[Bug 813110] Re: CVE-2011-1938
This bug was fixed in the package php5 - 5.3.5-1ubuntu7.3 --- php5 (5.3.5-1ubuntu7.3) natty-security; urgency=low [ Angel Abad ] * SECURITY UPDATE: File path injection vulnerability in RFC1867 File upload filename (LP: #813115) - debian/patches/php5-CVE-2011-2202.patch: - CVE-2011-2202 * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect() (LP: #813110) - debian/patches/php5-CVE-2011-1938.patch: - CVE-2011-1938 [ Steve Beattie ] * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing on invalid flags - debian/patches/php5-CVE-2011-1657.patch: check for valid flags - CVE-2011-1657 * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit (non-ascii) passwords leading to a smaller collision space - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish to 1.2 to correct handling of passwords containing 8-bit (non-ascii) characters. CVE-2011-2483 * SECURITY UPDATE: DoS due to failure to check for memory allocation errors - debian/patches/php5-CVE-2011-3182.patch: check the return values of the malloc, calloc, and realloc functions - CVE-2011-3182 * SECURITY UPDATE: DoS in errorlog() when passed NULL - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in errorlog() - CVE-2011-3267 * debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch: refresh patch to make it cleanly apply. -- Steve Beattie sbeat...@ubuntu.com Thu, 13 Oct 2011 13:49:23 -0700 ** Changed in: php5 (Ubuntu Natty) Status: In Progress = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-1657 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2202 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-2483 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3182 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2011-3267 ** Changed in: php5 (Ubuntu Maverick) Status: In Progress = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813110 Title: CVE-2011-1938 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 813110] Re: CVE-2011-1938
This bug was fixed in the package php5 - 5.3.3-1ubuntu9.6 --- php5 (5.3.3-1ubuntu9.6) maverick-security; urgency=low [ Angel Abad ] * SECURITY UPDATE: File path injection vulnerability in RFC1867 File upload filename (LP: #813115) - debian/patches/php5-CVE-2011-2202.patch: - CVE-2011-2202 * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect() (LP: #813110) - debian/patches/php5-CVE-2011-1938.patch: - CVE-2011-1938 [ Steve Beattie ] * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing on invalid flags - debian/patches/php5-CVE-2011-1657.patch: check for valid flags - CVE-2011-1657 * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit (non-ascii) passwords leading to a smaller collision space - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish to 1.2 to correct handling of passwords containing 8-bit (non-ascii) characters. CVE-2011-2483 * SECURITY UPDATE: DoS due to failure to check for memory allocation errors - debian/patches/php5-CVE-2011-3182.patch: check the return values of the malloc, calloc, and realloc functions - CVE-2011-3182 * SECURITY UPDATE: DoS in errorlog() when passed NULL - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in errorlog() - CVE-2011-3267 -- Steve Beattie sbeat...@ubuntu.com Thu, 13 Oct 2011 13:56:23 -0700 ** Changed in: php5 (Ubuntu Lucid) Status: In Progress = Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2010-1914 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813110 Title: CVE-2011-1938 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 813110] Re: CVE-2011-1938
This bug was fixed in the package php5 - 5.3.2-1ubuntu4.10 --- php5 (5.3.2-1ubuntu4.10) lucid-security; urgency=low [ Angel Abad ] * SECURITY UPDATE: File path injection vulnerability in RFC1867 File upload filename (LP: #813115) - debian/patches/php5-CVE-2011-2202.patch: - CVE-2011-2202 * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect() (LP: #813110) - debian/patches/php5-CVE-2011-1938.patch: - CVE-2011-1938 [ Steve Beattie ] * SECURITY UPDATE: DoS in zip handling due to addGlob() crashing on invalid flags - debian/patches/php5-CVE-2011-1657.patch: check for valid flags - CVE-2011-1657 * SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit (non-ascii) passwords leading to a smaller collision space - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish to 1.2 to correct handling of passwords containing 8-bit (non-ascii) characters. CVE-2011-2483 * SECURITY UPDATE: DoS due to failure to check for memory allocation errors - debian/patches/php5-CVE-2011-3182.patch: check the return values of the malloc, calloc, and realloc functions - CVE-2011-3182 * SECURITY UPDATE: DoS in errorlog() when passed NULL - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in errorlog() - CVE-2011-3267 * SECURITY UPDATE: information leak via handler interrupt (LP: #852871) - debian/patches/php5-CVE-2010-1914.patch: grab references before calling zendi_convert_to_long() - CVE-2010-1914 -- Steve Beattie sbeat...@ubuntu.com Fri, 14 Oct 2011 14:24:59 -0700 -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813110 Title: CVE-2011-1938 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 813110] Re: CVE-2011-1938
