Accepted php5 5.1.1-1ubuntu1 (source)
Adam Conrad
adconrad at ubuntu.com
Sat Jan 7 16:30:07 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 8 Jan 2006 02:07:20 +1100
Source: php5
Binary: php5-gd php5-ldap php5 php5-xmlrpc libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mysql php5-common php5-dev php5-snmp php5-sqlite
Architecture: source
Version: 5.1.1-1ubuntu1
Distribution: dapper
Urgency: low
Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Description:
libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2.0 module)
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (meta-package)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dev - Files for PHP5 module development
php5-gd - GD module for php5
php5-ldap - LDAP module for php5
php5-mhash - MHASH module for php5
php5-mysql - MySQL module for php5
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Closes: 329415 330763 332453 333374 334969 335674 336005 336654 341368 341867 343793 344816
Changes:
php5 (5.1.1-1ubuntu1) dapper; urgency=low
.
* Resynchronise with Debian, bringing in a myriad of security fixes.
.
php5 (5.1.1-1) unstable; urgency=low
.
* New upstream bugfix release, skipping the problematic 5.1.0 release:
- Fixes a zend.ze1_compatibility_mode segfault (closes: #333374)
- Remove libtool patch from acinclude.m4, now integrated upstream.
- Remove 038-round_test_fix.patch, now integrated upstream.
- Remove 049-exported-headers.patch, as upstream's build system has
gotten more clever about what they should and shouldn't export.
- Remove 054-open_basedir_slash.patch, now integrated upstream.
- Remove 055-gd_safe_mode_checks.patch, fixed differently upstream.
- Mangle 101-sqlite_is_shared.patch, to deal with upstream changes.
- Remove 104-64_bit_serialize.patch, now integrated upstream.
- Remove 105-64_bit_imagettftext.patch, now integrated upstream.
* Many security vulnerabilities fixed (closes: #341368, #336005, #336654):
- Resolves a local denial of service in the apache2 SAPI, which can
be triggered by using session.save_path in .htaccess; CVE-2005-3319
- Resolves an infinite loop in the exif_read_data function which can
be triggered with a specially-crafted JPEG image; CVE-2005-3353
- Resolves a vulnerability in the parse_str function whereby a remote
attacker can fool PHP into turning on register_globals, thus making
applications vulnerable to global variable injections; CVE-2005-3389
- Resolves a vulnerability in the RFC1867 file upload feature where, if
register_globals is enabled, a remote attacker can modify the GLOBALS
array with a multipart/form-data POST request; see CVE-2005-3390
- Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391
- Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode
and open_basedir bypasses between virtual hosts; CVE-2005-3392
- Resolves a CRLF injection vulnerability in the mb_send_mail function,
allowing injection of arbitrary mail headers; see CVE-2005-3883
- Includes PEAR 1.4.5, resolving a vulnerability in the pear installer
which could lead to arbitrary code execution; see CVE-2005-4154
* Bump libdb build-dep from libdb4.2 to libdb4.3, to match with apache.
* Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343793)
* Automate the process of getting the list of built-in modules into the
package descriptions, so it stays fresh in the future (closes: #341867)
* Intentionally disable PDO support until I've sorted out the best way to
deal with shipping this shiny new feature that won't break the world.
* The new PEAR happens to fix the Command.php greedy match bug filed in
Debian as part of the fix for the wider security issue (closes: #334969)
* Create 056-mime_magic_strings.patch, making the mime_magic extension
more liberal about what mime-types is accepts, as well as making it skip
over ones it dislikes, rather than disabling itself (closes: #335674)
* Add 057-no_apache_installed.patch, to stop spewing a mess of errors in
configure because we don't have the apache binaries in the build chroot.
* Fix small typo in the php5-xsl package description (closes: #344816)
.
php5 (5.0.5-3) unstable; urgency=low
.
* Build-Depend on libcurl3-openssl-dev, since libcurl3-dev is going away
soon. Keep libcurl3-dev as an alternate for backporting (see: #334367)
* Switch from libmysqlclient12 to libmysqlclient14; this puts us on the
*other* side of the line regarding which combinations of DSOs cause
segfaults, so hopefully the others catch up with us soon (closes: #332453)
* Look for magic.mime in /usr/share/file now instead of /usr/share/misc/file,
as the path has been changed to comply with the FHS (see: #334510)
* Make the above backportable as well, by searching for both files, and
picking the one that's currently installed on the user's system.
* Include swedish debconf translation from Daniel Nylander (closes: #330763)
* Make pear use '/usr/bin/php' instead of just 'php' to make sure we don't
get some random binary on $PATH that won't work right (closes: #329415)
* Set PHP_PEAR_SIG_BIN to /usr/bin/gpg, and have php-pear Recommends: gnupg
Files:
70b0824ad6d2916cf8599616e95d2419 1748 web optional php5_5.1.1-1ubuntu1.dsc
ed3d099828282e66c66cadd8d879d739 7852249 web optional php5_5.1.1.orig.tar.gz
62a447c138cdefe169cc6dec240be613 95963 web optional php5_5.1.1-1ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDv9pNvjztR8bOoMkRAr3vAKD+W9l9hWlqxXDGcES12frs/MS/RACghqBV
mMT1KAMNfJ+9wYVmHmfKmUI=
=nUHE
-----END PGP SIGNATURE-----
Accepted:
php5_5.1.1-1ubuntu1.diff.gz
to pool/main/p/php5/php5_5.1.1-1ubuntu1.diff.gz
php5_5.1.1-1ubuntu1.dsc
to pool/main/p/php5/php5_5.1.1-1ubuntu1.dsc
php5_5.1.1.orig.tar.gz
to pool/main/p/php5/php5_5.1.1.orig.tar.gz
More information about the dapper-changes
mailing list