Ubuntu
php5 package

lp:ubuntu/dapper-proposed/php5

  1. Dapper (6.06)
  2. dapper-proposed
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/dapper-proposed/php5
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

18. By Mathias Gug

* debian/patches/209-array-soap-response.patch: Fix SOAP response for
  associative array (LP: #52866).
* debian/rules: don't package an empty debian/copyright file as it would be
  rejected by launchpad. The copyright file is generated at build time.

17. By Kees Cook

* SECURITY UPDATE: multiple vulnerabilities. Thanks to Sean Finney for
  help locating upstream fixes.
* Add 200-string-wordwrap.patch: wordwrap function can be made to crash.
  Backported upstream fixes (CVE-2007-3998).
* Add 201-strspn-oob-read.patch: memory reading, possible crash via strspn.
  chunk_split. Backported upstream fixes (CVE-2007-4657).
* Add 202-money-format-abuse.patch: money_format format string vulnerable.
  Backported upstream fixes (CVE-2007-4658).
* Add 203-openssl_make_REQ-overflow.patch: overflow in openssl_make_REQ.
  Applied and corrected upstream fixes (CVE-2007-4662).
* Add 204-start-session-cookies.patch: overwrite cookie values.
  Applied upstream fixes (CVE-2007-3799).
* Add 206-chunk_split-fixes.patch: memory reading, possible crash via
  chunk_split. Merged various upstream fixes (CVE-2007-2872, CVE-2007-4660,
  CVE-2007-4661).
* Add 206-cookie-nesting-fix.patch: corruption/crashes via deeply nested
  variables. Backported upstream fixes (CVE-2007-1285, CVE-2007-4670).
* Add 207-htmlentity-utf8-fix.patch: don't accept partial utf8 sequences.
  Backported upstream fixes (CVE-2007-5898).
* Add 208-session-id-leak.patch: don't send session id to remote forms.
  Backported upstream fixes (CVE-2007-5899).
* References
  http://www.php.net/releases/5_2_4.php
  http://www.php.net/releases/5_2_5.php

16. By Kees Cook

* SECURITY UPDATE: arbitrary code execution via heap overflow.
* Add debian/patches/122-CVE-2007-1864-xmlrpc.patch: upstream fix
  (CVE-2007-1864).

15. By Kees Cook

* SECURITY UPDATE: FTP command injection, code execution in SOAP requests,
  user filter code execution, PEAR installer path traversal.
* 121-CVE-2007-2509_ftp.patch: ported from upstream and Debian
  (CVE-2007-2509)
* 121-CVE-2007-2510_soap.patch: ported from upstream and Debian
  (CVE-2007-2510)
* 121-CVE-2007-2511_userfilters.patch: ported from upstream and Debian
  (CVE-2007-2511)
* pear/121-pear-installer.patch: extracted from upstream changes
  (CVE-2007-2519)

14. By Kees Cook

* SECURITY UPDATE: multiple security vulnerabilities fixed. Thanks to
  Moritz Muehlenhoff and Sean Finney.
* MOPB-10.patch: php_binary Session Deserialization Information Leak
  (CVE-2007-1380)
* MOPB-14.patch: substr_compare() Information Leak (CVE-2007-1375)
* MOPB-15.patch: shmop Functions Resource Verification (CVE-2007-1376)
* MOPB-22.patch: session_regenerate_id() Double Free (CVE-2007-1521)
* MOPB-24.patch: array_user_key_compare() Double DTOR (CVE-2007-1484)
* MOPB-26.patch: mb_parse_str() register_globals Activation
  (CVE-2007-1583)
* MOPB-30.patch: _SESSION unset() (CVE-2007-1700)
* MOPB-34.patch: mail() Header Injection (CVE-2007-1718)
* MOPB-41.patch: sqlite_udf_decode_binary() Buffer Overflow
  (CVE-2007-1887 CVE-2007-1888)
* MOPB-42.patch: php_stream_filter_create() Off By One (CVE-2007-1824)

13. By Martin Pitt

* debian/patches/CVE-2007-0906_streams.patch:
  - Extend streams string variables to accomodate null byte. (LP: #87481)
  - Fix backported from upstream CVS:
    http://cvs.php.net/viewvc.cgi/php-src/main/streams/streams.c?r1=1.82.2.6.2.9&r2=1.82.2.6.2.10

