Created by James Westby on 2009-11-26 and last modified on 2012-02-17
Get this branch:
bzr branch lp:ubuntu/karmic-security/php5
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

58. By Steve Beattie on 2011-05-02

debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix
mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452)

57. By Steve Beattie on 2011-04-28

* SECURITY UPDATE: arbitrary files removal via cronjob
  - debian/php5-common.php5.cron.d: take greater care when removing
    session files.
  - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09
  - CVE-2011-0441
* SECURITY UPDATE: symlink tmp races in pear install
  - debian/patches/php5-pear-CVE-2011-1072.patch: improved
    tempfile handling.
  - debian/rules: apply patch manually after unpacking PEAR phar
  - CVE-2011-1072
* SECURITY UPDATE: more symlink races in pear install
  - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save
    file handler.
  - debian/rules: apply patch manually after unpacking PEAR phar
  - CVE-2011-1144
* SECURITY UPDATE: use-after-free vulnerability
  - debian/patches/php5-CVE-2010-4697.patch: retain reference to
    object until getter/setter are done.
  - CVE-2010-4697
* SECURITY UPDATE: denial of service through application crash with
  invalid images
  - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing
    steps are either 4 or 16.
  - CVE-2010-4698
* SECURITY UPDATE: denial of service through application crash
  - debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully
    when handling zero sized zipfile with the FL_UNCHANGED argument
  - CVE-2011-0421
* SECURITY UPDATE: denial of service through application crash when
  handling images with invalid exif tags
  - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking
  - CVE-2011-0708
* SECURITY UPDATE: denial of service and possible data disclosure
  through integer overflow
  - debian/patches/php5-CVE-2011-1092.patch: better boundary
    condition checks in shmop_read()
  - CVE-2011-1092
* SECURITY UPDATE: use-after-free vulnerability
  - debian/patches/php5-CVE-2011-1148.patch: improve reference
  - CVE-2011-1148
* SECURITY UPDATE: denial of service through buffer overflow crash
  (code execution mitigated by compilation with Fortify Source)
  - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision
    to ensure fitting within MAX_BUF_SIZE
  - CVE-2011-1464
* SECURITY UPDATE: denial of service through application crash via
  integer overflow.
  - debian/patches/php5-CVE-2011-1466.patch: improve boundary
    condition checking in SdnToJulian()
  - CVE-2011-1466
* SECURITY UPDATE: denial of service through application crash
  when using HTTP proxy with the FTP wrapper
  - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling
  - CVE-2011-1469
* SECURITY UPDATE: denial of service through application crash when
  handling ziparchive streams
  - debian/patches/php5-CVE-2011-1470.patch: set necessary elements of
    the meta data structure
  - CVE-2011-1470
* SECURITY UPDATE: denial of service through application crash when
  handling malformed zip files
  - debian/patches/php5-CVE-2011-1471.patch: correct integer
    signedness error when handling zip_fread() return value.
  - CVE-2011-1471

56. By Steve Beattie on 2011-01-12

debian/patches/php5-CVE-2010-3436-regression.patch: update
main/fopen_wrappers.c to include fix for open_basedir restriction
regression (LP: #701896)

55. By Steve Beattie on 2011-01-07

* SECURITY UPDATE: overflow leading to xml decode bypass
  - debian/patches/php5-CVE-2009-5016.patch: convert short to int
    to prevent overflow in bit operations
  - CVE-2009-5016
* SECURITY UPDATE: xml decode bypass
  - debian/patches/php5-CVE-2010-3780.patch: improve utf8 decoding
  - CVE-2010-3780
* SECURITY UPDATE: open_basedir bypass
  - debian/patches/php5-CVE-2010-3436.patch: more strict checking in
  - CVE-2010-3436
* SECURITY UPDATE: NULL pointer dereference crash
  - debian/patches/php5-CVE-2010-3709.patch: check for NULL when
    getting zip comment
  - CVE-2010-3709
* SECURITY UPDATE: memory consumption denial of service
  - debian/patches/php5-CVE-2010-3710.patch: check for email address
    longer than RFC 2821 allows
  - CVE-2010-3710
* SECURITY UPDATE: infinite loop/denial of service when dealing with
  certain textual forms of MAX_FLOAT (LP: #697181)
  - debian/patches/php5-CVE-2010-4645.patch: treat local doubles
    as volatile to avoid x87 registers in zend_strtod()
  - CVE-2010-4645

