[Bug 227464] Re: PHP 5.2.6 fixes important security bugs
If you need a fix for these bugs in previous versions of Ubuntu, you should request a backport of the package by following the instructions for How to request new packages at https://help.ubuntu.com/community/UbuntuBackports#request-new-packages -- Please Backport PHP 5.2.6 -- fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: PHP 5.2.6 fixes important security bugs
I second what DH asked? Will this be in hardy? It's been in Debian for ages now. -- PHP 5.2.6 fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: PHP 5.2.6 fixes important security bugs
These are the security fixes as shown in the current changelog at: http://www.php.net/ChangeLog-5.php I chased down the CVS commit log messages against 5_2 for each of these. Most of the fixes look relatively compact, with the exception of the last, which is comparatively huge. Version 5.2.6 01-May-2008 * Security Fixes * Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin) * http://marc.info/?l=php-cvsm=120721829703242w=2 * Properly address incomplete multibyte chars inside escapeshellcmd() (Ilia, Stefan Esser) * http://marc.info/?l=php-cvsm=120579496007399w=2 * Fixed security issue detailed in CVE-2008-0599. (Rasmus) * http://marc.info/?l=php-cvsm=120415902925033w=2 * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. (Ilia) * http://marc.info/?l=php-cvsm=119963956428826w=2 * Upgraded PCRE to version 7.6 (Nuno) * http://marc.info/?l=php-cvsm=120163838831816w=2 * Note, this is a very LARGE patch :-Dustin -- PHP 5.2.6 fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: PHP 5.2.6 fixes important security bugs
Hi, at our university they are shutting off network access to computers that aren't running at least PHP 5.2.6 because of these security holes. I am running Ubuntu Hardy server, is there a timeline for this update to be released to Hardy, or else is there a backport available. I can always compile php/apache/etc. myself like in them yon olden days, but I'd prefer not to. Thank you -- PHP 5.2.6 fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: PHP 5.2.6 fixes important security bugs
** Changed in: php5 (Debian) Status: Fix Committed = Fix Released -- PHP 5.2.6 fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 227464] Re: PHP 5.2.6 fixes important security bugs
I'll merge this into Intrepid next week. :-Dustin -- PHP 5.2.6 fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: PHP 5.2.6 fixes important security bugs
** Bug watch added: Debian Bug tracker #479723 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479723 ** Also affects: php5 (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479723 Importance: Unknown Status: Unknown -- PHP 5.2.6 fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: PHP 5.2.6 fixes important security bugs
Fix released in Debian onMay 11. Fixes are available both upstream in Debian and upstream in main package. How can I help move this bug along? -- PHP 5.2.6 fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: PHP 5.2.6 fixes important security bugs
** Changed in: php5 (Debian) Status: Unknown = Fix Committed -- PHP 5.2.6 fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 227464] Re: PHP 5.2.6 fixes important security bugs
This has been out for a while, is there a reason this hasn't been acted on? -- PHP 5.2.6 fixes important security bugs https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs