-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 18 Jan 2006 18:41:11 +1100
Source: php4
Binary: php4-sybase php4-recode php4-cgi libapache-mod-php4 php4-cli php4-dev
php4-snmp libapache2-mod-php4 php4-odbc php4-xslt php4-mysql php4-domxml
php4-gd php4-ldap php4-common php4 php4-curl php4-pear php4-mcal php4-mhash
php4-pgsql
Architecture: source i386 all
Version: 4:4.4.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian PHP Maintainers <[EMAIL PROTECTED]>
Changed-By: Adam Conrad <[EMAIL PROTECTED]>
Description:
libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3
module)
libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache
2.0 module)
php4 - server-side, HTML-embedded scripting language (meta-package)
php4-cgi - server-side, HTML-embedded scripting language (CGI binary)
php4-cli - command-line interpreter for the php4 scripting language
php4-common - Common files for packages built from the php4 source
php4-curl - CURL module for php4
php4-dev - Files for PHP4 module development
php4-domxml - XMLv2 module for php4
php4-gd - GD module for php4
php4-ldap - LDAP module for php4
php4-mcal - MCAL calendar module for php4
php4-mhash - MHASH module for php4
php4-mysql - MySQL module for php4
php4-odbc - ODBC module for php4
php4-pear - PHP Extension and Application Repository (transitional package)
php4-pgsql - PostgreSQL module for php4
php4-recode - Character recoding module for php4
php4-snmp - SNMP module for php4
php4-sybase - Sybase / MS SQL Server module for php4
php4-xslt - XSLT module for php4
Closes: 336004 336645 339577 341726 343399 343791
Changes:
php4 (4:4.4.2-1) unstable; urgency=low
.
* New upstream bugfix release, skipping the problematic 4.4.1 release:
- Remove some PEAR cruft from 006-debian_quirks.patch, since we don't
build PEAR from php4 anymore, and it conflicted with upstream diffs.
- Remove 054-open_basedir_slash.patch, now integrated upstream.
- Remove 055-gd_safe_mode_checks.patch, fixed differently upstream.
* Many security vulns fixed (closes: #336645, #339577, #336004, #341726):
- Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208
- Resolves multiple HTTP response splitting vulnerabilities, allowing
arbitrary header injection via Set-Cookie headers; see CVE-2006-0207
- Resolves a local denial of service in the apache2 SAPI, which can
be triggered by using session.save_path in .htaccess; CVE-2005-3319
- Resolves an infinite loop in the exif_read_data function which can
be triggered with a specially-crafted JPEG image; CVE-2005-3353
- Resolves an XSS vulnerability in the phpinfo function; CVE-2005-3388
- Resolves a vulnerability in the parse_str function whereby a remote
attacker can fool PHP into turning on register_globals, thus making
applications vulnerable to global variable injections; CVE-2005-3389
- Resolves a vulnerability in the RFC1867 file upload feature where, if
register_globals is enabled, a remote attacker can modify the GLOBALS
array with a multipart/form-data POST request; see CVE-2005-3390
- Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391
- Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode
and open_basedir bypasses between virtual hosts; CVE-2005-3392
- Resolves a CRLF injection vulnerability in the mb_send_mail function,
allowing injection of arbitrary mail headers; see CVE-2005-3883
* Bump libdb build-dep from 4.2 to 4.3, matching apache (closes: #343399)
* Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343791)
* Automate the process of getting the list of built-in modules into the
package descriptions, so it stays fresh in the future (see: #341867)
* Create 056-mime_magic_strings.patch, making the mime_magic extension
more liberal about what mime-types is accepts, as well as making it skip
over ones it dislikes, rather than disabling itself (see: #335674)
* Add 057-no_apache_installed.patch, to stop spewing a mess of errors in
configure because we don't have the apache binaries in the build chroot.
* Fix small typo in the php4-xslt package description (see: #344816)
Files:
c30822bc794b738318164dce3cbd2813 1791 web optional php4_4.4.2-1.dsc
a7ae7ed8f2edf1592bd94eab91c634fa 5461440 web optional php4_4.4.2.orig.tar.gz
34f22a7d636ee5633e9d4bf1f359f700 98122 web optional php4_4.4.2-1.diff.gz
f998715b32c378f3bf807f615a4af7b4 173814 web optional
php4-common_4.4.2-1_i386.deb
0cd21985bca4226e533c9a4731994397 1601042 web optional
libapache-mod-php4_4.4.2-1_i386.deb
8b5a78625cdc4d4bb2a303904a54ca46 1598430 web optional
libapache2-mod-php4_4.4.2-1_i386.deb
602fd72bae58292412d62c1acf0f57e4 3182264 web optional php4-cgi_4.4.2-1_i386.deb
6c622e3396abfa063d157a4337c35d6d 1598306 web optional php4-cli_4.4.2-1_i386.deb
1e57f095a587a7f74ec14bba5b6a6778 201146 devel optional
php4-dev_4.4.2-1_i386.deb
6d4f480b9e3e37068bc721b0e467da5e 19074 web optional php4-curl_4.4.2-1_i386.deb
dd9fc2d0ead5371d973f5f7705351953 38808 web optional
php4-domxml_4.4.2-1_i386.deb
ffc438a188862049f180de60edc5e0c3 33182 web optional php4-gd_4.4.2-1_i386.deb
06d007059020c6de7d0d2d90a15f4256 20714 web optional php4-ldap_4.4.2-1_i386.deb
7e6496393a8325dd7aefcd7aa8c34eed 17656 web optional php4-mcal_4.4.2-1_i386.deb
2d70d0fee6300a5d53bc11dda3fc8c49 8800 web optional php4-mhash_4.4.2-1_i386.deb
1094ad0bdb7d8eae5ba36929db6747af 22084 web optional php4-mysql_4.4.2-1_i386.deb
68a5c49262af6f869f6ea25206376db8 28126 web optional php4-odbc_4.4.2-1_i386.deb
3ac3eaa6f73a1925d9d6bba0d0df09e0 37050 web optional php4-pgsql_4.4.2-1_i386.deb
18f3ff80db3a44ae73ad9ceb45bc117d 8496 web optional php4-recode_4.4.2-1_i386.deb
f200925fa384c1269f0aec042c5b4577 14104 web optional php4-snmp_4.4.2-1_i386.deb
15c2e244fbd5c5b60a9bff4b2d11dc72 21530 web optional
php4-sybase_4.4.2-1_i386.deb
55f8951b13a84e15bd6a1806f232d43c 17006 web optional php4-xslt_4.4.2-1_i386.deb
51b8a4bd2bb5892cb072ca3740529212 1154 web optional php4_4.4.2-1_all.deb
69d6a539bce90b2f35d9740fbb7827aa 1168 web optional php4-pear_4.4.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDzjXzvjztR8bOoMkRAj8RAKDMLdBIx7pVMkP19wDX7qe5t9g0XACgwelS
KLrU8n+63+EODSHclBawMkQ=
=hvuD
-----END PGP SIGNATURE-----
Accepted:
libapache-mod-php4_4.4.2-1_i386.deb
to pool/main/p/php4/libapache-mod-php4_4.4.2-1_i386.deb
libapache2-mod-php4_4.4.2-1_i386.deb
to pool/main/p/php4/libapache2-mod-php4_4.4.2-1_i386.deb
php4-cgi_4.4.2-1_i386.deb
to pool/main/p/php4/php4-cgi_4.4.2-1_i386.deb
php4-cli_4.4.2-1_i386.deb
to pool/main/p/php4/php4-cli_4.4.2-1_i386.deb
php4-common_4.4.2-1_i386.deb
to pool/main/p/php4/php4-common_4.4.2-1_i386.deb
php4-curl_4.4.2-1_i386.deb
to pool/main/p/php4/php4-curl_4.4.2-1_i386.deb
php4-dev_4.4.2-1_i386.deb
to pool/main/p/php4/php4-dev_4.4.2-1_i386.deb
php4-domxml_4.4.2-1_i386.deb
to pool/main/p/php4/php4-domxml_4.4.2-1_i386.deb
php4-gd_4.4.2-1_i386.deb
to pool/main/p/php4/php4-gd_4.4.2-1_i386.deb
php4-ldap_4.4.2-1_i386.deb
to pool/main/p/php4/php4-ldap_4.4.2-1_i386.deb
php4-mcal_4.4.2-1_i386.deb
to pool/main/p/php4/php4-mcal_4.4.2-1_i386.deb
php4-mhash_4.4.2-1_i386.deb
to pool/main/p/php4/php4-mhash_4.4.2-1_i386.deb
php4-mysql_4.4.2-1_i386.deb
to pool/main/p/php4/php4-mysql_4.4.2-1_i386.deb
php4-odbc_4.4.2-1_i386.deb
to pool/main/p/php4/php4-odbc_4.4.2-1_i386.deb
php4-pear_4.4.2-1_all.deb
to pool/main/p/php4/php4-pear_4.4.2-1_all.deb
php4-pgsql_4.4.2-1_i386.deb
to pool/main/p/php4/php4-pgsql_4.4.2-1_i386.deb
php4-recode_4.4.2-1_i386.deb
to pool/main/p/php4/php4-recode_4.4.2-1_i386.deb
php4-snmp_4.4.2-1_i386.deb
to pool/main/p/php4/php4-snmp_4.4.2-1_i386.deb
php4-sybase_4.4.2-1_i386.deb
to pool/main/p/php4/php4-sybase_4.4.2-1_i386.deb
php4-xslt_4.4.2-1_i386.deb
to pool/main/p/php4/php4-xslt_4.4.2-1_i386.deb
php4_4.4.2-1.diff.gz
to pool/main/p/php4/php4_4.4.2-1.diff.gz
php4_4.4.2-1.dsc
to pool/main/p/php4/php4_4.4.2-1.dsc
php4_4.4.2-1_all.deb
to pool/main/p/php4/php4_4.4.2-1_all.deb
php4_4.4.2.orig.tar.gz
to pool/main/p/php4/php4_4.4.2.orig.tar.gz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
