Control: retitle -1 pu: package php5/5.4.4-14+deb7u12 Hi release team,
yet another CVE update was pushed through stable-security, so I am updating the title of the bug. Again no changes in the debdiff, just rebased on top of security update. Updated changelog: php5 (5.4.4-14+deb7u12) stable; urgency=medium [ William Dauchy ] * upstream fix: $env can be destructively changed. * upstream fix: copy() arginfo incorrect since 5.4 * upstream fix: Out of memory on command stream_get_contents * upstream fix: stream_socket_server() creates wrong Abstract Namespace UNIX sockets * upstream fix: exit in stream filter produces segfault * upstream fix: fpassthru broken * upstream fix: Incorrect object comparison with inheritance * upstream fix: openssl_seal() memory leak * upstream fix: Segfault in mysqli_stmt::bind_result() when link closed * upstream fix: Segmentation fault after memory_limit -- Ondřej Surý <[email protected]> Tue, 27 May 2014 13:44:18 +0200 php5 (5.4.4-14+deb7u11) stable-security; urgency=high * [CVE-2014-4049]: Fix potential segfault in dns_get_record() -- Ondřej Surý <[email protected]> Fri, 13 Jun 2014 15:43:03 +0200 php5 (5.4.4-14+deb7u10) stable-security; urgency=high * upstream fix: numerous file_printf calls resulting in performance degradation (CVE-2014-0237) * upstream fix: CDF infinite loop in nelements DoS (CVE-2014-0238) * upstream fix: out-of-bounds memory access in fileinfo (CVE-2014-2270) * upstream fix: sapi/fpm: possible privilege escalation due to insecure default configuration) (CVE-2014-0185) * Set default listen.{owner,group} to www-data:www-data -- Ondřej Surý <[email protected]> Fri, 30 May 2014 09:08:14 +0200 Ondrej -- Ondřej Surý <[email protected]> Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
