php5 (5.3.10-1ubuntu3.48) precise-security; urgency=medium
* SECURITY UPDATE: Possibly forge cookie
- debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore
in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt,
tests/basic/bug79699.phpt.
- CVE-2020-7070
php5 (5.3.10-1ubuntu3.47) precise-security; urgency=medium
* SECURITY UPDATE: Denial of service through oversized memory allocated
- debian/patches/CVE-2019-11048.patch: changes types int to size_t
in main/rfc1867.c.
- CVE-2019-11048
php5 (5.3.10-1ubuntu3.46) precise-security; urgency=medium
* Fixing wrong patch in previous update. Replacing
CVE-2020-7066 for *-7064 as it should be.
php5 (5.3.10-1ubuntu3.45) precise-security; urgency=medium
* SECURITY UPDATE: Lax permissions
- debian/patches/CVE-2020-7063.patch: restricting permissions
for files added to tar in ext/phar/phar_object.c,
ext/phar/tests/bug79082.phpt, ext/phar/tests/test79082/*.
- CVE-2020-7063
* SECURITY UPDATE: One byte read or denial of service
- debian/patches/CVE-2020-7064.patch: fix itemlen size to
be passed to exif_file_sections_add and check if length < 2
in ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
- CVE-2020-7064
php5 (5.3.10-1ubuntu3.44) precise-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2015-9253.patch: directly listen
on socket, instead duping it to STDIN in
sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm_stdio.c,
and added tests to sapi/fpm/tests/bug73342-nonblocking-stdio.phpt.
- CVE-2015-9253
* SECURITY UPDATE: Out of bounds read
- debian/patches/CVE-2020-7059.patch: fix OOB read in
php_strip_tags_ex in ext/standard/string.c and added
test ext/standard/tests/file/bug79099.phpt.
- CVE-2020-7059
php5 (5.3.10-1ubuntu3.42) precise-security; urgency=medium
* SECURITY UPDATE: Buffer underflow
- debian/patches/CVE-2019-11046.patch: not rely on `isdigit()`
to detect digits in ext/bcmath/libbcmath/src/str2num.c,
ext/bcmath/tests/bug78878.phpt.
- CVE-2019-11046
* SECURITY UPDATE: Heap-buffer-overflow
- debian/patches/CVE-2019-11047.patch: fix in ext/exif/exif.c,
ext/exif/tests/bug78910.phpt.
- CVE-2019-11047
* SECURITY UPDATE: Use-after-free
- debian/patches/CVE-2019-11050.patch: fix in
ext/exif/exif.c, ext/exif/tests/bug78793.phpt.
- CVE-2019-11050
php5 (5.3.10-1ubuntu3.40) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: RCE via env_path_info underflow
- debian/patches/CVE-2019-11043.patch: add check in
sapi/fpm/fpm/fpm_main.c.
- CVE-2019-11043
php5 (5.3.10-1ubuntu3.39) precise-security; urgency=medium
* SECURITY UPDATE: Heap-buffer-overflow
- debian/patches/CVE-2019-11041.patch: check Thumbnail.size in order
to avoid an overflow in ext/exif.exif.c.
- CVE-2019-11041
* SECURITY UPDATE: Heap-buffer-overflow
- debian/patches/CVE-2019-11042.patch: check ByteCount in order to
avoid an overflow in ext/exif/exif.c.
- CVE-2019-11042
php5 (5.3.10-1ubuntu3.38) precise-security; urgency=medium
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2019-13224.patch: don't allow
diff encondings for onig_new_deluxe in
ext/mbstring/oniguruma/regext.c.
- CVE-2019-13224
php5 (5.3.10-1ubuntu3.37) precise-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds read
- debian/patches/CVE-2019-11039.patch: checks if
str_left is > 1 in order to avoid a read out-of-bounds
in ext/iconv/iconv.c.
- CVE-2019-11039
* SECURITY UPDATE: Heap-buffer-overflow
- debian/patches/CVE-2019-11040.patch: checks
Thumbnail.size in order to avoid a heap-buffer-overflow
in ext/exif/exif.c.
- CVE-2019-11040
php5 (5.3.10-1ubuntu3.36) precise-security; urgency=medium
* SECURITY UPDATE: Buffer over-read
- debian/patches/CVE-2018-20783.patch: add more checks to buffer reads in
ext/phat/phar.c.
- CVE-2018-20783
* SECURITY UPDATE: Buffer over-read
- debian/patches/CVE-2019-11036.patch: check dir_entry <= offset_base in
ext/exif/exif.c.
