Ubuntu
php5 package

lp:ubuntu/lucid-security/php5

  1. Lucid (10.04)
  2. lucid-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/lucid-security/php5
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

76. By Marc Deslauriers

* SECURITY UPDATE: arbitrary file disclosure via XML External Entity
  - debian/patches/CVE-2013-1643.patch: disable the entity loader in
    ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
  - CVE-2013-1643

75. By Marc Deslauriers

* SECURITY UPDATE: HTTP response-splitting issue with %0D sequences
  - debian/patches/CVE-2011-1398.patch: properly handle %0D and NUL in
    main/SAPI.c, added tests to ext/standard/tests/*, fix test suite
    failures in ext/phar/phar_object.c.
  - CVE-2011-1398
  - CVE-2012-4388
* SECURITY UPDATE: denial of service and possible code execution via
  _php_stream_scandir function (LP: #1028064)
  - debian/patches/CVE-2012-2688.patch: prevent overflow in
    main/streams/streams.c.
  - CVE-2012-2688
* SECURITY UPDATE: denial of service via PDO extension crafted parameter
  - debian/patches/CVE-2012-3450.patch: improve logic in
    ext/pdo/pdo_sql_parser.re, regenerate ext/pdo/pdo_sql_parser.c, add
    test to ext/pdo_mysql/tests/bug_61755.phpt.
  - CVE-2012-3450

74. By Marc Deslauriers

* SECURITY UPDATE: denial of service via invalid tidy objects
  - debian/patches/CVE-2012-0781.patch: track initialization in
    ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt,
    ext/tidy/tests/bug54682.phpt.
  - CVE-2012-0781
* SECURITY UPDATE: denial of service or possible directory traversal via
  invalid filename.
  - debian/patches/CVE-2012-1172.patch: ensure brackets get closed in
    main/rfc1867.c, add test to tests/basic/bug55500.phpt.
  - CVE-2012-1172
* SECURITY UPDATE: password truncation via invalid byte
  - debian/patches/CVE-2012-2143.patch: improve logic in
    ext/standard/crypt_freesec.c, add test to
    ext/standard/tests/strings/crypt_chars.phpt.
  - CVE-2012-2143
* SECURITY UPDATE: crypto() empty salt string issue
  - debian/patches/php_crypt_revamped.patch: Return fail string on
    invalid Blowfish salt rounds, fix regression when the salt is empty.
  - CVE-2012-2317
* SECURITY UPDATE: improve php5-cgi query string parameter parsing
  - debian/patches/CVE-2012-233x.patch: improve parsing in
    sapi/cgi/cgi_main.c.
  - CVE-2012-2335
  - CVE-2012-2336
* SECURITY UPDATE: phar extension heap overflow
  - debian/patches/CVE-2012-2386.patch: check for overflow in
    ext/phar/tar.c.
  - CVE-2012-2386

73. By Steve Beattie

* SECURITY UPDATE: php5-cgi query string parameters parsing
  vulnerability
  - debian/patches/php5-CVE-2012-1823.patch: filter query strings that
    are prefixed with '-'
  - CVE-2012-1823
  - CVE-2012-2311

72. By Steve Beattie

debian/patches/php5-CVE-2012-0831-regression.patch: fix
magic_quotes_gpc ini setting regression introduced by patch for
CVE-2012-0831. Thanks to Ondřej Surý for the patch. (LP: #930115)

71. By Steve Beattie

* SECURITY UPDATE: memory allocation failure denial of service
  - debian/patches/php5-CVE-2011-4153.patch: check result of
    zend_strdup() and calloc() for failed allocations
  - CVE-2011-4153
* SECURITY UPDATE: predictable hash collision denial of service
  (LP: #910296)
  - debian/patches/php5-CVE-2011-4885.patch: add max_input_vars
    directive with default limit of 1000
  - ATTENTION: this update changes previous php5 behavior by
    limiting the number of external input variables to 1000.
    This may be increased by adding a "max_input_vars"
    directive to the php.ini configuration file. See
    http://www.php.net/manual/en/info.configuration.php#ini.max-input-vars
    for more information.
  - CVE-2011-4885
* SECURITY UPDATE: remote code execution vulnerability introduced by
  the fix for CVE-2011-4885 (LP: #925772)
  - debian/patches/php5-CVE-2012-0830.patch: return rather than
    continuing if max_input_vars limit is reached
  - CVE-2012-0830
* SECURITY UPDATE: XSLT arbitrary file overwrite attack
  - debian/patches/php5-CVE-2012-0057.patch: add xsl.security_prefs
    ini option to define forbidden operations within XSLT stylesheets
  - CVE-2012-0057
* SECURITY UPDATE: PDORow session denial of service
  - debian/patches/php5-CVE-2012-0788.patch: fail gracefully when
    attempting to serialize PDORow instances
  - CVE-2012-0788
* SECURITY UPDATE: magic_quotes_gpc remote disable vulnerability
  - debian/patches/php5-CVE-2012-0831.patch: always restore
    magic_quote_gpc on request shutdown
  - CVE-2012-0831
* SECURITY UPDATE: arbitrary files removal via cronjob
  - debian/php5-common.php5.cron.d: take greater care when removing
    session files (overlooked in a previous update).
  - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09
  - CVE-2011-0441

70. By Marc Deslauriers

* SECURITY UPDATE: Denial of service and possible information disclosure
  via exif integer overflow
  - debian/patches/php5-CVE-2011-4566.patch: fix count checks in
    ext/exif/exif.c.
  - CVE-2011-4566

69. By Steve Beattie

[ Angel Abad ]
* SECURITY UPDATE: File path injection vulnerability in RFC1867 File
  upload filename (LP: #813115)
  - debian/patches/php5-CVE-2011-2202.patch:
  - CVE-2011-2202
* SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
  (LP: #813110)
  - debian/patches/php5-CVE-2011-1938.patch:
  - CVE-2011-1938

[ Steve Beattie ]
* SECURITY UPDATE: DoS in zip handling due to addGlob() crashing
  on invalid flags
  - debian/patches/php5-CVE-2011-1657.patch: check for valid flags
  - CVE-2011-1657
* SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit
  (non-ascii) passwords leading to a smaller collision space
  - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish
    to 1.2 to correct handling of passwords containing 8-bit
    (non-ascii) characters.
    CVE-2011-2483
* SECURITY UPDATE: DoS due to failure to check for memory allocation errors
  - debian/patches/php5-CVE-2011-3182.patch: check the return values
    of the malloc, calloc, and realloc functions
  - CVE-2011-3182
* SECURITY UPDATE: DoS in errorlog() when passed NULL
  - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in
    errorlog()
  - CVE-2011-3267
* SECURITY UPDATE: information leak via handler interrupt (LP: #852871)
  - debian/patches/php5-CVE-2010-1914.patch: grab references before
    calling zendi_convert_to_long()
  - CVE-2010-1914

68. By Steve Beattie

debian/patches/php5-pear-CVE-2011-1144-regression.patch: fix
mkdir parenthesis issue and PEAR::raiseErro typo (LP: #774452)

67. By Steve Beattie

* SECURITY UPDATE: arbitrary files removal via cronjob
  - debian/php5-common.php5.cron.d: take greater care when removing
    session files.
  - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09
  - CVE-2011-0441
* SECURITY UPDATE: symlink tmp races in pear install
  - debian/patches/php5-pear-CVE-2011-1072.patch: improved
    tempfile handling.
  - debian/rules: apply patch manually after unpacking PEAR phar
    archive.
  - CVE-2011-1072
* SECURITY UPDATE: more symlink races in pear install
  - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save
    file handler.
  - debian/rules: apply patch manually after unpacking PEAR phar
    archive.
  - CVE-2011-1144
* SECURITY UPDATE: pathname restriction bypass vulnerability
  - debian/patches/php5-CVE-2006-7243.patch: check for passed
    filenames containing NULL bytes.
  - CVE-2006-7243
* SECURITY UPDATE: use-after-free vulnerability
  - debian/patches/php5-CVE-2010-4697.patch: retain reference to
    object until getter/setter are done.
  - CVE-2010-4697
* SECURITY UPDATE: denial of service through application crash with
  invalid images
  - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing
    steps are either 4 or 16.
  - CVE-2010-4698
* SECURITY UPDATE: denial of service through application crash
  - debian/patches/php5-CVE-2011-0420.patch: improve grapheme_extract()
    argument validation.
  - CVE-2011-0420
* SECURITY UPDATE: denial of service through application crash
  - debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully
    when handling zero sized zipfile with the FL_UNCHANGED argument
  - CVE-2011-0421
* SECURITY UPDATE: denial of service through application crash when
  handling images with invalid exif tags
  - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking
  - CVE-2011-0708
* SECURITY UPDATE: denial of service and possible data disclosure
  through integer overflow
  - debian/patches/php5-CVE-2011-1092.patch: better boundary
    condition checks in shmop_read()
  - CVE-2011-1092
* SECURITY UPDATE: use-after-free vulnerability
  - debian/patches/php5-CVE-2011-1148.patch: improve reference
    counting
  - CVE-2011-1148
* SECURITY UPDATE: format string vulnerability
  - debian/patches/php5-CVE-2011-1153.patch: correctly quote format
    strings
  - CVE-2011-1153
* SECURITY UPDATE: denial of service through buffer overflow crash
  (code execution mitigated by compilation with Fortify Source)
  - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision
    to ensure fitting within MAX_BUF_SIZE
  - CVE-2011-1464
* SECURITY UPDATE: denial of service through application crash via
  integer overflow.
  - debian/patches/php5-CVE-2011-1466.patch: improve boundary
    condition checking in SdnToJulian()
  - CVE-2011-1466
* SECURITY UPDATE: denial of service through application crash
  - debian/patches/php5-CVE-2011-1467.patch: check for invalid
    attribute symbols in NumberFormatter::setSymbol()
  - CVE-2011-1467
* SECURITY UPDATE: denial of service through memory leak
  - debian/patches/php5-CVE-2011-1468.patch: fix memory leak of
    openssl contexts
  - CVE-2011-1468
* SECURITY UPDATE: denial of service through application crash
  when using HTTP proxy with the FTP wrapper
  - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling
  - CVE-2011-1469
* SECURITY UPDATE: denial of service through application crash when
  handling ziparchive streams
  - debian/patches/php5-CVE-2011-1470.patch: set necessary elements of
    the meta data structure
  - CVE-2011-1470
* SECURITY UPDATE: denial of service through application crash when
  handling malformed zip files
  - debian/patches/php5-CVE-2011-1471.patch: correct integer
    signedness error when handling zip_fread() return value.
  - CVE-2011-1471

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/maverick/php5
This branch contains Public information 
Everyone can see this information.

Subscribers