lp:ubuntu/karmic-updates/php5

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

58. By Steve Beattie on 2011-05-02

debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix
mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452)

57. By Steve Beattie on 2011-04-28

* SECURITY UPDATE: arbitrary files removal via cronjob
  - debian/php5-common.php5.cron.d: take greater care when removing
    session files.
  - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09
  - CVE-2011-0441
* SECURITY UPDATE: symlink tmp races in pear install
  - debian/patches/php5-pear-CVE-2011-1072.patch: improved
    tempfile handling.
  - debian/rules: apply patch manually after unpacking PEAR phar
    archive.
  - CVE-2011-1072
* SECURITY UPDATE: more symlink races in pear install
  - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save
    file handler.
  - debian/rules: apply patch manually after unpacking PEAR phar
    archive.
  - CVE-2011-1144
* SECURITY UPDATE: use-after-free vulnerability
  - debian/patches/php5-CVE-2010-4697.patch: retain reference to
    object until getter/setter are done.
  - CVE-2010-4697
* SECURITY UPDATE: denial of service through application crash with
  invalid images
  - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing
    steps are either 4 or 16.
  - CVE-2010-4698
* SECURITY UPDATE: denial of service through application crash
  - debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully
    when handling zero sized zipfile with the FL_UNCHANGED argument
  - CVE-2011-0421
* SECURITY UPDATE: denial of service through application crash when
  handling images with invalid exif tags
  - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking
  - CVE-2011-0708
* SECURITY UPDATE: denial of service and possible data disclosure
  through integer overflow
  - debian/patches/php5-CVE-2011-1092.patch: better boundary
    condition checks in shmop_read()
  - CVE-2011-1092
* SECURITY UPDATE: use-after-free vulnerability
  - debian/patches/php5-CVE-2011-1148.patch: improve reference
    counting
  - CVE-2011-1148
* SECURITY UPDATE: denial of service through buffer overflow crash
  (code execution mitigated by compilation with Fortify Source)
  - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision
    to ensure fitting within MAX_BUF_SIZE
  - CVE-2011-1464
* SECURITY UPDATE: denial of service through application crash via
  integer overflow.
  - debian/patches/php5-CVE-2011-1466.patch: improve boundary
    condition checking in SdnToJulian()
  - CVE-2011-1466
* SECURITY UPDATE: denial of service through application crash
  when using HTTP proxy with the FTP wrapper
  - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling
  - CVE-2011-1469
* SECURITY UPDATE: denial of service through application crash when
  handling ziparchive streams
  - debian/patches/php5-CVE-2011-1470.patch: set necessary elements of
    the meta data structure
  - CVE-2011-1470
* SECURITY UPDATE: denial of service through application crash when
  handling malformed zip files
  - debian/patches/php5-CVE-2011-1471.patch: correct integer
    signedness error when handling zip_fread() return value.
  - CVE-2011-1471

56. By Steve Beattie on 2011-01-12

debian/patches/php5-CVE-2010-3436-regression.patch: update
main/fopen_wrappers.c to include fix for open_basedir restriction
regression (LP: #701896)

55. By Steve Beattie on 2011-01-07

* SECURITY UPDATE: overflow leading to xml decode bypass
  - debian/patches/php5-CVE-2009-5016.patch: convert short to int
    to prevent overflow in bit operations
  - CVE-2009-5016
* SECURITY UPDATE: xml decode bypass
  - debian/patches/php5-CVE-2010-3780.patch: improve utf8 decoding
  - CVE-2010-3780
* SECURITY UPDATE: open_basedir bypass
  - debian/patches/php5-CVE-2010-3436.patch: more strict checking in
    php_check_specific_open_basedir()
  - CVE-2010-3436
* SECURITY UPDATE: NULL pointer dereference crash
  - debian/patches/php5-CVE-2010-3709.patch: check for NULL when
    getting zip comment
  - CVE-2010-3709
* SECURITY UPDATE: memory consumption denial of service
  - debian/patches/php5-CVE-2010-3710.patch: check for email address
    longer than RFC 2821 allows
  - CVE-2010-3710
* SECURITY UPDATE: infinite loop/denial of service when dealing with
  certain textual forms of MAX_FLOAT (LP: #697181)
  - debian/patches/php5-CVE-2010-4645.patch: treat local doubles
    as volatile to avoid x87 registers in zend_strtod()
  - CVE-2010-4645

54. By Marc Deslauriers on 2010-09-14

* SECURITY UPDATE: denial of service via xmlrpc crafted argument
  - debian/patches/CVE-2010-0397.patch: make sure method_name isn't empty
    in ext/xmlrpc/xmlrpc-epi-php.c, add test to
    ext/xmlrpc/tests/bug51288.phpt.
  - CVE-2010-0397
* SECURITY UPDATE: weak entropy in Linear Congruential Generator (LCG)
  - debian/patches/CVE-2010-1128.patch: add more entropy in
    ext/standard/lcg.c.
  - CVE-2010-1128
* SECURITY UPDATE: safe_mode bypass via trailing slash in dir pathnames
  - debian/patches/CVE-2010-1129.patch: properly validate pathname in
    ext/standard/file.c.
  - CVE-2010-1129
* SECURITY UPDATE: safe_mode bypass via semicolon in session_save_path
  - debian/patches/CVE-2010-1130.patch: check for semicolon in
    ext/session/session.c.
  - CVE-2010-1130
* SECURITY UPDATE: arbitrary code execution via empty SQL query
  - debian/patches/CVE-2010-1868.patch: use ecalloc instead of emalloc in
    ext/sqlite/sqlite.c.
  - CVE-2010-1868
* SECURITY UPDATE: denial of service via fnmatch stack consumption
  - debian/patches/CVE-2010-1917.patch: limit size of pattern in
    ext/standard/file.c.
  - CVE-2010-1917
* SECURITY UPDATE: sensitive information disclosure or arbitrary code
  execution via use-after-free in SplObjectStorage unserializer
  - debian/patches/CVE-2010-2225.patch: fix logic in
    ext/spl/spl_observer.c.
  - CVE-2010-2225
* SECURITY UPDATE: sensitive information disclosure via error messages
  - debian/patches/CVE-2010-2531.patch: don't display data when flushing
    output buffer in ext/standard/{var.c,php_var.h}, fix tests in
    ext/standard/tests/general_functions/*.
  - CVE-2010-2531
* SECURITY UPDATE: arbitrary session variable modification via crafted
  session variable name
  - debian/patches/CVE-2010-3065.patch: handle PS_UNDEF_MARKER marker in
    ext/session/session.c.
  - CVE-2010-3065

53. By Marc Deslauriers on 2010-01-05

* SECURITY UPDATE: information disclosure and denial of service via
  zend_restore_ini_entry_cb function.
  - debian/patches/CVE-2009-2626.patch: make sure new_value exists in
    main/main.c, gracefully handle failure in Zend/zend_ini.c.
  - CVE-2009-2626
* SECURITY UPDATE: Cross-site scripting via incomplete htmlspecialchars
  filtering
  - debian/patches/CVE-2009-4142.patch: rewrite handling logic in
    ext/standard/html.c, add ext/standard/tests/strings/bug49785.phpt
    test script, fix ext/standard/tests/strings/htmlentities-utf.phpt
    test script.
  - CVE-2009-4142
* SECURITY UPDATE: restrictions bypass via incorrect session data
  handling
  - debian/patches/CVE-2009-4143.patch: protect from interrupt
    corruption in ext/session/session.c.
  - CVE-2009-4143

52. By Marc Deslauriers on 2009-11-26

* SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313)
  - debian/patches/CVE-2009-3291.patch: validate certificate's CN length
    in ext/openssl/openssl.c.
  - CVE-2009-3291
* SECURITY UPDATE: denial of service via malformed exif images
  (LP: #446313)
  - debian/patches/CVE-2009-3292.patch: check length, return codes, and
    nesting level in ext/exif/exif.c.
  - CVE-2009-3292
* SECURITY UPDATE: safe_mode bypass via tempam function
  - debian/patches/CVE-2009-3557.patch: check for safe_mode in
    ext/standard/file.c.
  - CVE-2009-3557
* SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo
  - debian/patches/CVE-2009-3558.patch: check for open_basedir in
    ext/posix/posix.c.
  - CVE-2009-3558
* SECURITY UPDATE: denial of service via large number of files in
  form-data POST request.
  - debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads"
    directive and enforce in main/main.c, main/rfc1867.c.
  - ATTENTION: this update changes previous php5 behaviour by limiting
    the number of files in a POST request to 50. This may be increased
    by adding a "max_file_uploads" directive to the php.ini configuration
    file.
  - CVE-2009-4017
* SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open()
  - debian/patches/CVE-2009-4018.patch: add safe_mode check in
    ext/standard/proc_open.c
  - CVE-2009-4018

51. By Chuck Short on 2009-10-23

debian/rules; Fix broken symlink preventing php-pear from working
properly. (LP: #451277)

50. By Chuck Short on 2009-10-13

* debian/control, debian/patches/115-autoconf_ftbfs.patch:, debian/series:
  Drop patch build-depend on autoconf2.13
* pear/install-pear-nozlib.phar: PHP 5.2.10 was shipped with a broken
  install-pear-nozllib.phar which caused pear to be broken. Use the
  version from http://pear.php.net. (LP: #420639)
* debian/patches/fix-zlib-decompression: Add upstream fix from 5.2.11
  fo fix zlibe.deflage compress filter to actually accept level parameter.
* debian/rules: Fix symlink for pear.

49. By Chuck Short on 2009-09-18

debian/control: Move to php5-suhoshin to Suggests