookie-nesting- fix.patch: corruption/crashes via deeply nested
variables. Backported upstream fixes (CVE-2007-1285, CVE-2007-4670).
* Add 207-htmlentity-utf8-fix. patch: don't accept partial utf8 sequences.
Backported upstream fixes (CVE-2007-5898).
* Add 208-session-id-leak. patch: don't send session id to remote forms.
Backported upstream fixes (CVE-2007-5899).
* References
http://www.php. net/releases/ 5_2_4.php
http://www.php. net/releases/ 5_2_5.php - 16. By Kees Cook
-
* SECURITY UPDATE: arbitrary code execution via heap overflow.
* Add debian/patches/ 122-CVE- 2007-1864- xmlrpc. patch: upstream fix
(CVE-2007-1864). - 15. By Kees Cook
-
* SECURITY UPDATE: FTP command injection, code execution in SOAP requests,
user filter code execution, PEAR installer path traversal.
* 121-CVE-2007-2509_ ftp.patch: ported from upstream and Debian
(CVE-2007-2509)
* 121-CVE-2007-2510_ soap.patch: ported from upstream and Debian
(CVE-2007-2510)
* 121-CVE-2007-2511_ userfilters. patch: ported from upstream and Debian
(CVE-2007-2511)
* pear/121-pear-installer. patch: extracted from upstream changes
(CVE-2007-2519) - 14. By Kees Cook
-
* SECURITY UPDATE: multiple security vulnerabilities fixed. Thanks to
Moritz Muehlenhoff and Sean Finney.
* MOPB-10.patch: php_binary Session Deserialization Information Leak
(CVE-2007-1380)
* MOPB-14.patch: substr_compare() Information Leak (CVE-2007-1375)
* MOPB-15.patch: shmop Functions Resource Verification (CVE-2007-1376)
* MOPB-22.patch: session_regenerate_ id() Double Free (CVE-2007-1521)
* MOPB-24.patch: array_user_key_compare( ) Double DTOR (CVE-2007-1484)
* MOPB-26.patch: mb_parse_str() register_globals Activation
(CVE-2007-1583)
* MOPB-30.patch: _SESSION unset() (CVE-2007-1700)
* MOPB-34.patch: mail() Header Injection (CVE-2007-1718)
* MOPB-41.patch: sqlite_udf_decode_ binary( ) Buffer Overflow
(CVE-2007-1887 CVE-2007-1888)
* MOPB-42.patch: php_stream_filter_ create( ) Off By One (CVE-2007-1824) - 13. By Martin Pitt
-
* debian/
patches/ CVE-2007- 0906_streams. patch:
- Extend streams string variables to accomodate null byte. (LP: #87481)
- Fix backported from upstream CVS:
http://cvs.php. net/viewvc. cgi/php- src/main/ streams/ streams. c?r1=1. 82.2.6. 2.9&r2= 1.82.2. 6.2.10 - 12. By Martin Pitt
-
* SECURITY UPDATE: Remote code execution.
* Add debian/patches/ CVE-2007- 0906_imap. patch:
- Buffer overflows in the imap extension.
- http://cvs.php. net/viewvc. cgi/php- src/ext/ imap/php_ imap.c? r1=1.208. 2.7.2.11& r2=1.208. 2.7.2.12
- http://cvs.php. net/viewvc. cgi/php- src/ext/ imap/php_ imap.c? r1=1.208. 2.7.2.15& r2=1.208. 2.7.2.16
* Add debian/patches/ CVE-2007- 0906_session. patch:
- Buffer overflow in the session extension.
- http://cvs.php. net/viewvc. cgi/php- src/ext/ session/ session. c?r1=1. 417.2.8. 2.22&r2= 1.417.2. 8.2.23
* Add debian/patches/ CVE-2007- 0906_streams. patch:
- Buffer overflows in the stream filters functions.
- http://cvs.php. net/viewvc. cgi/php- src/ext/ standard/ streamsfuncs. c?r1=1. 58.2.6. 2.12&r2= 1.58.2. 6.2.13
- http://cvs.php. net/viewvc. cgi/php- src/ext/ standard/ streamsfuncs. c?r1=1. 98&r2=1. 99
* Add debian/patches/ CVE-2007- 0906_string. patch:
- Buffer overflow in the string extension.
- http://cvs.php. net/viewvc. cgi/php- src/ext/ standard/ string. c?r1=1. 629&r2= 1.631
* Add debian/patches/ CVE-2007- 0907.patch:
- Buffer underflow in sapi_header_op() that can be exploited to crash the
PHP interpreter.
- http://cvs.php. net/viewvc. cgi/php- src/main/ SAPI.c? r1=1.202. 2.7.2.3& r2=1.202. 2.7.2.4
* Add debian/patches/ CVE-2007- 0908.patch:
- Fix forgotten initialization of key_length and buffer overflow in the
wddx extension that could be exploited to reveal memory that is not
supposed to be accessible (potential information disclosure).
- http://cvs.php. net/viewvc. cgi/php- src/ext/ wddx/wddx. c?r1=1. 119.2.10. 2.8&r2= 1.119.2. 10.2.10
* Add debian/patches/ CVE-2007- 0909_print. patch:
- Fix format string vulnerability on 64 bit systems in the *print()
functions.