Unsubscribing ubuntu-security-sponsors since Steve is handling this as part of his update. ** Changed in: php5 (Ubuntu Lucid) Status: Confirmed = In Progress ** Changed in: php5 (Ubuntu Lucid) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Maverick) Status: Confirmed = In Progress ** Changed in: php5 (Ubuntu Maverick) Assignee: (unassigned) = Steve Beattie (sbeattie) ** Changed in: php5 (Ubuntu Natty) Status: Confirmed = In Progress ** Changed in: php5 (Ubuntu Natty) Assignee: (unassigned) = Steve Beattie (sbeattie) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813110 Title: CVE-2011-1938 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 813110] Re: CVE-2011-1938
** Changed in: php5 (Ubuntu Lucid) Status: Confirmed = In Progress ** Changed in: php5 (Ubuntu Lucid) Assignee: (unassigned) = Angel Abad (angelabad) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813110 Title: CVE-2011-1938 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 813110] Re: CVE-2011-1938
** Changed in: php5 (Ubuntu Maverick) Status: Confirmed = In Progress ** Changed in: php5 (Ubuntu Maverick) Assignee: (unassigned) = Angel Abad (angelabad) ** Changed in: php5 (Ubuntu Natty) Status: Confirmed = In Progress ** Changed in: php5 (Ubuntu Natty) Assignee: (unassigned) = Angel Abad (angelabad) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813110 Title: CVE-2011-1938 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 813110] Re: CVE-2011-1938
php5 (5.3.3-1ubuntu9.6) maverick-security; urgency=low * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect() (LP: #813110) - debian/patches/php5-CVE-2011-1938.patch: - CVE-2011-1938 -- Angel Abad angela...@ubuntu.com Tue, 20 Sep 2011 23:14:11 +0200 ** Patch added: php5_5.3.3-1ubuntu9.6.debdiff https://bugs.launchpad.net/ubuntu/lucid/+source/php5/+bug/813110/+attachment/2433727/+files/php5_5.3.3-1ubuntu9.6.debdiff ** Changed in: php5 (Ubuntu Maverick) Status: In Progress = Confirmed ** Changed in: php5 (Ubuntu Maverick) Assignee: Angel Abad (angelabad) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813110 Title: CVE-2011-1938 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 813110] Re: CVE-2011-1938
php5 (5.3.5-1ubuntu7.3) natty-security; urgency=low * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect() (LP: #813110) - debian/patches/php5-CVE-2011-1938.patch: - CVE-2011-1938 -- Angel Abad angela...@ubuntu.com Tue, 20 Sep 2011 23:22:13 +0200 ** Patch added: php5_5.3.5-1ubuntu7.3.debdiff https://bugs.launchpad.net/ubuntu/maverick/+source/php5/+bug/813110/+attachment/2433737/+files/php5_5.3.5-1ubuntu7.3.debdiff ** Changed in: php5 (Ubuntu Natty) Status: In Progress = Confirmed ** Changed in: php5 (Ubuntu Natty) Assignee: Angel Abad (angelabad) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813110 Title: CVE-2011-1938 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 813110] Re: CVE-2011-1938
php5 (5.3.2-1ubuntu4.10) lucid-security; urgency=low * SECURITY UPDATE: Fixed stack buffer overflow in socket_connect() (LP: #813110) - debian/patches/php5-CVE-2011-1938.patch: - CVE-2011-1938 -- Angel Abad angela...@ubuntu.com Tue, 20 Sep 2011 23:02:17 +0200 ** Patch added: php5_5.3.2-1ubuntu4.10.debdiff https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+attachment/2433719/+files/php5_5.3.2-1ubuntu4.10.debdiff ** Changed in: php5 (Ubuntu Lucid) Status: In Progress = Confirmed ** Changed in: php5 (Ubuntu Lucid) Assignee: Angel Abad (angelabad) = (unassigned) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813110 Title: CVE-2011-1938 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 813110] Re: CVE-2011-1938
Fixed in 5.3.6-13ubuntu1 upload. ** Changed in: php5 (Ubuntu Oneiric) Status: Confirmed = Fix Released -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813110 Title: CVE-2011-1938 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 813110] Re: CVE-2011-1938
** Also affects: php5 (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: php5 (Ubuntu Maverick) Importance: Undecided Status: New ** Also affects: php5 (Ubuntu Oneiric) Importance: Undecided Status: New ** Also affects: php5 (Ubuntu Natty) Importance: Undecided Status: New ** Changed in: php5 (Ubuntu Lucid) Importance: Undecided = Low ** Changed in: php5 (Ubuntu Lucid) Status: New = Confirmed ** Changed in: php5 (Ubuntu Maverick) Importance: Undecided = Low ** Changed in: php5 (Ubuntu Maverick) Status: New = Confirmed ** Changed in: php5 (Ubuntu Natty) Importance: Undecided = Low ** Changed in: php5 (Ubuntu Natty) Status: New = Confirmed ** Changed in: php5 (Ubuntu Oneiric) Importance: Undecided = Low ** Changed in: php5 (Ubuntu Oneiric) Status: New = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to php5 in Ubuntu. https://bugs.launchpad.net/bugs/813110 Title: CVE-2011-1938 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/813110/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs