[ubuntu/trusty-updates] php5 5.5.9+dfsg-1ubuntu4.20 (Accepted)

[Ubuntu Archive Robot]

php5 (5.5.9+dfsg-1ubuntu4.20) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2016-7124-1.patch: destroy broken object when
  unserializing in ext/standard/var_unserializer.c*, added tests to
  ext/standard/tests/strings/bug72663.phpt,
  ext/standard/tests/strings/bug72663_2.phpt.
- debian/patches/CVE-2016-7124-2.patch: improve fix in
  ext/standard/var_unserializer.c*, added test to
  ext/standard/tests/strings/bug72663_3.phpt.
- CVE-2016-7124
  * SECURITY UPDATE: arbitrary-type session data injection
- debian/patches/CVE-2016-7125.patch: consume data even if not storing
  in ext/session/session.c, added test to
  ext/session/tests/bug72681.phpt.
- debian/patches/CVE-2016-7125-2.patch: remove unused label in
  ext/session/session.c.
- CVE-2016-7125
  * SECURITY UPDATE: denial of service and possible code execution in
imagegammacorrect function
- debian/patches/CVE-2016-7127.patch: check gamma values in
  ext/gd/gd.c, added test to ext/gd/tests/bug72730.phpt.
- CVE-2016-7127
  * SECURITY UPDATE: information disclosure via exif_process_IFD_in_TIFF
- debian/patches/CVE-2016-7128.patch: properly handle thumbnails in
  ext/exif/exif.c.
- CVE-2016-7128
  * SECURITY UPDATE: denial of service and possible code execution via
invalid ISO 8601 time value
- debian/patches/CVE-2016-7129.patch: properly handle strings in
  ext/wddx/wddx.c, added test to ext/wddx/tests/bug72749.phpt.
- CVE-2016-7129
  * SECURITY UPDATE: denial of service and possible code execution via
invalid base64 binary value
- debian/patches/CVE-2016-7130.patch: properly handle string in
  ext/wddx/wddx.c, added test to ext/wddx/tests/bug72750.phpt.
- CVE-2016-7130
  * SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7131.patch: added check to ext/wddx/wddx.c,
  added tests to ext/wddx/tests/bug72790.phpt,
  ext/wddx/tests/bug72799.phpt.
- CVE-2016-7131
- CVE-2016-7132
  * SECURITY UPDATE: denial of service and possible code execution via
partially constructed object
- debian/patches/CVE-2016-7411.patch: properly handle partial object in
  ext/standard/var_unserializer.*, added test to
  ext/standard/tests/serialize/bug73052.phpt.
- CVE-2016-7411
  * SECURITY UPDATE: denial of service and possible code execution via
crafted field metadata in MySQL driver
- debian/patches/CVE-2016-7412.patch: validate field length in
  ext/mysqlnd/mysqlnd_wireprotocol.c.
- CVE-2016-7412
  * SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7413.patch: fixed use-after-free in
  ext/wddx/wddx.c, added test to ext/wddx/tests/bug72860.phpt.
- CVE-2016-7413
  * SECURITY UPDATE: denial of service and possible code execution via
crafted PHAR archive
- debian/patches/CVE-2016-7414.patch: validate signatures in
  ext/phar/util.c, ext/phar/zip.c.
- CVE-2016-7414
  * SECURITY UPDATE: denial of service and possible code execution via
MessageFormatter::formatMessage call with a long first argument
- debian/patches/CVE-2016-7416.patch: added locale length check to
  ext/intl/msgformat/msgformat_format.c.
- CVE-2016-7416
  * SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2016-7417.patch: added type check to
  ext/spl/spl_array.c, added test to ext/spl/tests/bug73029.phpt.
- debian/patches/CVE-2016-7417-2.patch: fix test in
  ext/spl/tests/bug70068.phpt.
- CVE-2016-7417
  * SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7418.patch: fix out-of-bounds read in
  ext/wddx/wddx.c, added test to ext/wddx/tests/bug73065.phpt.
- CVE-2016-7418

Date: 2016-10-03 12:48:16.158162+00:00
Changed-By: Marc Deslauriers 
Signed-By: Ubuntu Archive Robot 

https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.20
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-security] php5 5.5.9+dfsg-1ubuntu4.20 (Accepted)

