[ubuntu/jaunty] php5 5.2.6.dfsg.1-3ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Tue Mar 31 02:35:14 BST 2009 

php5 (5.2.6.dfsg.1-3ubuntu4) jaunty; urgency=low

  * SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
    entry in a .htaccess file.
    - debian/patches/CVE-2008-5625.patch: enforce restrictions when merging
      in dir entry in sapi/apache/mod_php5.c and sapi/apache2handler/apache_config.c.
    - CVE-2008-5625
  * SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects
    other virtual hosts.
    - debian/patches/CVE-2009-0754.patch: don't terminate on the first
      function that is not overloaded in ext/mbstring/mbstring.c.
    - CVE-2009-0754

Date: Mon, 30 Mar 2009 19:20:34 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Kees Cook <kees at ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/php5/5.2.6.dfsg.1-3ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 30 Mar 2009 19:20:34 -0400
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-gd php5-gmp php5-ldap php5-mhash php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source
Version: 5.2.6.dfsg.1-3ubuntu4
Distribution: jaunty
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
 libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (metapackage)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dbg   - Debug symbols for PHP5
 php5-dev   - Files for PHP5 module development
 php5-gd    - GD module for php5
 php5-gmp   - GMP module for php5
 php5-ldap  - LDAP module for php5
 php5-mhash - MHASH module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Changes: 
 php5 (5.2.6.dfsg.1-3ubuntu4) jaunty; urgency=low
 .
   * SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
     entry in a .htaccess file.
     - debian/patches/CVE-2008-5625.patch: enforce restrictions when merging
       in dir entry in sapi/apache/mod_php5.c and sapi/apache2handler/apache_config.c.
     - CVE-2008-5625
   * SECURITY UPDATE: mbstring.func_overload setting in .htaccess affects
     other virtual hosts.
     - debian/patches/CVE-2009-0754.patch: don't terminate on the first
       function that is not overloaded in ext/mbstring/mbstring.c.
     - CVE-2009-0754
Checksums-Sha1: 
 ed288944c0a2e40ed3fb34bc5db5cd58c8761582 2572 php5_5.2.6.dfsg.1-3ubuntu4.dsc
 e4a6dc404151bda87c477200ba4aa89131d40779 186223 php5_5.2.6.dfsg.1-3ubuntu4.diff.gz
Checksums-Sha256: 
 83b11ae9aa1dbfc5ac5f04b60389d693b438b4b06e4f810554cfa629a6e6c38e 2572 php5_5.2.6.dfsg.1-3ubuntu4.dsc
 921c26a0e9a78f712d90f21792e3f70e8aaa8cd530efb1b17345bb66a5ccf3c5 186223 php5_5.2.6.dfsg.1-3ubuntu4.diff.gz
Files: 
 6a6a2e326205720f64cc057f45aeea67 2572 web optional php5_5.2.6.dfsg.1-3ubuntu4.dsc
 b651c0c72786064da996add6aea83225 186223 web optional php5_5.2.6.dfsg.1-3ubuntu4.diff.gz
Original-Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook <kees at outflux.net>

iEYEARECAAYFAknRcowACgkQH/9LqRcGPm0R0ACfTEIJVZ2vqgz2UUsAzwxLXRuQ
81IAoKHIMCqHTDmHef26PIqq7Fp8rjJw
=uciW
-----END PGP SIGNATURE-----

More information about the Jaunty-changes mailing list