54. By Marc Deslauriers on 2010-09-14

* SECURITY UPDATE: denial of service via xmlrpc crafted argument
  - debian/patches/CVE-2010-0397.patch: make sure method_name isn't empty
    in ext/xmlrpc/xmlrpc-epi-php.c, add test to
  - CVE-2010-0397
* SECURITY UPDATE: weak entropy in Linear Congruential Generator (LCG)
  - debian/patches/CVE-2010-1128.patch: add more entropy in
  - CVE-2010-1128
* SECURITY UPDATE: safe_mode bypass via trailing slash in dir pathnames
  - debian/patches/CVE-2010-1129.patch: properly validate pathname in
  - CVE-2010-1129
* SECURITY UPDATE: safe_mode bypass via semicolon in session_save_path
  - debian/patches/CVE-2010-1130.patch: check for semicolon in
  - CVE-2010-1130
* SECURITY UPDATE: arbitrary code execution via empty SQL query
  - debian/patches/CVE-2010-1868.patch: use ecalloc instead of emalloc in
  - CVE-2010-1868
* SECURITY UPDATE: denial of service via fnmatch stack consumption
  - debian/patches/CVE-2010-1917.patch: limit size of pattern in
  - CVE-2010-1917
* SECURITY UPDATE: sensitive information disclosure or arbitrary code
  execution via use-after-free in SplObjectStorage unserializer
  - debian/patches/CVE-2010-2225.patch: fix logic in
  - CVE-2010-2225
* SECURITY UPDATE: sensitive information disclosure via error messages
  - debian/patches/CVE-2010-2531.patch: don't display data when flushing
    output buffer in ext/standard/{var.c,php_var.h}, fix tests in
  - CVE-2010-2531
* SECURITY UPDATE: arbitrary session variable modification via crafted
  session variable name
  - debian/patches/CVE-2010-3065.patch: handle PS_UNDEF_MARKER marker in
  - CVE-2010-3065

53. By Marc Deslauriers on 2010-01-05

* SECURITY UPDATE: information disclosure and denial of service via
  zend_restore_ini_entry_cb function.
  - debian/patches/CVE-2009-2626.patch: make sure new_value exists in
    main/main.c, gracefully handle failure in Zend/zend_ini.c.
  - CVE-2009-2626
* SECURITY UPDATE: Cross-site scripting via incomplete htmlspecialchars
  - debian/patches/CVE-2009-4142.patch: rewrite handling logic in
    ext/standard/html.c, add ext/standard/tests/strings/bug49785.phpt
    test script, fix ext/standard/tests/strings/htmlentities-utf.phpt
    test script.
  - CVE-2009-4142
* SECURITY UPDATE: restrictions bypass via incorrect session data
  - debian/patches/CVE-2009-4143.patch: protect from interrupt
    corruption in ext/session/session.c.
  - CVE-2009-4143

52. By Marc Deslauriers on 2009-11-26

* SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313)
  - debian/patches/CVE-2009-3291.patch: validate certificate's CN length
    in ext/openssl/openssl.c.
  - CVE-2009-3291
* SECURITY UPDATE: denial of service via malformed exif images
  (LP: #446313)
  - debian/patches/CVE-2009-3292.patch: check length, return codes, and
    nesting level in ext/exif/exif.c.
  - CVE-2009-3292
* SECURITY UPDATE: safe_mode bypass via tempam function
  - debian/patches/CVE-2009-3557.patch: check for safe_mode in
  - CVE-2009-3557
* SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo
  - debian/patches/CVE-2009-3558.patch: check for open_basedir in
  - CVE-2009-3558
* SECURITY UPDATE: denial of service via large number of files in
  form-data POST request.
  - debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads"
    directive and enforce in main/main.c, main/rfc1867.c.
  - ATTENTION: this update changes previous php5 behaviour by limiting
    the number of files in a POST request to 50. This may be increased
    by adding a "max_file_uploads" directive to the php.ini configuration
  - CVE-2009-4017
* SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open()
  - debian/patches/CVE-2009-4018.patch: add safe_mode check in
  - CVE-2009-4018

51. By Chuck Short on 2009-10-23

debian/rules; Fix broken symlink preventing php-pear from working
properly. (LP: #451277)

50. By Chuck Short on 2009-10-13

* debian/control, debian/patches/115-autoconf_ftbfs.patch:, debian/series:
  Drop patch build-depend on autoconf2.13
* pear/install-pear-nozlib.phar: PHP 5.2.10 was shipped with a broken
  install-pear-nozllib.phar which caused pear to be broken. Use the
  version from http://pear.php.net. (LP: #420639)
* debian/patches/fix-zlib-decompression: Add upstream fix from 5.2.11
  fo fix zlibe.deflage compress filter to actually accept level parameter.
* debian/rules: Fix symlink for pear.

49. By Chuck Short on 2009-09-18

debian/control: Move to php5-suhoshin to Suggests

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.