12. By Martin Pitt

* SECURITY UPDATE: Remote code execution.
* Add debian/patches/CVE-2007-0906_imap.patch:
  - Buffer overflows in the imap extension.
  - http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.11&r2=1.208.2.7.2.12
  - http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.15&r2=1.208.2.7.2.16
* Add debian/patches/CVE-2007-0906_session.patch:
  - Buffer overflow in the session extension.
  - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.22&r2=1.417.2.8.2.23
* Add debian/patches/CVE-2007-0906_streams.patch:
  - Buffer overflows in the stream filters functions.
  - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.58.2.6.2.12&r2=1.58.2.6.2.13
  - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.98&r2=1.99
* Add debian/patches/CVE-2007-0906_string.patch:
  - Buffer overflow in the string extension.
  - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.629&r2=1.631
* Add debian/patches/CVE-2007-0907.patch:
  - Buffer underflow in sapi_header_op() that can be exploited to crash the
    PHP interpreter.
  - http://cvs.php.net/viewvc.cgi/php-src/main/SAPI.c?r1=1.202.2.7.2.3&r2=1.202.2.7.2.4
* Add debian/patches/CVE-2007-0908.patch:
  - Fix forgotten initialization of key_length and buffer overflow in the
    wddx extension that could be exploited to reveal memory that is not
    supposed to be accessible (potential information disclosure).
  - http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.8&r2=1.119.2.10.2.10
* Add debian/patches/CVE-2007-0909_print.patch:
  - Fix format string vulnerability on 64 bit systems in the *print()
    functions.
  - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.82.2.1.2.11&r2=1.82.2.1.2.12
* Add debian/patches/CVE-2007-0909_odbc.patch:
  - Fix format string vulnerability on 64 bit systems in odbc_result_all().
  - http://cvs.php.net/viewvc.cgi/php-src/ext/odbc/php_odbc.c?r1=1.189.2.4.2.1&r2=1.189.2.4.2.2
  - http://cvs.php.net/viewvc.cgi/php-src/ext/odbc/php_odbc.c?r1=1.189.2.4.2.3&r2=1.189.2.4.2.4
* Add debian/patches/CVE-2007-0910.patch:
  - Fix clobbering of superglobal variables during session variable
    unserialization.
  - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.458&r2=1.459
  - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.24&r2=1.417.2.8.2.26
  - http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.104.2.10.2.3&r2=1.104.2.10.2.4
* Add debian/patches/CVE-2007-0988.patch:
  - Fix infinite loop in zend_hash_init() when unserializing untrusted data
    on 64 bit systems.
  - http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_hash.c?r1=1.121.2.4.2.5&r2=1.121.2.4.2.6

11. By Martin Pitt

* SECURITY UPDATE: Remote code execution.
* Add debian/patches/CVE-2006-5465.patch:
  - Fix buffer overflows in htmlentities() and htmlspecialchars().
  - Ported from upstream CVS:
    http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.2&r2=1.111.2.2.2.3
* Add debian/patches/200-chdir_openbasedir_bypass.patch:
  - Fix open_basedir bypass in chdir().
  - Ported from upstream CVS:
    http://cvs.php.net/viewvc.cgi/php-src/ext/standard/dir.c?r1=1.147.2.3&r2=1.147.2.3.2.1
* Add debian/patches/201-tempnam_openbasedir_bypass.patch:
  - Fix open_basedir bypass in tempnam().
  - Ported from upstream CVS:
    http://cvs.php.net/viewvc.cgi/php-src/main/php_open_temporary_file.c?r1=1.34.2.1.2.1&r2=1.34.2.1.2.3

10. By Martin Pitt

* SECURITY UPDATE: Multiple vulnerabilities.
* Fix CVE number in 5.1.2-1ubuntu3.1 changelog: The curl open_basedir
  bypass is actually CVE-2006-4483, not -2563.
* Add debian/patches/CVE-2006-4485.patch:
  - Fix buffer overread in stripos().
  - Ported from upstream CVS:
    http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?view=diff&r1=1.547&r2=1.548
* Add debian/patches/CVE-2006-4486.patch:
  - Fix integer overflow and memory_limit bypass on 64 bit platforms.
  - Patch stolen from RedHat security update, not fixed upstream yet.
* Add debian/patches/CVE-2006-4625.patch:
  - Fix open_basedir/safe_mode bypass with ini_restore().
  - Ported from upstream CVS:
    http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_ini.c?r1=1.39.2.2&r2=1.39.2.3
* Add debian/patches/CVE-2006-4812.patch:
  - Fix integer overflow in Zend's ecalloc().
  - Ported from upstream CVS:
    http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_alloc.c?r1=1.161&r2=1.162

9. By Martin Pitt

* SECURITY UPDATE: Multiple vulnerabilities.
* debian/patches/CVE-2006-4020.patch:
  - sscanf buffer overflow
  - http://bugs.php.net/bug.php?id=38322
  - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/scanf.c?r1=1.31.2.2&r2=1.31.2.3
* debian/patches/CVE-2006-4481.patch:
  - safe_mode/open_basedir bypass with file_exists() and imap_reopen()
  - http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.8&r2=1.208.2.9
    (imap_reopen())
  - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/filestat.c?r1=1.136.2.8&r2=1.136.2.9
    (file_exists())
* debian/patches/CVE-2006-4482.patch:
  - str_repeat() and wordwrap() buffer overflow on 64 bit systems
  - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.10&r2=1.445.2.14.2.11
* debian/patches/CVE-2006-4484.patch:
  - GIF parser overflow
  - http://cvs.php.net/viewvc.cgi/php-src/ext/gd/libgd/gd_gif_in.c?r1=1.5.4.4&r2=1.5.4.5

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/php5
This branch contains Public information 
Everyone can see this information.

Subscribers