php5 (5.3.10-1ubuntu3.48) precise-security; urgency=medium

  * SECURITY UPDATE: Possibly forge cookie
    - debian/patches/CVE-2020-7070.patch: do not decode cookie names anymore
      in main/php_variables.c, tests/basic/022.phpt, tests/basic/023.phpt,
      tests/basic/bug79699.phpt.
    - CVE-2020-7070

php5 (5.3.10-1ubuntu3.47) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service through oversized memory allocated
    - debian/patches/CVE-2019-11048.patch: changes types int to size_t
      in main/rfc1867.c.
    - CVE-2019-11048

php5 (5.3.10-1ubuntu3.46) precise-security; urgency=medium

  * Fixing wrong patch in previous update. Replacing
    CVE-2020-7066 for *-7064 as it should be.

php5 (5.3.10-1ubuntu3.45) precise-security; urgency=medium

  * SECURITY UPDATE: Lax permissions
    - debian/patches/CVE-2020-7063.patch: restricting permissions
      for files added to tar in ext/phar/phar_object.c,
      ext/phar/tests/bug79082.phpt, ext/phar/tests/test79082/*.
    - CVE-2020-7063
  * SECURITY UPDATE: One byte read or denial of service
    - debian/patches/CVE-2020-7064.patch: fix itemlen size to
      be passed to exif_file_sections_add and check if length < 2
      in ext/exif/exif.c, ext/exif/tests/bug79282.phpt.
    - CVE-2020-7064

php5 (5.3.10-1ubuntu3.44) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2015-9253.patch: directly listen
      on socket, instead duping it to STDIN in
      sapi/fpm/fpm/fpm_children.c, sapi/fpm/fpm_stdio.c,
      and added tests to sapi/fpm/tests/bug73342-nonblocking-stdio.phpt.
    - CVE-2015-9253
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2020-7059.patch: fix OOB read in
      php_strip_tags_ex in ext/standard/string.c and added
      test ext/standard/tests/file/bug79099.phpt.
    - CVE-2020-7059

php5 (5.3.10-1ubuntu3.42) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer underflow
    - debian/patches/CVE-2019-11046.patch: not rely on `isdigit()`
      to detect digits in ext/bcmath/libbcmath/src/str2num.c,
      ext/bcmath/tests/bug78878.phpt.
    - CVE-2019-11046
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11047.patch: fix in ext/exif/exif.c,
      ext/exif/tests/bug78910.phpt.
    - CVE-2019-11047
  * SECURITY UPDATE: Use-after-free
    - debian/patches/CVE-2019-11050.patch: fix in
      ext/exif/exif.c, ext/exif/tests/bug78793.phpt.
    - CVE-2019-11050

php5 (5.3.10-1ubuntu3.40) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: RCE via env_path_info underflow
    - debian/patches/CVE-2019-11043.patch: add check in
      sapi/fpm/fpm/fpm_main.c.
    - CVE-2019-11043

php5 (5.3.10-1ubuntu3.39) precise-security; urgency=medium

  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11041.patch: check Thumbnail.size in order
      to avoid an overflow in ext/exif.exif.c.
    - CVE-2019-11041
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11042.patch: check ByteCount in order to
      avoid an overflow in ext/exif/exif.c.
    - CVE-2019-11042

php5 (5.3.10-1ubuntu3.38) precise-security; urgency=medium

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2019-13224.patch: don't allow
      diff encondings for onig_new_deluxe in
      ext/mbstring/oniguruma/regext.c.
    - CVE-2019-13224

php5 (5.3.10-1ubuntu3.37) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds read
    - debian/patches/CVE-2019-11039.patch: checks if
      str_left is > 1 in order to avoid a read out-of-bounds
      in ext/iconv/iconv.c.
    - CVE-2019-11039
  * SECURITY UPDATE: Heap-buffer-overflow
    - debian/patches/CVE-2019-11040.patch: checks
      Thumbnail.size in order to avoid a heap-buffer-overflow
      in ext/exif/exif.c.
    - CVE-2019-11040

php5 (5.3.10-1ubuntu3.36) precise-security; urgency=medium

  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2018-20783.patch: add more checks to buffer reads in
      ext/phat/phar.c.
    - CVE-2018-20783
  * SECURITY UPDATE: Buffer over-read
    - debian/patches/CVE-2019-11036.patch: check dir_entry <= offset_base in
      ext/exif/exif.c.
    - CVE-2019-11036
  [ Marc Deslauriers ]
  * SECURITY UPDATE: stream_get_meta_data issue
    - debian/patches/CVE-2016-10712.patch: properly handle metadata in
      ext/standard/streamsfuncs.c, ext/standard/tests/*,
      main/streams/memory.c.
    - debian/patches/CVE-2016-10712-2.patch: fix various tests.
    - CVE-2016-10712
  * SECURITY UPDATE: buffer over-read while unserializing untrusted data
    - debian/patches/CVE-2017-12933*.patch: add check to
      ext/standard/var_unserializer.*, add test to
      ext/standard/tests/serialize/bug74111.phpt, adjust test in
      ext/standard/tests/serialize/bug25378.phpt.
    - CVE-2017-12933
  * SECURITY UPDATE: DoS via long locale
    - debian/patches/CVE-2017-11362.patch: check length in
      ext/intl/msgformat/msgformat_parse.c.
    - CVE-2017-11362

