Accepted php5 5.1.2-1ubuntu3.5 (source)

Ubuntu Installer archive at ubuntu.com
Wed Feb 21 13:55:41 GMT 2007 

Accepted:
 OK: php5_5.1.2-1ubuntu3.5.dsc
     -> Component: main Section: web
 OK: php5_5.1.2-1ubuntu3.5.diff.gz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 21 Feb 2007 09:25:41 +0100
Source: php5
Binary: php5-mysqli php5-gd php5-ldap php5 php5-xmlrpc libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mysql php5-common php5-dev php5-snmp php5-sqlite
Architecture: source
Version: 5.1.2-1ubuntu3.5
Distribution: dapper-security
Urgency: low
Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2.0 module)
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (meta-package)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dev   - Files for PHP5 module development
 php5-gd    - GD module for php5
 php5-ldap  - LDAP module for php5
 php5-mhash - MHASH module for php5
 php5-mysql - MySQL module for php5
 php5-mysqli - MySQL Improved module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Changes: 
 php5 (5.1.2-1ubuntu3.5) dapper-security; urgency=low
 .
   * SECURITY UPDATE: Remote code execution.
   * Add debian/patches/CVE-2007-0906_imap.patch:
     - Buffer overflows in the imap extension.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.11&r2=1.208.2.7.2.12
     - http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.15&r2=1.208.2.7.2.16
   * Add debian/patches/CVE-2007-0906_session.patch:
     - Buffer overflow in the session extension.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.22&r2=1.417.2.8.2.23
   * Add debian/patches/CVE-2007-0906_streams.patch:
     - Buffer overflows in the stream filters functions.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.58.2.6.2.12&r2=1.58.2.6.2.13
     - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.98&r2=1.99
   * Add debian/patches/CVE-2007-0906_string.patch:
     - Buffer overflow in the string extension.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.629&r2=1.631
   * Add debian/patches/CVE-2007-0907.patch:
     - Buffer underflow in sapi_header_op() that can be exploited to crash the
       PHP interpreter.
     - http://cvs.php.net/viewvc.cgi/php-src/main/SAPI.c?r1=1.202.2.7.2.3&r2=1.202.2.7.2.4
   * Add debian/patches/CVE-2007-0908.patch:
     - Fix forgotten initialization of key_length and buffer overflow in the
       wddx extension that could be exploited to reveal memory that is not
       supposed to be accessible (potential information disclosure).
     - http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.8&r2=1.119.2.10.2.10
   * Add debian/patches/CVE-2007-0909_print.patch:
     - Fix format string vulnerability on 64 bit systems in the *print()
       functions.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.82.2.1.2.11&r2=1.82.2.1.2.12
   * Add debian/patches/CVE-2007-0909_odbc.patch:
     - Fix format string vulnerability on 64 bit systems in odbc_result_all().
     - http://cvs.php.net/viewvc.cgi/php-src/ext/odbc/php_odbc.c?r1=1.189.2.4.2.1&r2=1.189.2.4.2.2
     - http://cvs.php.net/viewvc.cgi/php-src/ext/odbc/php_odbc.c?r1=1.189.2.4.2.3&r2=1.189.2.4.2.4
   * Add debian/patches/CVE-2007-0910.patch:
     - Fix clobbering of superglobal variables during session variable
       unserialization.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.458&r2=1.459
     - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.24&r2=1.417.2.8.2.26
     - http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.104.2.10.2.3&r2=1.104.2.10.2.4
   * Add debian/patches/CVE-2007-0988.patch:
     - Fix infinite loop in zend_hash_init() when unserializing untrusted data
       on 64 bit systems.
     - http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_hash.c?r1=1.121.2.4.2.5&r2=1.121.2.4.2.6
Files: 
 c9d31713f64cd9b9508674b54a1aa39a 1768 web optional php5_5.1.2-1ubuntu3.5.dsc
 2d8d7cd177d1c220bf6a7deccb03520a 113123 web optional php5_5.1.2-1ubuntu3.5.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFF3APcDecnbV4Fd/IRAs0qAJ0QQYqhS5X9fY6fsGvHMQWAj1MfNACfQpIf
Xyur7HxhqUHNNhusffFm5w8=
=ny1g
-----END PGP SIGNATURE-----

More information about the dapper-changes mailing list