Accepted php5 5.1.1-1ubuntu1 (source)

Adam Conrad adconrad at ubuntu.com
Sat Jan 7 16:30:07 GMT 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sun,  8 Jan 2006 02:07:20 +1100
Source: php5
Binary: php5-gd php5-ldap php5 php5-xmlrpc libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mysql php5-common php5-dev php5-snmp php5-sqlite
Architecture: source
Version: 5.1.1-1ubuntu1
Distribution: dapper
Urgency: low
Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
Changed-By: Adam Conrad <adconrad at ubuntu.com>
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2.0 module)
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (meta-package)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dev   - Files for PHP5 module development
 php5-gd    - GD module for php5
 php5-ldap  - LDAP module for php5
 php5-mhash - MHASH module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Closes: 329415 330763 332453 333374 334969 335674 336005 336654 341368 341867 343793 344816
Changes: 
 php5 (5.1.1-1ubuntu1) dapper; urgency=low
 .
   * Resynchronise with Debian, bringing in a myriad of security fixes.
 .
 php5 (5.1.1-1) unstable; urgency=low
 .
   * New upstream bugfix release, skipping the problematic 5.1.0 release:
     - Fixes a zend.ze1_compatibility_mode segfault (closes: #333374)
     - Remove libtool patch from acinclude.m4, now integrated upstream.
     - Remove 038-round_test_fix.patch, now integrated upstream.
     - Remove 049-exported-headers.patch, as upstream's build system has
       gotten more clever about what they should and shouldn't export.
     - Remove 054-open_basedir_slash.patch, now integrated upstream.
     - Remove 055-gd_safe_mode_checks.patch, fixed differently upstream.
     - Mangle 101-sqlite_is_shared.patch, to deal with upstream changes.
     - Remove 104-64_bit_serialize.patch, now integrated upstream.
     - Remove 105-64_bit_imagettftext.patch, now integrated upstream.
   * Many security vulnerabilities fixed (closes: #341368, #336005, #336654):
     - Resolves a local denial of service in the apache2 SAPI, which can
       be triggered by using session.save_path in .htaccess; CVE-2005-3319
     - Resolves an infinite loop in the exif_read_data function which can
       be triggered with a specially-crafted JPEG image; CVE-2005-3353
     - Resolves a vulnerability in the parse_str function whereby a remote
       attacker can fool PHP into turning on register_globals, thus making
       applications vulnerable to global variable injections; CVE-2005-3389
     - Resolves a vulnerability in the RFC1867 file upload feature where, if
       register_globals is enabled, a remote attacker can modify the GLOBALS
       array with a multipart/form-data POST request; see CVE-2005-3390
     - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391
     - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode
       and open_basedir bypasses between virtual hosts; CVE-2005-3392
     - Resolves a CRLF injection vulnerability in the mb_send_mail function,
       allowing injection of arbitrary mail headers; see CVE-2005-3883
     - Includes PEAR 1.4.5, resolving a vulnerability in the pear installer
       which could lead to arbitrary code execution; see CVE-2005-4154
   * Bump libdb build-dep from libdb4.2 to libdb4.3, to match with apache.
   * Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343793)
   * Automate the process of getting the list of built-in modules into the
     package descriptions, so it stays fresh in the future (closes: #341867)
   * Intentionally disable PDO support until I've sorted out the best way to
     deal with shipping this shiny new feature that won't break the world.
   * The new PEAR happens to fix the Command.php greedy match bug filed in
     Debian as part of the fix for the wider security issue (closes: #334969)
   * Create 056-mime_magic_strings.patch, making the mime_magic extension
     more liberal about what mime-types is accepts, as well as making it skip
     over ones it dislikes, rather than disabling itself (closes: #335674)
   * Add 057-no_apache_installed.patch, to stop spewing a mess of errors in
     configure because we don't have the apache binaries in the build chroot.
   * Fix small typo in the php5-xsl package description (closes: #344816)
 .
 php5 (5.0.5-3) unstable; urgency=low
 .
   * Build-Depend on libcurl3-openssl-dev, since libcurl3-dev is going away
     soon.  Keep libcurl3-dev as an alternate for backporting (see: #334367)
   * Switch from libmysqlclient12 to libmysqlclient14; this puts us on the
     *other* side of the line regarding which combinations of DSOs cause
     segfaults, so hopefully the others catch up with us soon (closes: #332453)
   * Look for magic.mime in /usr/share/file now instead of /usr/share/misc/file,
     as the path has been changed to comply with the FHS (see: #334510)
   * Make the above backportable as well, by searching for both files, and
     picking the one that's currently installed on the user's system.
   * Include swedish debconf translation from Daniel Nylander (closes: #330763)
   * Make pear use '/usr/bin/php' instead of just 'php' to make sure we don't
     get some random binary on $PATH that won't work right (closes: #329415)
   * Set PHP_PEAR_SIG_BIN to /usr/bin/gpg, and have php-pear Recommends: gnupg
Files: 
 70b0824ad6d2916cf8599616e95d2419 1748 web optional php5_5.1.1-1ubuntu1.dsc
 ed3d099828282e66c66cadd8d879d739 7852249 web optional php5_5.1.1.orig.tar.gz
 62a447c138cdefe169cc6dec240be613 95963 web optional php5_5.1.1-1ubuntu1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDv9pNvjztR8bOoMkRAr3vAKD+W9l9hWlqxXDGcES12frs/MS/RACghqBV
mMT1KAMNfJ+9wYVmHmfKmUI=
=nUHE
-----END PGP SIGNATURE-----


Accepted:
php5_5.1.1-1ubuntu1.diff.gz
  to pool/main/p/php5/php5_5.1.1-1ubuntu1.diff.gz
php5_5.1.1-1ubuntu1.dsc
  to pool/main/p/php5/php5_5.1.1-1ubuntu1.dsc
php5_5.1.1.orig.tar.gz
  to pool/main/p/php5/php5_5.1.1.orig.tar.gz

More information about the dapper-changes mailing list