Accepted php5 5.1.6-1ubuntu2.2 (source)

Ubuntu Installer archive at ubuntu.com
Wed Feb 21 13:55:57 GMT 2007 

Accepted:
 OK: php5_5.1.6-1ubuntu2.2.dsc
     -> Component: main Section: web
 OK: php5_5.1.6-1ubuntu2.2.diff.gz

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 21 Feb 2007 09:22:55 +0100
Source: php5
Binary: php5-mysqli php5-gd php5-ldap php5 php5-xmlrpc libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mysql php5-common php5-dev php5-snmp php5-sqlite
Architecture: source
Version: 5.1.6-1ubuntu2.2
Distribution: edgy-security
Urgency: low
Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2.0 module)
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (meta-package)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dev   - Files for PHP5 module development
 php5-gd    - GD module for php5
 php5-ldap  - LDAP module for php5
 php5-mhash - MHASH module for php5
 php5-mysql - MySQL module for php5
 php5-mysqli - MySQL Improved module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Changes: 
 php5 (5.1.6-1ubuntu2.2) edgy-security; urgency=low
 .
   * SECURITY UPDATE: Remote code execution.
   * Add debian/patches/CVE-2007-0906_imap.patch:
     - Buffer overflows in the imap extension.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.11&r2=1.208.2.7.2.12
     - http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.15&r2=1.208.2.7.2.16
   * Add debian/patches/CVE-2007-0906_session.patch:
     - Buffer overflow in the session extension.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.22&r2=1.417.2.8.2.23
   * Add debian/patches/CVE-2007-0906_streams.patch:
     - Buffer overflows in the stream filters functions.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.58.2.6.2.12&r2=1.58.2.6.2.13
     - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.98&r2=1.99
   * Add debian/patches/CVE-2007-0906_string.patch:
     - Buffer overflow in the string extension.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.629&r2=1.631
   * Add debian/patches/CVE-2007-0907.patch:
     - Buffer underflow in sapi_header_op() that can be exploited to crash the
       PHP interpreter.
     - http://cvs.php.net/viewvc.cgi/php-src/main/SAPI.c?r1=1.202.2.7.2.3&r2=1.202.2.7.2.4
   * Add debian/patches/CVE-2007-0908.patch:
     - Fix forgotten initialization of key_length and buffer overflow in the
       wddx extension that could be exploited to reveal memory that is not
       supposed to be accessible (potential information disclosure).
     - http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.8&r2=1.119.2.10.2.10
   * Add debian/patches/CVE-2007-0909_print.patch:
     - Fix format string vulnerability on 64 bit systems in the *print()
       functions.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.82.2.1.2.11&r2=1.82.2.1.2.12
   * Add debian/patches/CVE-2007-0909_odbc.patch:
     - Fix format string vulnerability on 64 bit systems in odbc_result_all().
     - http://cvs.php.net/viewvc.cgi/php-src/ext/odbc/php_odbc.c?r1=1.189.2.4.2.1&r2=1.189.2.4.2.2
     - http://cvs.php.net/viewvc.cgi/php-src/ext/odbc/php_odbc.c?r1=1.189.2.4.2.3&r2=1.189.2.4.2.4
   * Add debian/patches/CVE-2007-0910.patch:
     - Fix clobbering of superglobal variables during session variable
       unserialization.
     - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.458&r2=1.459
     - http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.24&r2=1.417.2.8.2.26
     - http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.104.2.10.2.3&r2=1.104.2.10.2.4
   * Add debian/patches/CVE-2007-0988.patch:
     - Fix infinite loop in zend_hash_init() when unserializing untrusted data
       on 64 bit systems.
     - http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_hash.c?r1=1.121.2.4.2.5&r2=1.121.2.4.2.6
Files: 
 79dae69fb1a9d1066030ca0a2a3c5894 1766 web optional php5_5.1.6-1ubuntu2.2.dsc
 3b71f0b8c5afffa480e001a18c224b52 106855 web optional php5_5.1.6-1ubuntu2.2.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF3AHTDecnbV4Fd/IRAqTAAKCDhZfOA2Vwt+vO00srYTGhOqasFgCg6ExY
cHiQ1zjMm7Uz1S5IoQZcZgU=
=dj/x
-----END PGP SIGNATURE-----

More information about the edgy-changes mailing list