- http://cvs.php. net/viewvc. cgi/php- src/ext/ standard/ formatted_ print.c? r1=1.82. 2.1.2.11& r2=1.82. 2.1.2.12
* Add debian/patches/ CVE-2007- 0909_odbc. patch:
- Fix format string vulnerability on 64 bit systems in odbc_result_all().
- http://cvs.php. net/viewvc. cgi/php- src/ext/ odbc/php_ odbc.c? r1=1.189. 2.4.2.1& r2=1.189. 2.4.2.2
- http://cvs.php. net/viewvc. cgi/php- src/ext/ odbc/php_ odbc.c? r1=1.189. 2.4.2.3& r2=1.189. 2.4.2.4
* Add debian/patches/ CVE-2007- 0910.patch:
- Fix clobbering of superglobal variables during session variable
unserialization.
- http://cvs.php. net/viewvc. cgi/php- src/ext/ session/ session. c?r1=1. 458&r2= 1.459
- http://cvs.php. net/viewvc. cgi/php- src/ext/ session/ session. c?r1=1. 417.2.8. 2.24&r2= 1.417.2. 8.2.26
- http://cvs.php. net/viewvc. cgi/php- src/main/ php_variables. c?r1=1. 104.2.10. 2.3&r2= 1.104.2. 10.2.4
* Add debian/patches/ CVE-2007- 0988.patch:
- Fix infinite loop in zend_hash_init() when unserializing untrusted data
on 64 bit systems.
- http://cvs.php. net/viewvc. cgi/ZendEngine2 /zend_hash. c?r1=1. 121.2.4. 2.5&r2= 1.121.2. 4.2.6 - 11. By Martin Pitt
-
* SECURITY UPDATE: Remote code execution.
* Add debian/patches/ CVE-2006- 5465.patch:
- Fix buffer overflows in htmlentities() and htmlspecialchars().
- Ported from upstream CVS:
http://cvs.php. net/viewvc. cgi/php- src/ext/ standard/ html.c? r1=1.111. 2.2.2.2& r2=1.111. 2.2.2.3
* Add debian/patches/ 200-chdir_ openbasedir_ bypass. patch:
- Fix open_basedir bypass in chdir().
- Ported from upstream CVS:
http://cvs.php. net/viewvc. cgi/php- src/ext/ standard/ dir.c?r1= 1.147.2. 3&r2=1. 147.2.3. 2.1
* Add debian/patches/ 201-tempnam_ openbasedir_ bypass. patch:
- Fix open_basedir bypass in tempnam().
- Ported from upstream CVS:
http://cvs.php. net/viewvc. cgi/php- src/main/ php_open_ temporary_ file.c? r1=1.34. 2.1.2.1& r2=1.34. 2.1.2.3 - 10. By Martin Pitt
-
* SECURITY UPDATE: Multiple vulnerabilities.
* Fix CVE number in 5.1.2-1ubuntu3.1 changelog: The curl open_basedir
bypass is actually CVE-2006-4483, not -2563.
* Add debian/patches/ CVE-2006- 4485.patch:
- Fix buffer overread in stripos().
- Ported from upstream CVS:
http://cvs.php. net/viewvc. cgi/php- src/ext/ standard/ string. c?view= diff&r1= 1.547&r2= 1.548
* Add debian/patches/ CVE-2006- 4486.patch:
- Fix integer overflow and memory_limit bypass on 64 bit platforms.
- Patch stolen from RedHat security update, not fixed upstream yet.
* Add debian/patches/ CVE-2006- 4625.patch:
- Fix open_basedir/safe_mode bypass with ini_restore().
- Ported from upstream CVS:
http://cvs.php. net/viewvc. cgi/ZendEngine2 /zend_ini. c?r1=1. 39.2.2& r2=1.39. 2.3
* Add debian/patches/ CVE-2006- 4812.patch:
- Fix integer overflow in Zend's ecalloc().
- Ported from upstream CVS:
http://cvs.php. net/viewvc. cgi/ZendEngine2 /zend_alloc. c?r1=1. 161&r2= 1.162 - 9. By Martin Pitt
-
* SECURITY UPDATE: Multiple vulnerabilities.
* debian/patches/ CVE-2006- 4020.patch:
- sscanf buffer overflow
- http://bugs.php. net/bug. php?id= 38322
- http://cvs.php. net/viewvc. cgi/php- src/ext/ standard/ scanf.c? r1=1.31. 2.2&r2= 1.31.2. 3
* debian/patches/ CVE-2006- 4481.patch:
- safe_mode/open_basedir bypass with file_exists() and imap_reopen()
- http://cvs.php. net/viewvc. cgi/php- src/ext/ imap/php_ imap.c? r1=1.208. 2.8&r2= 1.208.2. 9
(imap_reopen())
- http://cvs.php. net/viewvc. cgi/php- src/ext/ standard/ filestat. c?r1=1. 136.2.8& r2=1.136. 2.9
(file_exists())
* debian/patches/ CVE-2006- 4482.patch:
- str_repeat() and wordwrap() buffer overflow on 64 bit systems
- http://cvs.php. net/viewvc. cgi/php- src/ext/ standard/ string. c?r1=1. 445.2.14. 2.10&r2= 1.445.2. 14.2.11
* debian/patches/ CVE-2006- 4484.patch:
- GIF parser overflow
- http://cvs.php. net/viewvc. cgi/php- src/ext/ gd/libgd/ gd_gif_ in.c?r1= 1.5.4.4& r2=1.5. 4.5
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/php5