[ubuntu/dapper-security] php5 (delayed), php5 5.1.2-1ubuntu3.20 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Jan 11 21:18:30 UTC 2011
php5 (5.1.2-1ubuntu3.20) dapper-security; urgency=low
* SECURITY UPDATE: overflow leading to xml decode bypass
- ext/xml/xml.c: convert short to int to prevent overflow in
bit operations
- http://svn.php.net/viewvc/?view=revision&revision=287790
- CVE-2009-5016
* SECURITY UPDATE: xml decode bypass
- ext/xml/xml.c: improve utf8 decoding
- ext/xml/tests/bug49687.phpt: add testcase
- http://svn.php.net/viewvc/?view=revision&revision=304959
- CVE-2010-3780
* SECURITY UPDATE: open_basedir bypass
- main/fopen_wrappers.c: more strict checking in
php_check_specific_open_basedir()
- http://svn.php.net/viewvc?view=revision&revision=303824
- CVE-2010-3436
* SECURITY UPDATE: infinite loop/denial of service when dealing with
certain textual forms of MAX_FLOAT (LP: #697181)
- Zend/zend_strtod.c: treat local doubles as volatile to avoid
x87 registers in zend_strtod()
- http://svn.php.net/viewvc?view=revision&revision=263637
- http://svn.php.net/viewvc?view=revision&revision=307095
- CVE-2010-4645
Date: Mon, 10 Jan 2011 04:34:48 -0800
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
https://launchpad.net/ubuntu/dapper/+source/php5/5.1.2-1ubuntu3.20
-------------- next part --------------
Format: 1.7
Date: Mon, 10 Jan 2011 04:34:48 -0800
Source: php5
Binary: php5-mysqli php5-gd php5-ldap php5 php5-xmlrpc libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mysql php5-common php5-dev php5-snmp php5-sqlite
Architecture: source
Version: 5.1.2-1ubuntu3.20
Distribution: dapper-security
Urgency: low
Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2.0 module)
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (meta-package)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dev - Files for PHP5 module development
php5-gd - GD module for php5
php5-ldap - LDAP module for php5
php5-mhash - MHASH module for php5
php5-mysql - MySQL module for php5
php5-mysqli - MySQL Improved module for php5
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Changes:
php5 (5.1.2-1ubuntu3.20) dapper-security; urgency=low
.
* SECURITY UPDATE: overflow leading to xml decode bypass
- ext/xml/xml.c: convert short to int to prevent overflow in
bit operations
- http://svn.php.net/viewvc/?view=revision&revision=287790
- CVE-2009-5016
* SECURITY UPDATE: xml decode bypass
- ext/xml/xml.c: improve utf8 decoding
- ext/xml/tests/bug49687.phpt: add testcase
- http://svn.php.net/viewvc/?view=revision&revision=304959
- CVE-2010-3780
* SECURITY UPDATE: open_basedir bypass
- main/fopen_wrappers.c: more strict checking in
php_check_specific_open_basedir()
- http://svn.php.net/viewvc?view=revision&revision=303824
- CVE-2010-3436
* SECURITY UPDATE: infinite loop/denial of service when dealing with
certain textual forms of MAX_FLOAT (LP: #697181)
- Zend/zend_strtod.c: treat local doubles as volatile to avoid
x87 registers in zend_strtod()
- http://svn.php.net/viewvc?view=revision&revision=263637
- http://svn.php.net/viewvc?view=revision&revision=307095
- CVE-2010-4645
Files:
d21e7bcbc26a369b84afdfa9649953a2 2417 web optional php5_5.1.2-1ubuntu3.20.dsc
6df1d4b9735ef95cff0607b842416b52 156750 web optional php5_5.1.2-1ubuntu3.20.diff.gz
More information about the dapper-changes
mailing list