lp:ubuntu/dapper-updates/php5
- Get this branch:
- bzr branch lp:ubuntu/dapper-updates/php5
Branch merges
Branch information
Recent revisions
- 28. By Steve Beattie
-
* debian/
patches/ pear/php5- pear-CVE- 2011-1144_ regression. patch: fix
mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452)
* debian/patches/ php5-CVE- 2010-4697_ regression. patch: fix regression
in reference counting added by fix for CVE-2010-4697 (LP: #776642) - 27. By Steve Beattie
-
* SECURITY UPDATE: arbitrary files removal via cronjob
- debian/php5-common. php5.cron. d: take greater care when removing
session files.
- http://git.debian. org/?p= pkg-php% 2Fphp.git; a=commitdiff_ plain;h= d09fd04ed7bfcf7 f008360c6a42025 108925df09
- CVE-2011-0441
* SECURITY UPDATE: symlink tmp races in pear install
- debian/patches/ php5-pear- CVE-2011- 1072.patch: improved
tempfile handling.
- debian/rules: apply patch manually after unpacking PEAR phar
archive.
- CVE-2011-1072
* SECURITY UPDATE: more symlink races in pear install
- debian/patches/ php5-pear- CVE-2011- 1144.patch: add TOCTOU save
file handler.
- debian/rules: apply patch manually after unpacking PEAR phar
archive.
- CVE-2011-1144
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/ php5-CVE- 2010-4697. patch: retain reference to
object until getter/setter are done.
- CVE-2010-4697
* SECURITY UPDATE: denial of service through application crash with
invalid images
- debian/patches/ php5-CVE- 2010-4698. patch: verify anti-aliasing
steps are either 4 or 16.
- CVE-2010-4698
* SECURITY UPDATE: denial of service through application crash when
handling images with invalid exif tags
- debian/patches/ php5-CVE- 2011-0708. patch: stricter exif checking
- CVE-2011-0708
* SECURITY UPDATE: denial of service and possible data disclosure
through integer overflow
- debian/patches/ php5-CVE- 2011-1092. patch: better boundary
condition checks in shmop_read()
- CVE-2011-1092
* SECURITY UPDATE: use-after-free vulnerability
- debian/patches/ php5-CVE- 2011-1148. patch: improve reference
counting
- CVE-2011-1148
* SECURITY UPDATE: denial of service through buffer overflow crash
(code execution mitigated by compilation with Fortify Source)
- debian/patches/ php5-CVE- 2011-1464. patch: limit amount of precision
to ensure fitting within MAX_BUF_SIZE
- CVE-2011-1464
* SECURITY UPDATE: denial of service through application crash via
integer overflow.
- debian/patches/ php5-CVE- 2011-1466. patch: improve boundary
condition checking in SdnToJulian()
- CVE-2011-1466
* SECURITY UPDATE: denial of service through application crash
when using HTTP proxy with the FTP wrapper
- debian/patches/ php5-CVE- 2011-1469. patch: improve pointer handling
- CVE-2011-1469 - 26. By Steve Beattie
-
* main/fopen_
wrappers. c: update to include fix for open_basedir
restriction regression (LP: #701896)
- http://svn.php. net/viewvc? view=revision& revision= 305698 - 25. By Steve Beattie
-
* SECURITY UPDATE: overflow leading to xml decode bypass
- ext/xml/xml.c: convert short to int to prevent overflow in
bit operations
- http://svn.php. net/viewvc/ ?view=revision& amp;revision= 287790
- CVE-2009-5016
* SECURITY UPDATE: xml decode bypass
- ext/xml/xml.c: improve utf8 decoding
- ext/xml/tests/bug49687.phpt: add testcase
- http://svn.php. net/viewvc/ ?view=revision& amp;revision= 304959
- CVE-2010-3780
* SECURITY UPDATE: open_basedir bypass
- main/fopen_wrappers. c: more strict checking in
php_check_specific_ open_basedir( )
- http://svn.php. net/viewvc? view=revision& revision= 303824
- CVE-2010-3436
* SECURITY UPDATE: infinite loop/denial of service when dealing with
certain textual forms of MAX_FLOAT (LP: #697181)
- Zend/zend_strtod.c: treat local doubles as volatile to avoid
x87 registers in zend_strtod()
- http://svn.php. net/viewvc? view=revision& revision= 263637
- http://svn.php. net/viewvc? view=revision& revision= 307095
- CVE-2010-4645 - 24. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via xmlrpc crafted argument
- debian/patches/ CVE-2010- 0397.patch: make sure method_name isn't empty
in ext/xmlrpc/xmlrpc- epi-php. c, add test to
ext/xmlrpc/ tests/bug51288.phpt.
