[ubuntu/trusty-updates] php5 5.5.9+dfsg-1ubuntu4.20 (Accepted)
php5 (5.5.9+dfsg-1ubuntu4.20) trusty-security; urgency=medium * SECURITY UPDATE: denial of service or code execution via crafted serialized data - debian/patches/CVE-2016-7124-1.patch: destroy broken object when unserializing in ext/standard/var_unserializer.c*, added tests to ext/standard/tests/strings/bug72663.phpt, ext/standard/tests/strings/bug72663_2.phpt. - debian/patches/CVE-2016-7124-2.patch: improve fix in ext/standard/var_unserializer.c*, added test to ext/standard/tests/strings/bug72663_3.phpt. - CVE-2016-7124 * SECURITY UPDATE: arbitrary-type session data injection - debian/patches/CVE-2016-7125.patch: consume data even if not storing in ext/session/session.c, added test to ext/session/tests/bug72681.phpt. - debian/patches/CVE-2016-7125-2.patch: remove unused label in ext/session/session.c. - CVE-2016-7125 * SECURITY UPDATE: denial of service and possible code execution in imagegammacorrect function - debian/patches/CVE-2016-7127.patch: check gamma values in ext/gd/gd.c, added test to ext/gd/tests/bug72730.phpt. - CVE-2016-7127 * SECURITY UPDATE: information disclosure via exif_process_IFD_in_TIFF - debian/patches/CVE-2016-7128.patch: properly handle thumbnails in ext/exif/exif.c. - CVE-2016-7128 * SECURITY UPDATE: denial of service and possible code execution via invalid ISO 8601 time value - debian/patches/CVE-2016-7129.patch: properly handle strings in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72749.phpt. - CVE-2016-7129 * SECURITY UPDATE: denial of service and possible code execution via invalid base64 binary value - debian/patches/CVE-2016-7130.patch: properly handle string in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72750.phpt. - CVE-2016-7130 * SECURITY UPDATE: denial of service and possible code execution via malformed wddxPacket XML document - debian/patches/CVE-2016-7131.patch: added check to ext/wddx/wddx.c, added tests to ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug72799.phpt. - CVE-2016-7131 - CVE-2016-7132 * SECURITY UPDATE: denial of service and possible code execution via partially constructed object - debian/patches/CVE-2016-7411.patch: properly handle partial object in ext/standard/var_unserializer.*, added test to ext/standard/tests/serialize/bug73052.phpt. - CVE-2016-7411 * SECURITY UPDATE: denial of service and possible code execution via crafted field metadata in MySQL driver - debian/patches/CVE-2016-7412.patch: validate field length in ext/mysqlnd/mysqlnd_wireprotocol.c. - CVE-2016-7412 * SECURITY UPDATE: denial of service and possible code execution via malformed wddxPacket XML document - debian/patches/CVE-2016-7413.patch: fixed use-after-free in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72860.phpt. - CVE-2016-7413 * SECURITY UPDATE: denial of service and possible code execution via crafted PHAR archive - debian/patches/CVE-2016-7414.patch: validate signatures in ext/phar/util.c, ext/phar/zip.c. - CVE-2016-7414 * SECURITY UPDATE: denial of service and possible code execution via MessageFormatter::formatMessage call with a long first argument - debian/patches/CVE-2016-7416.patch: added locale length check to ext/intl/msgformat/msgformat_format.c. - CVE-2016-7416 * SECURITY UPDATE: denial of service or code execution via crafted serialized data - debian/patches/CVE-2016-7417.patch: added type check to ext/spl/spl_array.c, added test to ext/spl/tests/bug73029.phpt. - debian/patches/CVE-2016-7417-2.patch: fix test in ext/spl/tests/bug70068.phpt. - CVE-2016-7417 * SECURITY UPDATE: denial of service and possible code execution via malformed wddxPacket XML document - debian/patches/CVE-2016-7418.patch: fix out-of-bounds read in ext/wddx/wddx.c, added test to ext/wddx/tests/bug73065.phpt. - CVE-2016-7418 Date: 2016-10-03 12:48:16.158162+00:00 Changed-By: Marc DeslauriersSigned-By: Ubuntu Archive Robot https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.20 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-security] php5 5.5.9+dfsg-1ubuntu4.20 (Accepted)
php5 (5.5.9+dfsg-1ubuntu4.20) trusty-security; urgency=medium * SECURITY UPDATE: denial of service or code execution via crafted serialized data - debian/patches/CVE-2016-7124-1.patch: destroy broken object when unserializing in ext/standard/var_unserializer.c*, added tests to ext/standard/tests/strings/bug72663.phpt, ext/standard/tests/strings/bug72663_2.phpt. - debian/patches/CVE-2016-7124-2.patch: improve fix in ext/standard/var_unserializer.c*, added test to ext/standard/tests/strings/bug72663_3.phpt. - CVE-2016-7124 * SECURITY UPDATE: arbitrary-type session data injection - debian/patches/CVE-2016-7125.patch: consume data even if not storing in ext/session/session.c, added test to ext/session/tests/bug72681.phpt. - debian/patches/CVE-2016-7125-2.patch: remove unused label in ext/session/session.c. - CVE-2016-7125 * SECURITY UPDATE: denial of service and possible code execution in imagegammacorrect function - debian/patches/CVE-2016-7127.patch: check gamma values in ext/gd/gd.c, added test to ext/gd/tests/bug72730.phpt. - CVE-2016-7127 * SECURITY UPDATE: information disclosure via exif_process_IFD_in_TIFF - debian/patches/CVE-2016-7128.patch: properly handle thumbnails in ext/exif/exif.c. - CVE-2016-7128 * SECURITY UPDATE: denial of service and possible code execution via invalid ISO 8601 time value - debian/patches/CVE-2016-7129.patch: properly handle strings in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72749.phpt. - CVE-2016-7129 * SECURITY UPDATE: denial of service and possible code execution via invalid base64 binary value - debian/patches/CVE-2016-7130.patch: properly handle string in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72750.phpt. - CVE-2016-7130 * SECURITY UPDATE: denial of service and possible code execution via malformed wddxPacket XML document - debian/patches/CVE-2016-7131.patch: added check to ext/wddx/wddx.c, added tests to ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug72799.phpt. - CVE-2016-7131 - CVE-2016-7132 * SECURITY UPDATE: denial of service and possible code execution via partially constructed object - debian/patches/CVE-2016-7411.patch: properly handle partial object in ext/standard/var_unserializer.*, added test to ext/standard/tests/serialize/bug73052.phpt. - CVE-2016-7411 * SECURITY UPDATE: denial of service and possible code execution via crafted field metadata in MySQL driver - debian/patches/CVE-2016-7412.patch: validate field length in ext/mysqlnd/mysqlnd_wireprotocol.c. - CVE-2016-7412 * SECURITY UPDATE: denial of service and possible code execution via malformed wddxPacket XML document - debian/patches/CVE-2016-7413.patch: fixed use-after-free in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72860.phpt. - CVE-2016-7413 * SECURITY UPDATE: denial of service and possible code execution via crafted PHAR archive - debian/patches/CVE-2016-7414.patch: validate signatures in ext/phar/util.c, ext/phar/zip.c. - CVE-2016-7414 * SECURITY UPDATE: denial of service and possible code execution via MessageFormatter::formatMessage call with a long first argument - debian/patches/CVE-2016-7416.patch: added locale length check to ext/intl/msgformat/msgformat_format.c. - CVE-2016-7416 * SECURITY UPDATE: denial of service or code execution via crafted serialized data - debian/patches/CVE-2016-7417.patch: added type check to ext/spl/spl_array.c, added test to ext/spl/tests/bug73029.phpt. - debian/patches/CVE-2016-7417-2.patch: fix test in ext/spl/tests/bug70068.phpt. - CVE-2016-7417 * SECURITY UPDATE: denial of service and possible code execution via malformed wddxPacket XML document - debian/patches/CVE-2016-7418.patch: fix out-of-bounds read in ext/wddx/wddx.c, added test to ext/wddx/tests/bug73065.phpt. - CVE-2016-7418 Date: 2016-10-03 12:48:16.158162+00:00 Changed-By: Marc Deslauriershttps://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.20 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes
[ubuntu/trusty-updates] ubuntu-gnome-wallpapers 14.04.2 (Accepted)
ubuntu-gnome-wallpapers (14.04.2) trusty; urgency=medium * Fix typo in wallpaper slideshow that blanked the screen for 30 minutes at a time (LP: #1382778) Date: 2016-09-09 09:55:11.966195+00:00 Changed-By: Laurens PostSigned-By: Brian Murray https://launchpad.net/ubuntu/+source/ubuntu-gnome-wallpapers/14.04.2 Sorry, changesfile not available.-- Trusty-changes mailing list Trusty-changes@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/trusty-changes