- CVE-2019-11036
[ Marc Deslauriers ]
* SECURITY UPDATE: stream_get_meta_data issue
- debian/patches/CVE-2016-10712.patch: properly handle metadata in
ext/standard/streamsfuncs.c, ext/standard/tests/*,
main/streams/memory.c.
- debian/patches/CVE-2016-10712-2.patch: fix various tests.
- CVE-2016-10712
* SECURITY UPDATE: buffer over-read while unserializing untrusted data
- debian/patches/CVE-2017-12933*.patch: add check to
ext/standard/var_unserializer.*, add test to
ext/standard/tests/serialize/bug74111.phpt, adjust test in
ext/standard/tests/serialize/bug25378.phpt.
- CVE-2017-12933
* SECURITY UPDATE: DoS via long locale
- debian/patches/CVE-2017-11362.patch: check length in
ext/intl/msgformat/msgformat_parse.c.
- CVE-2017-11362
php5 (5.3.10-1ubuntu3.35) precise-security; urgency=medium
* SECURITY UPDATE: Information disclosure or crash
- debian/patches/CVE-2019-11034.patch: fix heap-buffer-overflow
in php_ifd_get32s in ext/exif/exif.c.
- CVE-2019-11034
* SECURITY UPDATE: Information disclosure or crash
- debian/patches/CVE-2019-11035-*.patch: void strn on NULL,
fix heap-buffer-overflow in ext/exif/exif.c.
- CVE-2019-11035
php5 (5.3.10-1ubuntu3.34) precise-security; urgency=medium
* SECURITY UPDATE: Unauthorized users access
- debian/patches/CVE-2019-9637.patch: fix in
main/streams/plain_wrapper.c.
- CVE-2019-9637
* SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
- debian/patches/CVE-2019-9638-and-CVE-2019-9639.patch: fix in
ext/exif/exif.c.
- CVE-2019-9638
- CVE-2019-9639
* SECURITY UPDATE: Invalid read
- debian/patches/CVE-2019-9640.patch: fix in
ext/exif/exif.c.
- CVE-2019-9640
* SECURITY UPDATE: Unitialized read
- debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
- CVE-2019-9641
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2019-9675.patch: fix in
ext/phar/tar.c, added tests, ext/phar/tests/bug77586,phpt,
ext/phar/tests/bug77586/files/*.
- CVE-2019-9675
* Changed the way MAKERNOTE is handled in case we do not have a matching
signature, in order to support tests CVE-2019-9638 and CVE-2019-9639.
- debian/patches/Changed-the-way-MAKERNOTE-is-handled-in-case.patch: fix
it changing the behavior in order to continue the parse in
ext/exif/exif.c
* SECURITY UPDATE: buffer over-read in dns_get_record
- debian/patches/CVE-2019-9022.patch: check length in
ext/standard/dns.c.
- CVE-2019-9022
php5 (5.3.10-1ubuntu3.33) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: invalid memory access in xmlrpc_decode()
- debian/patches/CVE-2019-9020.patch: check length in
ext/xmlrpc/libxmlrpc/xml_element.c, added test to
ext/xmlrpc/tests/bug77242.phpt.
- CVE-2019-9020
* SECURITY UPDATE: buffer over-read in PHAR extension
- debian/patches/CVE-2019-9021.patch: properly calculate position in
ext/phar/phar.c, added test to ext/phar/tests/bug77247.phpt.
- CVE-2019-9021
* SECURITY UPDATE: buffer over-reads in mbstring regex functions
- debian/patches/CVE-2019-9023-1.patch: don't read past buffer in
ext/mbstring/oniguruma/regparse.c, added test to
ext/mbstring/tests/bug77370.phpt.
- debian/patches/CVE-2019-9023-2.patch: check bounds in
ext/mbstring/oniguruma/regcomp.c, added test to
ext/mbstring/tests/bug77371.phpt.
- debian/patches/CVE-2019-9023-3.patch: add length checks to
ext/mbstring/oniguruma/enc/unicode.c,
ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regparse.c,
ext/mbstring/oniguruma/regparse.h, added test to
ext/mbstring/tests/bug77371.phpt, ext/mbstring/tests/bug77381.phpt.
- debian/patches/CVE-2019-9023-4.patch: add new bounds checks to
ext/mbstring/oniguruma/enc/utf16_be.c,
ext/mbstring/oniguruma/enc/utf16_le.c,
ext/mbstring/oniguruma/enc/utf32_be.c,
ext/mbstring/oniguruma/enc/utf32_le.c, added test to
ext/mbstring/tests/bug77418.phpt.
- CVE-2019-9023
* SECURITY UPDATE: buffer over-read in xmlrpc_decode()
- debian/patches/CVE-2019-9024.patch: fix variable size in
ext/xmlrpc/libxmlrpc/base64.c, added test to
ext/xmlrpc/tests/bug77380.phpt.
