Here's a debdiff with the 5 stripped down security patches:
php5 (5.2.4-2ubuntu5.2) hardy-proposed; urgency=low
.
* Backport security fixes from 5.2.6: (LP: #227464)
- debian/patches/security526-fastcgi.patch:
+ Fixed possible stack buffer overflow in FastCGI SAPI
+ Fixed sending of uninitialized paddings which may contain some
information
- debian/patches/security526-exec.patch:
+ Properly address incomplete multibyte chars inside escapeshellcmd()
- debian/patches/security526-cgi_main.patch:
+ Fixed security issue detailed in CVE-2008-0599
- debian/patches/security526-interface.patch:
+ Fixed a safe_mode bypass in cURL identified by Maksymilian
Arciemowicz
- debian/patches/security526-pcre_compile.patch:
+ avoid stack overflow (fix from pcre 7.6)
** Attachment added: "debdiff from 5.2.4-2ubuntu5.1"
http://launchpadlibrarian.net/15065228/php5_5.2.4-2ubuntu5.2.debdiff
** Summary changed:
- Please Backport PHP 5.2.6 -- fixes important security bugs
+ Please backport security fixes from PHP 5.2.6
** Changed in: hardy-backports
Status: New => Invalid
--
Please backport security fixes from PHP 5.2.6
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
