lp:ubuntu/intrepid-security/php5

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

43. By Marc Deslauriers on 2010-01-06

* SECURITY UPDATE: information disclosure and denial of service via
  zend_restore_ini_entry_cb function.
  - debian/patches/CVE-2009-2626.patch: make sure new_value exists in
    main/main.c, gracefully handle failure in Zend/zend_ini.c.
  - CVE-2009-2626
* SECURITY UPDATE: Cross-site scripting via incomplete htmlspecialchars
  filtering
  - debian/patches/CVE-2009-4142.patch: rewrite handling logic in
    ext/standard/html.c, add ext/standard/tests/strings/bug49785.phpt
    test script, fix ext/standard/tests/strings/htmlentities-utf.phpt
    test script.
  - CVE-2009-4142
* SECURITY UPDATE: restrictions bypass via incorrect session data
  handling
  - debian/patches/CVE-2009-4143.patch: protect from interrupt
    corruption in ext/session/session.c.
  - CVE-2009-4143

42. By Marc Deslauriers on 2009-11-26

* SECURITY UPDATE: file truncation via key with null byte
  - debian/patches/CVE-2008-7068.patch: make sure key and value are sane
    in ext/dba/libinifile/inifile.c.
  - CVE-2008-7068
* SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313)
  - debian/patches/CVE-2009-3291.patch: validate certificate's CN length
    in ext/openssl/openssl.c.
  - CVE-2009-3291
* SECURITY UPDATE: denial of service via malformed exif images
  (LP: #446313)
  - debian/patches/CVE-2009-3292.patch: check length, return codes, and
    nesting level in ext/exif/exif.c.
  - CVE-2009-3292
* SECURITY UPDATE: safe_mode bypass via tempam function
  - debian/patches/CVE-2009-3557.patch: check for safe_mode in
    ext/standard/file.c.
  - CVE-2009-3557
* SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo
  - debian/patches/CVE-2009-3558.patch: check for open_basedir in
    ext/posix/posix.c.
  - CVE-2009-3558
* SECURITY UPDATE: denial of service via large number of files in
  form-data POST request.
  - debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads"
    directive and enforce in main/main.c, main/rfc1867.c.
  - ATTENTION: this update changes previous php5 behaviour by limiting
    the number of files in a POST request to 50. This may be increased
    by adding a "max_file_uploads" directive to the php.ini configuration
    file.
  - CVE-2009-4017
* SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open()
  - debian/patches/CVE-2009-4018.patch: add safe_mode check in
    ext/standard/proc_open.c
  - CVE-2009-4018
* debian/patches/fix-xmlrpc-datetime.diff
  - Prevent stack smashing when using xmlrpc and datetime. (LP: #239513)

41. By Marc Deslauriers on 2009-08-21

* SECURITY UPDATE: denial of service via malformed JPEG image with
  invalid offset fields
  - debian/patches/130-SECURITY-CVE-2009-2687.patch: validate
    offset_of_ifd in ext/exif/exif.c.
  - CVE-2009-2687

40. By Marc Deslauriers on 2009-04-17

* SECURITY UPDATE: cross-site scripting vulnerability when display_errors
  is enabled.
  - debian/patches/127-SECURITY-CVE-2008-5814.patch: don't print back
    cookie names or values in ext/standard/head.c.
  - CVE-2008-5814
* SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects
  other virtual hosts.
  - debian/patches/128-SECURITY-CVE-2009-0754.patch: don't terminate on
    the first function that is not overloaded in ext/mbstring/mbstring.c.
  - CVE-2009-0754
* SECURITY UPDATE: denial of service via malformed string to the
  json_decode API function.
  - debian/patches/129-SECURITY-CVE-2009-1271.patch: add extra mode
    checks in ext/json/JSON_parser.c. Add test to ext/json/tests/001.phpt.
  - CVE-2009-1271

39. By Marc Deslauriers on 2009-01-26

* SECURITY UPDATE: denial of service and possible arbitrary code execution
  via crafted font file. (LP: #286851)
  - debian/patches/120-SECURITY-CVE-2008-3658.patch: make sure font->nchars,
    font->h, and font->w don't cause overflows in ext/gd/gd.c. Also, add
    test script ext/gd/tests/imageloadfont_invalid.phpt.
  - CVE-2008-3658
* SECURITY UPDATE: denial of service and possible arbitrary code execution
  via the delimiter argument to the explode function. (LP: #286851)
  - debian/patches/121-SECURITY-CVE-2008-3659.patch: make sure needle_length
    is sane in ext/standard/tests/strings/explode_bug.phpt. Also, add test
    script ext/standard/tests/strings/explode_bug.phpt.
  - CVE-2008-3659
* SECURITY UPDATE: denial of service via a request with multiple dots
  preceding the extension. (ex: foo..php) (LP: #286851)
  - debian/patches/122-SECURITY-CVE-2008-3660.patch: improve .. cleaning with
    a new is_valid_path() function in sapi/cgi/cgi_main.c.
  - CVE-2008-3660
* SECURITY UPDATE: mbstring extension arbitrary code execution via crafted
  string containing HTML entity. (LP: #317672)
  - debian/patches/123-SECURITY-CVE-2008-5557.patch: improve
    mbfl_filt_conv_html_dec_flush() error handling in
    ext/mbstring/libmbfl/filters/mbfilter_htmlent.c.
  - CVE-2008-5557
* SECURITY UPDATE: safe_mode restriction bypass via unrestricted variable
  settings.
  - debian/patches/124-SECURITY-CVE-2008-5624.patch: make sure the page_uid
    and page_gid get initialized properly in ext/standard/basic_functions.c.
    Also, init server_context before processing config variables in
    sapi/apache/mod_php5.c.
  - CVE-2008-5624
* SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
  entry in a .htaccess file.
  - debian/patches/125-SECURITY-CVE-2008-5625.patch: enforce restrictions
    when merging in dir entry in sapi/apache/mod_php5.c and
    sapi/apache2handler/apache_config.c.
  - CVE-2008-5625
* SECURITY UPDATE: arbitrary file overwrite from directory traversal via zip
  file with dot-dot filenames.
  - debian/patches/126-SECURITY-CVE-2008-5658.patch: clean up filename paths
    in ext/zip/php_zip.c with new php_zip_realpath_r(),
    php_zip_virtual_file_ex() and php_zip_make_relative_path() functions.
  - CVE-2008-5658

38. By Chuck Short on 2008-10-14

debian/patches/fix-pecl-libtool.dpatch: fix libtool brokenness
with pecl. (LP: #262251)

37. By Chuck Short on 2008-08-20

debian/rules: Point /usr/lib/php5/build/{libtool.m4, ltmain.sh}
to the right locations.

36. By Adam Conrad on 2008-08-12

* Revert to using upstream's bundled libtool for now, until either upstream
  moves to libtool 2.x, or Debian/Ubuntu have the time to rewrite some m4.
* Manually copy autotools-dev's versions of config.{sub,guess}, since we
  no longer have libtoolize doing it for us, thanks to the above change.
* Fix libedit_is_editline.patch to patch sap/cli/php_cli* too (LP: 249800)
* Include patch from Debian (deprecated_freetds_check.patch) to fix FTBFS
  with more recent versions of FreeTDS.

35. By Chuck Short on 2008-07-17

* Merge from debian unstable, remaining changes:
  - debin/control, debian/rules: Disable a few build dependencies and
    accompanying binary pckages which we do not want to support in main:
    + freebird2-dev/php5-interbase (we have a seperate php-interbase source)
    + libc-client-dev/php5-imap (we have a seperate php-imap source)
    + libmcrypt-dev/php5-mcrypt (seperate php-mcrypt source)
    + readline support again, now that the libedit issue is fixed.
  - debian/control: Add build dependency: libedit-dev (>= 2.9.cvs.20050518-1)
    CLI readline support
  - debian/rules:
    + Correctly mangle PHP5_* macros for lpia
  - debian/patches/use-specific-libdb-version.patch (LP: #165247), mangle
    version ordering in patch to match code for clean application.
  - debian/patches/119-sybase-alias.patch:
    + Fix sybase regression since change to msqql. (LP: #240519)
  - debian/control: Use libdb-4.6-dev

34. By Chuck Short on 2008-06-20

* debian/patches/119-sybase-alias.patch:
  - Update patch fixes FTBFS.