- CVE-2019-9024
* Adding support to mb_split empty regex in support to CVE-2019-9023.
- debian/patches/0001-supporting-empty-mb_split-regex.path: fix in
ext/mbstring/php_mbregex.c,
ext/mbstring/tests/mb_split_empty_match.phpt,
ext/mbstring/tests/mb_split_variation1.phpt.
php5 (5.3.10-1ubuntu3.32) precise-security; urgency=medium
* SECURITY UPDATE: denial of service in exif parsing
- debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
- CVE-2018-14851
* SECURITY UPDATE: denial of service in exif parsing
- debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
- CVE-2018-14883
* SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
- debian/patches/bug76582.patch: clean up brigade in
sapi/apache2handler/sapi_apache2.c.
- No CVE number
php5 (5.3.10-1ubuntu3.31) precise-security; urgency=medium
* SECURITY UPDATE: opcache access controls bypass
- debian/patches/CVE-2018-10545.patch: do not set PR_SET_DUMPABLE by
default in sapi/fpm/fpm/fpm_conf.c, sapi/fpm/fpm/fpm_conf.h,
sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in.
- CVE-2018-10545
* SECURITY UPDATE: XSS on PHAR error pages
- debian/patches/CVE-2018-10547.patch: remove potential unfiltered
outputs in ext/phar/phar_object.c, fix tests in ext/phar/tests/*.
- CVE-2018-10547
* SECURITY UPDATE: DoS via ldap_get_dn return value mishandling
- debian/patches/CVE-2018-10548.patch: check dn in ext/ldap/ldap.c,
add test to ext/ldap/tests/bug76248.phpt.
- CVE-2018-10548
php5 (5.3.10-1ubuntu3.30) precise-security; urgency=medium
* SECURITY UPDATE: XSS in PHAR error page
- debian/patches/CVE-2018-5712.patch: remove file name from output to
avoid XSS in ext/phar/shortarc.php, ext/phar/stub.h, fix tests in
ext/phar/tests/*.
- CVE-2018-5712
* SECURITY UPDATE: stack-based under-read in HTTP response parsing
- debian/patches/CVE-2018-7584.patch: prevent reading beyond buffer
start in ext/standard/http_fopen_wrapper.c,
ext/standard/tests/http/bug75981.phpt.
- CVE-2018-7584
php5 (5.3.10-1ubuntu3.28) precise-security; urgency=medium
* SECURITY UPDATE: URL check bypass
- debian/patches/CVE-2016-10397.patch: fix logic in
ext/standard/url.c, added tests to
ext/standard/tests/url/bug73192.phpt,
ext/standard/tests/url/parse_url_basic_00*.phpt.
- CVE-2016-10397
* SECURITY UPDATE: wddx empty boolean tag parsing issue
- debian/patches/CVE-2017-11143.patch: handle empty tag in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug74145.*.
- CVE-2017-11143
* SECURITY UPDATE: DoS in OpenSSL sealing function
- debian/patches/CVE-2017-11144.patch: check return code in
ext/openssl/openssl.c, added test to ext/openssl/tests/*74651*.
- CVE-2017-11144
* SECURITY UPDATE: information leak in the date extension
- debian/patches/CVE-2017-11145.patch: fix parsing of strange formats
in ext/date/lib/parse_date.*.
- CVE-2017-11145
* SECURITY UPDATE: buffer overread in phar_parse_pharfile
- debian/patches/CVE-2017-11147.patch: use proper sizes in
ext/phar/phar.c.
- CVE-2017-11147
* SECURITY UPDATE: buffer overflow in the zend_ini_do_op()
- debian/patches/CVE-2017-11628.patch: use correct buffer size in
Zend/zend_ini_parser.y, added tests to Zend/tests/bug74603.*.
- CVE-2017-11628
* SECURITY UPDATE: out-of-bounds read in oniguruma in mbstring
- debian/patches/CVE-2017-9224.patch: fix logic in
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9224
* SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
- debian/patches/CVE-2017-9226.patch: add checks to
ext/mbstring/oniguruma/regparse.c.
- CVE-2017-9226
* SECURITY UPDATE: stack out-of-bounds read in oniguruma in mbstring
- debian/patches/CVE-2017-9227.patch: add bounds check to
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9227
* SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
- debian/patches/CVE-2017-9228.patch: add check to
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9228
* SECURITY UPDATE: invalid pointer dereference in oniguruma in mbstring
- debian/patches/CVE-2017-9229.patch: fix logic in
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9229
Date: 2020-10-14 14:13:15.184446+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.48
Sorry, changesfile not available.
--
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/precise-changes