php5 (5.3.2-1ubuntu4.5) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible memory corruption via negative size in HTTP chunked encoding stream - debian/patches/CVE-2010-1866.patch: prevent chunk_size from overflowing in ext/standard/filters.c. - CVE-2010-1866 * SECURITY UPDATE: arbitrary code execution via empty SQL query - debian/patches/CVE-2010-1868.patch: use ecalloc instead of emalloc in ext/sqlite/sqlite.c. - CVE-2010-1868 * SECURITY UPDATE: denial of service via fnmatch stack consumption - debian/patches/CVE-2010-1917.patch: limit size of pattern in ext/standard/file.c. - CVE-2010-1917 * SECURITY UPDATE: arbitrary memory disclosure and possible code execution via phar extension - debian/patches/CVE-2010-2094.patch: use correct format string in ext/phar/dirstream.c, ext/phar/stream.c. - CVE-2010-2094 - CVE-2010-2950 * SECURITY UPDATE: sensitive information disclosure or arbitrary code execution via use-after-free in SplObjectStorage unserializer - debian/patches/CVE-2010-2225.patch: fix logic in ext/spl/spl_observer.c, ext/standard/{php_var.h,var_unserializer.*}, add tests to ext/spl/tests. - CVE-2010-2225 * SECURITY UPDATE: sensitive information disclosure via error messages - debian/patches/CVE-2010-2531.patch: don't display data when flushing output buffer in ext/standard/{var.c,php_var.h}, fix tests in ext/standard/tests/general_functions. - CVE-2010-2531 * SECURITY UPDATE: arbitrary session variable modification via crafted session variable name - debian/patches/CVE-2010-3065.patch: handle PS_UNDEF_MARKER marker in ext/session/session.c. - CVE-2010-3065 * debian/patches/lp564920-fix-big-files.patch: Fix downloading of large files (LP: #564920)
Date: Fri, 17 Sep 2010 08:14:26 -0400 Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/lucid/+source/php5/5.3.2-1ubuntu4.5
Format: 1.8 Date: Fri, 17 Sep 2010 08:14:26 -0400 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source Version: 5.3.2-1ubuntu4.5 Distribution: lucid-security Urgency: low Maintainer: Ubuntu Core Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 564920 Changes: php5 (5.3.2-1ubuntu4.5) lucid-security; urgency=low . * SECURITY UPDATE: denial of service and possible memory corruption via negative size in HTTP chunked encoding stream - debian/patches/CVE-2010-1866.patch: prevent chunk_size from overflowing in ext/standard/filters.c. - CVE-2010-1866 * SECURITY UPDATE: arbitrary code execution via empty SQL query - debian/patches/CVE-2010-1868.patch: use ecalloc instead of emalloc in ext/sqlite/sqlite.c. - CVE-2010-1868 * SECURITY UPDATE: denial of service via fnmatch stack consumption - debian/patches/CVE-2010-1917.patch: limit size of pattern in ext/standard/file.c. - CVE-2010-1917 * SECURITY UPDATE: arbitrary memory disclosure and possible code execution via phar extension - debian/patches/CVE-2010-2094.patch: use correct format string in ext/phar/dirstream.c, ext/phar/stream.c. - CVE-2010-2094 - CVE-2010-2950 * SECURITY UPDATE: sensitive information disclosure or arbitrary code execution via use-after-free in SplObjectStorage unserializer - debian/patches/CVE-2010-2225.patch: fix logic in ext/spl/spl_observer.c, ext/standard/{php_var.h,var_unserializer.*}, add tests to ext/spl/tests. - CVE-2010-2225 * SECURITY UPDATE: sensitive information disclosure via error messages - debian/patches/CVE-2010-2531.patch: don't display data when flushing output buffer in ext/standard/{var.c,php_var.h}, fix tests in ext/standard/tests/general_functions. - CVE-2010-2531 * SECURITY UPDATE: arbitrary session variable modification via crafted session variable name - debian/patches/CVE-2010-3065.patch: handle PS_UNDEF_MARKER marker in ext/session/session.c. - CVE-2010-3065 * debian/patches/lp564920-fix-big-files.patch: Fix downloading of large files (LP: #564920) Checksums-Sha1: ddf46a84db78457f04742c6a3a0f62a8a6247b58 2531 php5_5.3.2-1ubuntu4.5.dsc 2b1e13913650011a74c28ebe7c587f4bed07600f 189362 php5_5.3.2-1ubuntu4.5.diff.gz Checksums-Sha256: 229802416ae1bf4a2f93a764ff31af544b41ee45816eac4b3e7cd459a73d81be 2531 php5_5.3.2-1ubuntu4.5.dsc 6eca7387060b867e9a22e3b466d1976053ac33aa527c9f2433ab245179a8abec 189362 php5_5.3.2-1ubuntu4.5.diff.gz Files: 465758af781eb956c70a009c69570ac2 2531 php optional php5_5.3.2-1ubuntu4.5.dsc aa33a5f769d54a8d301fc095023fe422 189362 php optional php5_5.3.2-1ubuntu4.5.diff.gz Original-Maintainer: Debian PHP Maintainers <pkg-php-ma...@lists.alioth.debian.org>
-- Lucid-changes mailing list Lucid-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/lucid-changes