- CVE-2010-0397
* SECURITY UPDATE: weak entropy in Linear Congruential Generator (LCG)
- debian/patches/ CVE-2010- 1128.patch: add more entropy in
ext/standard/ lcg.c.
- CVE-2010-1128
* SECURITY UPDATE: safe_mode bypass via trailing slash in dir pathnames
- debian/patches/ CVE-2010- 1129.patch: properly validate pathname in
ext/standard/ file.c.
- CVE-2010-1129
* SECURITY UPDATE: arbitrary code execution via empty SQL query
- debian/patches/ CVE-2010- 1868.patch: use ecalloc instead of emalloc in
ext/sqlite/ sqlite. c.
- CVE-2010-1868
* SECURITY UPDATE: denial of service via fnmatch stack consumption
- debian/patches/ CVE-2010- 1917.patch: limit size of pattern in
ext/standard/ file.c.
- CVE-2010-1917
* SECURITY UPDATE: sensitive information disclosure via error messages
- debian/patches/ CVE-2010- 2531.patch: don't display data when flushing
output buffer in ext/standard/{var.c, php_var. h}.
- CVE-2010-2531
* SECURITY UPDATE: arbitrary session variable modification via crafted
session variable name
- debian/patches/ CVE-2010- 3065.patch: handle PS_UNDEF_MARKER marker in
ext/session/ session. c.
- CVE-2010-3065 - 23. By Marc Deslauriers
-
* SECURITY UPDATE: information disclosure and denial of service via
zend_restore_ ini_entry_ cb function.
- debian/patches/ CVE-2009- 2626.patch: gracefully handle failure in
Zend/zend_ini. c.
- CVE-2009-2626
* SECURITY UPDATE: Cross-site scripting via incomplete htmlspecialchars
filtering
- debian/patches/ CVE-2009- 4142.patch: rewrite handling logic in
ext/standard/ html.c, add ext/standard/ tests/strings/bug49785.phpt
test script.
- CVE-2009-4142
* SECURITY UPDATE: restrictions bypass via incorrect session data
handling
- debian/patches/ CVE-2009- 4143.patch: protect from interrupt
corruption in ext/session/session. c.
- CVE-2009-4143 - 22. By Marc Deslauriers
-
* SECURITY UPDATE: file truncation via key with null byte
- debian/patches/ CVE-2008- 7068.patch: make sure key and value are sane
in ext/dba/libinifile/ inifile. c.
- CVE-2008-7068
* SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313)
- debian/patches/ CVE-2009- 3291.patch: validate certificate's CN length
in ext/openssl/openssl. c.
- CVE-2009-3291
* SECURITY UPDATE: denial of service via malformed exif images
(LP: #446313)
- debian/patches/ CVE-2009- 3292.patch: check length, return codes, and
nesting level in ext/exif/exif.c.
- CVE-2009-3292
* SECURITY UPDATE: safe_mode bypass via tempam function
- debian/patches/ CVE-2009- 3557.patch: check for safe_mode in
ext/standard/ file.c.
- CVE-2009-3557
* SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo
- debian/patches/ CVE-2009- 3558.patch: check for open_basedir in
ext/posix/posix. c.
- CVE-2009-3558
* SECURITY UPDATE: denial of service via large number of files in
form-data POST request.
- debian/patches/ CVE-2009- 4017.patch: introduce new "max_file_uploads"
directive and enforce in main/main.c, main/rfc1867.c.
- ATTENTION: this update changes previous php5 behaviour by limiting
the number of files in a POST request to 50. This may be increased
by adding a "max_file_uploads" directive to the php.ini configuration
file.
- CVE-2009-4017
* SECURITY UPDATE: safe_mode_protected_ env_vars bypass via proc_open()
- debian/patches/ CVE-2009- 4018.patch: add safe_mode check in
ext/standard/ proc_open. c
- CVE-2009-4018 - 21. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via malformed JPEG image with
invalid offset fields
- debian/patches/ 229_SECURITY_ CVE-2009- 2687.patch: validate
offset_of_ifd in ext/exif/exif.c.
- CVE-2009-2687 - 20. By Marc Deslauriers
-
* SECURITY UPDATE: cross-site scripting vulnerability when display_errors
is enabled.
- debian/patches/ 227_SECURITY_ CVE-2008- 5814.patch: don't print back
cookie names or values in ext/standard/head.c.
- CVE-2008-5814
* SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects
other virtual hosts.
- debian/patches/ 228_SECURITY_ CVE-2009- 0754.patch: don't terminate on
the first function that is not overloaded in ext/mbstring/mbstring. c.
- CVE-2009-0754 - 19. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution from
integer overflow in libgd. Although the system libgd was fixed in USN-557-1,
php5 would not gracefully handle the error return code, resulting in a
denial of service.
- debian/patches/ 219_SECURITY_ CVE-2007- 3996.patch: check return codes when
calling libgd in ext/gd/gd.c.
- CVE-2007-3996
* SECURITY UPDATE: php_admin_value and php_admin_flag restrictions bypass via
ini_set. (LP: #228095)
- debian/patches/ 220_SECURITY_ CVE-2007- 5900.patch: add new
zend_alter_ini_ entry_ex( ) function that extends zend_alter_ ini_entry( ) by
making sure the entry can be modified in Zend/zend_ini.{c, h},
Zend/zend_vm_ def.h, and Zend/zend_ vm_execute. h. Use the new function for
bacporting reasons in sapi/cgi/cgi_main.c and sapi/cli/php_cli.c.
- CVE-2007-5900
* SECURITY UPDATE: denial of service and possible arbitrary code execution
via crafted font file. (LP: #286851)
- debian/patches/ 221_SECURITY_ CVE-2008- 3658.patch: make sure font->nchars,
font->h, and font->w don't cause overflows in ext/gd/gd.c. Also, add
test script ext/gd/tests/imageload font_invalid. phpt.
- CVE-2008-3658
* SECURITY UPDATE: denial of service and possible arbitrary code execution
via the delimiter argument to the explode function. (LP: #286851)
- debian/patches/ 222_SECURITY_ CVE-2008- 3659.patch: make sure needle_length
is sane in ext/standard/tests/strings/ explode_ bug.phpt. Also, add test
script ext/standard/tests/strings/ explode_ bug.phpt.
- CVE-2008-3659
* SECURITY UPDATE: denial of service via a request with multiple dots
preceding the extension. (ex: foo..php) (LP: #286851)
- debian/patches/ 223_SECURITY_ CVE-2008- 3660.patch: improve .. cleaning with
a new is_valid_path() function in sapi/cgi/cgi_main. c.
- CVE-2008-3660
* SECURITY UPDATE: mbstring extension arbitrary code execution via crafted
string containing HTML entity. (LP: #317672)
- debian/patches/ 224_SECURITY_ CVE-2008- 5557.patch: improve
mbfl_filt_conv_ html_dec_ flush() error handling in
ext/mbstring/ libmbfl/ filters/ mbfilter_ htmlent. c.
- CVE-2008-5557
* SECURITY UPDATE: safe_mode restriction bypass via unrestricted variable
settings.
- debian/patches/ 225_SECURITY_ CVE-2008- 5624.patch: make sure the page_uid
and page_gid get initialized properly in ext/standard/basic_functions .c.
Also, init server_context before processing config variables in
sapi/apache/ mod_php5. c.
- CVE-2008-5624
* SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
entry in a .htaccess file.
- debian/patches/ 226_SECURITY_ CVE-2008- 5625.patch: enforce restrictions
when merging in dir entry in sapi/apache/mod_php5. c and
sapi/apache2handler/ apache_ config. c.
- CVE-2008-5625
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/php5