Accepted php4 4:4.4.2-1 (source)

Wed Jan 18 19:30:04 GMT 2006

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Origin: Debian/incoming
Format: 1.7
Date: Wed,  18 Jan 2006 19:28:31 +0000
Source: php4
Binary: php4-xslt, php4-dev, libapache2-mod-php4, php4-domxml, php4-recode, php4-cli, php4-ldap, php4-pgsql, libapache-mod-php4, php4-gd, php4, php4-common, php4-mcal, php4-odbc, php4-mhash, php4-sybase, php4-cgi, php4-curl, php4-snmp, php4-pear, php4-mysql
Architecture: source
Version: 4:4.4.2-1
Distribution: dapper
Urgency: low
Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
Changed-By: Adam Conrad <adconrad at 0c3.net>
Description: 
 php4       - server-side, HTML-embedded scripting language (meta-package)
Closes: 336004 336645 339577 341726 343399 343791
Changes: 
 php4 (4:4.4.2-1) unstable; urgency=low
 .
   * New upstream bugfix release, skipping the problematic 4.4.1 release:
     - Remove some PEAR cruft from 006-debian_quirks.patch, since we don't
       build PEAR from php4 anymore, and it conflicted with upstream diffs.
     - Remove 054-open_basedir_slash.patch, now integrated upstream.
     - Remove 055-gd_safe_mode_checks.patch, fixed differently upstream.
   * Many security vulns fixed (closes: #336645, #339577, #336004, #341726):
     - Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208
     - Resolves multiple HTTP response splitting vulnerabilities, allowing
       arbitrary header injection via Set-Cookie headers; see CVE-2006-0207
     - Resolves a local denial of service in the apache2 SAPI, which can
       be triggered by using session.save_path in .htaccess; CVE-2005-3319
     - Resolves an infinite loop in the exif_read_data function which can
       be triggered with a specially-crafted JPEG image; CVE-2005-3353
     - Resolves an XSS vulnerability in the phpinfo function; CVE-2005-3388
     - Resolves a vulnerability in the parse_str function whereby a remote
       attacker can fool PHP into turning on register_globals, thus making
       applications vulnerable to global variable injections; CVE-2005-3389
     - Resolves a vulnerability in the RFC1867 file upload feature where, if
       register_globals is enabled, a remote attacker can modify the GLOBALS
       array with a multipart/form-data POST request; see CVE-2005-3390
     - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391
     - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode
       and open_basedir bypasses between virtual hosts; CVE-2005-3392
     - Resolves a CRLF injection vulnerability in the mb_send_mail function,
       allowing injection of arbitrary mail headers; see CVE-2005-3883
   * Bump libdb build-dep from 4.2 to 4.3, matching apache (closes: #343399)
   * Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343791)
   * Automate the process of getting the list of built-in modules into the
     package descriptions, so it stays fresh in the future (see: #341867)
   * Create 056-mime_magic_strings.patch, making the mime_magic extension
     more liberal about what mime-types is accepts, as well as making it skip
     over ones it dislikes, rather than disabling itself (see: #335674)
   * Add 057-no_apache_installed.patch, to stop spewing a mess of errors in
     configure because we don't have the apache binaries in the build chroot.
   * Fix small typo in the php4-xslt package description (see: #344816)
Files: 
 34f22a7d636ee5633e9d4bf1f359f700 98122 web optional php4_4.4.2-1.diff.gz
 a7ae7ed8f2edf1592bd94eab91c634fa 5461440 web optional php4_4.4.2.orig.tar.gz
 c30822bc794b738318164dce3cbd2813 1791 web optional php4_4.4.2-1.dsc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iQEVAwUBQ86W3wF4adwMEr3XAQKKxwgAj7b/dm/z/QGoUMzduXl5GUD+uAkj0RHO
Qzm2J1IRc5puZiyFDsw9no4LGo1EU8SeK/yRbqxA7rPDbmddmBvhslHFZF11/W02
vdjMEdBq++3hiCZxwsLTuFMVcF2aG8TyfPOLA1Y8YykuIRJ739KymJg4tEhbaFVr
Wmv5/+wqcsACDp+J0+Lcy23Nc+r1PQ3Lzp0ulR5rP7OeqsLs3GX2Kag5LCu9nLOB
sbTz7BRZ464nRaTQLu0dXPFHFpvKLsi3IdTdBrloW3zOt/LOvcjofJdd0iic0tew
Y9VZGsUgitgl1emUBDl+QSMWvw2JYLEmad6yWlfVF+db2QiMMzL9KQ==
=p9ir
-----END PGP SIGNATURE-----


Accepted:
php4_4.4.2-1.diff.gz
  to pool/universe/p/php4/php4_4.4.2-1.diff.gz
php4_4.4.2-1.dsc
  to pool/universe/p/php4/php4_4.4.2-1.dsc
php4_4.4.2.orig.tar.gz
  to pool/universe/p/php4/php4_4.4.2.orig.tar.gz