[Marc Deslauriers]

php5 (5.5.9+dfsg-1ubuntu4.20) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2016-7124-1.patch: destroy broken object when
  unserializing in ext/standard/var_unserializer.c*, added tests to
  ext/standard/tests/strings/bug72663.phpt,
  ext/standard/tests/strings/bug72663_2.phpt.
- debian/patches/CVE-2016-7124-2.patch: improve fix in
  ext/standard/var_unserializer.c*, added test to
  ext/standard/tests/strings/bug72663_3.phpt.
- CVE-2016-7124
  * SECURITY UPDATE: arbitrary-type session data injection
- debian/patches/CVE-2016-7125.patch: consume data even if not storing
  in ext/session/session.c, added test to
  ext/session/tests/bug72681.phpt.
- debian/patches/CVE-2016-7125-2.patch: remove unused label in
  ext/session/session.c.
- CVE-2016-7125
  * SECURITY UPDATE: denial of service and possible code execution in
imagegammacorrect function
- debian/patches/CVE-2016-7127.patch: check gamma values in
  ext/gd/gd.c, added test to ext/gd/tests/bug72730.phpt.
- CVE-2016-7127
  * SECURITY UPDATE: information disclosure via exif_process_IFD_in_TIFF
- debian/patches/CVE-2016-7128.patch: properly handle thumbnails in
  ext/exif/exif.c.
- CVE-2016-7128
  * SECURITY UPDATE: denial of service and possible code execution via
invalid ISO 8601 time value
- debian/patches/CVE-2016-7129.patch: properly handle strings in
  ext/wddx/wddx.c, added test to ext/wddx/tests/bug72749.phpt.
- CVE-2016-7129
  * SECURITY UPDATE: denial of service and possible code execution via
invalid base64 binary value
- debian/patches/CVE-2016-7130.patch: properly handle string in
  ext/wddx/wddx.c, added test to ext/wddx/tests/bug72750.phpt.
- CVE-2016-7130
  * SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7131.patch: added check to ext/wddx/wddx.c,
  added tests to ext/wddx/tests/bug72790.phpt,
  ext/wddx/tests/bug72799.phpt.
- CVE-2016-7131
- CVE-2016-7132
  * SECURITY UPDATE: denial of service and possible code execution via
partially constructed object
- debian/patches/CVE-2016-7411.patch: properly handle partial object in
  ext/standard/var_unserializer.*, added test to
  ext/standard/tests/serialize/bug73052.phpt.
- CVE-2016-7411
  * SECURITY UPDATE: denial of service and possible code execution via
crafted field metadata in MySQL driver
- debian/patches/CVE-2016-7412.patch: validate field length in
  ext/mysqlnd/mysqlnd_wireprotocol.c.
- CVE-2016-7412
  * SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7413.patch: fixed use-after-free in
  ext/wddx/wddx.c, added test to ext/wddx/tests/bug72860.phpt.
- CVE-2016-7413
  * SECURITY UPDATE: denial of service and possible code execution via
crafted PHAR archive
- debian/patches/CVE-2016-7414.patch: validate signatures in
  ext/phar/util.c, ext/phar/zip.c.
- CVE-2016-7414
  * SECURITY UPDATE: denial of service and possible code execution via
MessageFormatter::formatMessage call with a long first argument
- debian/patches/CVE-2016-7416.patch: added locale length check to
  ext/intl/msgformat/msgformat_format.c.
- CVE-2016-7416
  * SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2016-7417.patch: added type check to
  ext/spl/spl_array.c, added test to ext/spl/tests/bug73029.phpt.
- debian/patches/CVE-2016-7417-2.patch: fix test in
  ext/spl/tests/bug70068.phpt.
- CVE-2016-7417
  * SECURITY UPDATE: denial of service and possible code execution via
malformed wddxPacket XML document
- debian/patches/CVE-2016-7418.patch: fix out-of-bounds read in
  ext/wddx/wddx.c, added test to ext/wddx/tests/bug73065.phpt.
- CVE-2016-7418

Date: 2016-10-03 12:48:16.158162+00:00
Changed-By: Marc Deslauriers 
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.20
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes

[ubuntu/trusty-updates] ubuntu-gnome-wallpapers 14.04.2 (Accepted)

[Brian Murray]

ubuntu-gnome-wallpapers (14.04.2) trusty; urgency=medium

  * Fix typo in wallpaper slideshow that blanked the screen for
30 minutes at a time (LP: #1382778)

Date: 2016-09-09 09:55:11.966195+00:00
Changed-By: Laurens Post 
Signed-By: Brian Murray 
https://launchpad.net/ubuntu/+source/ubuntu-gnome-wallpapers/14.04.2
Sorry, changesfile not available.-- 
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/trusty-changes