php5 (5.3.10-1ubuntu3.35) precise-security; urgency=medium

  * SECURITY UPDATE: Information disclosure or crash
    - debian/patches/CVE-2019-11034.patch: fix heap-buffer-overflow
      in php_ifd_get32s in ext/exif/exif.c.
    - CVE-2019-11034
  * SECURITY UPDATE: Information disclosure or crash
    - debian/patches/CVE-2019-11035-*.patch: void strn on NULL,
      fix heap-buffer-overflow in ext/exif/exif.c.
    - CVE-2019-11035

php5 (5.3.10-1ubuntu3.34) precise-security; urgency=medium

  * SECURITY UPDATE: Unauthorized users access
    - debian/patches/CVE-2019-9637.patch: fix in
      main/streams/plain_wrapper.c.
    - CVE-2019-9637
  * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
    - debian/patches/CVE-2019-9638-and-CVE-2019-9639.patch: fix in
      ext/exif/exif.c.
    - CVE-2019-9638
    - CVE-2019-9639
  * SECURITY UPDATE: Invalid read
    - debian/patches/CVE-2019-9640.patch: fix in
      ext/exif/exif.c.
    - CVE-2019-9640
  * SECURITY UPDATE: Unitialized read
    - debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
    - CVE-2019-9641
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-9675.patch: fix in
      ext/phar/tar.c, added tests, ext/phar/tests/bug77586,phpt,
      ext/phar/tests/bug77586/files/*.
    - CVE-2019-9675
  * Changed the way MAKERNOTE is handled in case we do not have a matching
    signature, in order to support tests CVE-2019-9638 and CVE-2019-9639.
    - debian/patches/Changed-the-way-MAKERNOTE-is-handled-in-case.patch: fix
      it changing the behavior in order to continue the parse in
      ext/exif/exif.c
  * SECURITY UPDATE: buffer over-read in dns_get_record
    - debian/patches/CVE-2019-9022.patch: check length in
      ext/standard/dns.c.
    - CVE-2019-9022

php5 (5.3.10-1ubuntu3.33) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: invalid memory access in xmlrpc_decode()
    - debian/patches/CVE-2019-9020.patch: check length in
      ext/xmlrpc/libxmlrpc/xml_element.c, added test to
      ext/xmlrpc/tests/bug77242.phpt.
    - CVE-2019-9020
  * SECURITY UPDATE: buffer over-read in PHAR extension
    - debian/patches/CVE-2019-9021.patch: properly calculate position in
      ext/phar/phar.c, added test to ext/phar/tests/bug77247.phpt.
    - CVE-2019-9021
  * SECURITY UPDATE: buffer over-reads in mbstring regex functions
    - debian/patches/CVE-2019-9023-1.patch: don't read past buffer in
      ext/mbstring/oniguruma/regparse.c, added test to
      ext/mbstring/tests/bug77370.phpt.
    - debian/patches/CVE-2019-9023-2.patch: check bounds in
      ext/mbstring/oniguruma/regcomp.c, added test to
      ext/mbstring/tests/bug77371.phpt.
    - debian/patches/CVE-2019-9023-3.patch: add length checks to
      ext/mbstring/oniguruma/enc/unicode.c,
      ext/mbstring/oniguruma/regcomp.c, ext/mbstring/oniguruma/regparse.c,
      ext/mbstring/oniguruma/regparse.h, added test to
      ext/mbstring/tests/bug77371.phpt, ext/mbstring/tests/bug77381.phpt.
    - debian/patches/CVE-2019-9023-4.patch: add new bounds checks to
      ext/mbstring/oniguruma/enc/utf16_be.c,
      ext/mbstring/oniguruma/enc/utf16_le.c,
      ext/mbstring/oniguruma/enc/utf32_be.c,
      ext/mbstring/oniguruma/enc/utf32_le.c, added test to
      ext/mbstring/tests/bug77418.phpt.
    - CVE-2019-9023
  * SECURITY UPDATE: buffer over-read in xmlrpc_decode()
    - debian/patches/CVE-2019-9024.patch: fix variable size in
      ext/xmlrpc/libxmlrpc/base64.c, added test to
      ext/xmlrpc/tests/bug77380.phpt.
    - CVE-2019-9024
  * Adding support to mb_split empty regex in support to CVE-2019-9023.
    - debian/patches/0001-supporting-empty-mb_split-regex.path: fix in
      ext/mbstring/php_mbregex.c,
      ext/mbstring/tests/mb_split_empty_match.phpt,
      ext/mbstring/tests/mb_split_variation1.phpt.

php5 (5.3.10-1ubuntu3.32) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14851.patch: check length in ext/exif/exif.c.
    - CVE-2018-14851
  * SECURITY UPDATE: denial of service in exif parsing
    - debian/patches/CVE-2018-14883.patch: check length in ext/exif/exif.c.
    - CVE-2018-14883
  * SECURITY UPDATE: XSS due to the header Transfer-Encoding: chunked
    - debian/patches/bug76582.patch: clean up brigade in
      sapi/apache2handler/sapi_apache2.c.
    - No CVE number

php5 (5.3.10-1ubuntu3.31) precise-security; urgency=medium

  * SECURITY UPDATE: opcache access controls bypass
    - debian/patches/CVE-2018-10545.patch: do not set PR_SET_DUMPABLE by
      default in sapi/fpm/fpm/fpm_conf.c, sapi/fpm/fpm/fpm_conf.h,
      sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in.
    - CVE-2018-10545
  * SECURITY UPDATE: XSS on PHAR error pages
    - debian/patches/CVE-2018-10547.patch: remove potential unfiltered
      outputs in ext/phar/phar_object.c, fix tests in ext/phar/tests/*.
    - CVE-2018-10547
  * SECURITY UPDATE: DoS via ldap_get_dn return value mishandling
    - debian/patches/CVE-2018-10548.patch: check dn in ext/ldap/ldap.c,
      add test to ext/ldap/tests/bug76248.phpt.
    - CVE-2018-10548

php5 (5.3.10-1ubuntu3.30) precise-security; urgency=medium

  * SECURITY UPDATE: XSS in PHAR error page
    - debian/patches/CVE-2018-5712.patch: remove file name from output to
      avoid XSS in ext/phar/shortarc.php, ext/phar/stub.h, fix tests in
      ext/phar/tests/*.
    - CVE-2018-5712
  * SECURITY UPDATE: stack-based under-read in HTTP response parsing
    - debian/patches/CVE-2018-7584.patch: prevent reading beyond buffer
      start in ext/standard/http_fopen_wrapper.c,
      ext/standard/tests/http/bug75981.phpt.
    - CVE-2018-7584

php5 (5.3.10-1ubuntu3.28) precise-security; urgency=medium

  * SECURITY UPDATE: URL check bypass
    - debian/patches/CVE-2016-10397.patch: fix logic in
      ext/standard/url.c, added tests to
      ext/standard/tests/url/bug73192.phpt,
      ext/standard/tests/url/parse_url_basic_00*.phpt.
    - CVE-2016-10397
  * SECURITY UPDATE: wddx empty boolean tag parsing issue
    - debian/patches/CVE-2017-11143.patch: handle empty tag in
      ext/wddx/wddx.c, added test to ext/wddx/tests/bug74145.*.
    - CVE-2017-11143
  * SECURITY UPDATE: DoS in OpenSSL sealing function
    - debian/patches/CVE-2017-11144.patch: check return code in
      ext/openssl/openssl.c, added test to ext/openssl/tests/*74651*.
    - CVE-2017-11144
  * SECURITY UPDATE: information leak in the date extension
    - debian/patches/CVE-2017-11145.patch: fix parsing of strange formats
      in ext/date/lib/parse_date.*.
    - CVE-2017-11145
  * SECURITY UPDATE: buffer overread in phar_parse_pharfile
    - debian/patches/CVE-2017-11147.patch: use proper sizes in
      ext/phar/phar.c.
    - CVE-2017-11147
  * SECURITY UPDATE: buffer overflow in the zend_ini_do_op()
    - debian/patches/CVE-2017-11628.patch: use correct buffer size in
      Zend/zend_ini_parser.y, added tests to Zend/tests/bug74603.*.
    - CVE-2017-11628
  * SECURITY UPDATE: out-of-bounds read in oniguruma in mbstring
    - debian/patches/CVE-2017-9224.patch: fix logic in
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9224
  * SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
    - debian/patches/CVE-2017-9226.patch: add checks to
      ext/mbstring/oniguruma/regparse.c.
    - CVE-2017-9226
  * SECURITY UPDATE: stack out-of-bounds read in oniguruma in mbstring
    - debian/patches/CVE-2017-9227.patch: add bounds check to
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9227
  * SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
    - debian/patches/CVE-2017-9228.patch: add check to
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9228
  * SECURITY UPDATE: invalid pointer dereference in oniguruma in mbstring
    - debian/patches/CVE-2017-9229.patch: fix logic in
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9229

Date: 2020-10-14 14:13:15.184446+00:00
Changed-By: leo.barb...@canonical.com (Leonidas S. Barbosa)
Signed-By: Steve Langasek <steve.langa...@canonical.com>
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.48
Sorry, changesfile not available.
-- 
Precise-changes mailing list
Precise-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/precise-changes

Reply via email to