[ubuntu/natty] php5 5.3.3-7ubuntu1 (Accepted)
Chuck Short
zulcss at ubuntu.com
Mon Jan 17 14:50:32 UTC 2011
php5 (5.3.3-7ubuntu1) natty; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/control:
* Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe.
* Dropped libmysqlclient15-dev, build against mysql 5.1.
* Dropped libcurl-dev not in the archive.
* Suggest php5-suhosin rather than recommends.
* Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions
already in universe.
* Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1)
* Dropped locales-all.
- modulelist: Drop imap, interbase, sybase, and mcrypt.
- debian/rules:
* Dropped building of mcrypt, imap, and interbase.
* Install apport hook for php5.
* stop mysql instance on clean just in case we failed in tests
- Dropped debian/patches/fix-upstream-bug53632.patch, used debian's instead.
- Dropped debian/patches/mssql-fix-segfault.patch, use debian's instead.
- debian/patches/configure-as-needed.patch. Work around suspicious
configure macros to fix a build failure with --as-needed
- debian/patches/php52389-pgsql-segfault.patch: removing, causes error
handling to fail.
php5 (5.3.3-7) unstable; urgency=low
* Cherry pick patches for:
+ double free vulnerability in the imap_do_open function in the IMAP
extension (CVE-2010-4150)
+ infinite loop with x87 CPU
+ extract() to not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE
+ crash if aa steps are invalid in GD extension
+ crash with entitity declaration in simplexml.c
+ NULL dereference in Zend language scanner
+ integer overflow in SdnToJulian
+ memory leaks and possible crash introduced by NULL poisoning patch
+ leaks and crash when passing the callback as a variable
+ leak in highlight_string
+ segmentation fault in pgsql_stmt_execute when postgres is down
+ segmentation fault when extending SplFixedArray
+ segmentation fault when node is NULL in simplexml.c
+ segmentation fault when using several cloned intl objects
+ segmentation fault when using bad column_number in sqlite3 columnName
* Add comment about cherry picked patches (and last revision) from
upstream SVN to README.source
php5 (5.3.3-6) unstable; urgency=medium
* Cherry-pick fix for crashes on invalid parameters in intl extension.
(CVE-2010-4409).
* Cherry pick fix for crash in zip extract method (possible CWE-170)
* Cherry pick fix for unaligned memory access in ext/hash/hash_tiger.c
* Update CVE-2010-3870 to include test case
* Cherry pick complete fix to reject filenames with NULL (CVE requested)
php5 (5.3.3-5) unstable; urgency=high
* Add firebird support for armhf (Closes: #604526)
* More updates to open_basedir (Closes: #605391)
php5 (5.3.3-4) unstable; urgency=low
* Cherry pick patches for (Closes: #603751):
+ NULL pointer dereference in ZipArchive::getArchiveComment
(CVE-2010-3709)
+ utf8_decode xml_utf8_decode vulnerability (CVE-2010-3870)
+ mb_strcut() returns garbage with the excessive length parameter
(CVE-2010-4156)
+ possible flaw in open_basedir (CVE-2010-3436)
+ segfault in SplFileObject::fscanf
+ memory leak in PDO::FETCH_INTO
+ crash when storing many SPLFixedArray in an array
+ possible crash in php_mssql_get_column_content_without_type()
+ cURL leaks handle and causes assertion error (CURLOPT_STDERR)
+ segfault when optional parameters are not passed in to mssql_connect
+ segfault when ssl stream option capture_peer_cert_chain used
+ crash in GC because of incorrect reference counting
+ crash when calling enchant_broker_get_dict_path before set_path
+ crash in pdo_firebird getAttribute()
php5 (5.3.3-3) unstable; urgency=high
* Fix segfault in filter_var with FILTER_VALIDATE_EMAIL with large
amount of data (CVE-2010-3710, Closes: #601619)
php5 (5.3.3-2) unstable; urgency=low
* Upload 5.3.3 to unstable
+ Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866,
CVE-2010-2531, CVE-2010-3065.
* Don't build FPM SAPI now
* Bump standards version to 3.9.1
* Synchronize system crypt patch
* Cherry pick upstream fix for format vulnerability in phar/stream.c
+ Fixes CVE-2010-2950.
* Set explicit error level to hide warnings on systems with modified
php.ini (Closes: #590485)
* Apply patch to fix loading of extensions without [PHP] section
(Closes: #595761)
* Set session.gc_probability back to 0 (Closes: #595706)
* Update PHP5 description to not include references to C, Java and
Perl (Closes: #351032)
Date: Fri, 07 Jan 2011 22:44:56 +0000
Changed-By: Chuck Short <zulcss at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Chuck Short <chuck.short at canonical.com>
https://launchpad.net/ubuntu/natty/+source/php5/5.3.3-7ubuntu1
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 07 Jan 2011 22:44:56 +0000
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source
Version: 5.3.3-7ubuntu1
Distribution: natty
Urgency: high
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Chuck Short <zulcss at ubuntu.com>
Description:
libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (metapackage)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dbg - Debug symbols for PHP5
php5-dev - Files for PHP5 module development
php5-enchant - Enchant module for php5
php5-gd - GD module for php5
php5-gmp - GMP module for php5
php5-intl - internationalisation module for php5
php5-ldap - LDAP module for php5
php5-mysql - MySQL module for php5
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-pspell - pspell module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-tidy - tidy module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Closes: 351032 590485 595706 595761 601619 603751 604526 605391
Changes:
php5 (5.3.3-7ubuntu1) natty; urgency=low
.
* Merge from debian unstable. Remaining changes:
- debian/control:
* Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe.
* Dropped libmysqlclient15-dev, build against mysql 5.1.
* Dropped libcurl-dev not in the archive.
* Suggest php5-suhosin rather than recommends.
* Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions
already in universe.
* Dropped libonig-dev and libqgdbm since its in universe. (will be re-added in lucid+1)
* Dropped locales-all.
- modulelist: Drop imap, interbase, sybase, and mcrypt.
- debian/rules:
* Dropped building of mcrypt, imap, and interbase.
* Install apport hook for php5.
* stop mysql instance on clean just in case we failed in tests
- Dropped debian/patches/fix-upstream-bug53632.patch, used debian's instead.
- Dropped debian/patches/mssql-fix-segfault.patch, use debian's instead.
- debian/patches/configure-as-needed.patch. Work around suspicious
configure macros to fix a build failure with --as-needed
- debian/patches/php52389-pgsql-segfault.patch: removing, causes error
handling to fail.
.
php5 (5.3.3-7) unstable; urgency=low
.
* Cherry pick patches for:
+ double free vulnerability in the imap_do_open function in the IMAP
extension (CVE-2010-4150)
+ infinite loop with x87 CPU
+ extract() to not overwrite $GLOBALS and $this when using
EXTR_OVERWRITE
+ crash if aa steps are invalid in GD extension
+ crash with entitity declaration in simplexml.c
+ NULL dereference in Zend language scanner
+ integer overflow in SdnToJulian
+ memory leaks and possible crash introduced by NULL poisoning patch
+ leaks and crash when passing the callback as a variable
+ leak in highlight_string
+ segmentation fault in pgsql_stmt_execute when postgres is down
+ segmentation fault when extending SplFixedArray
+ segmentation fault when node is NULL in simplexml.c
+ segmentation fault when using several cloned intl objects
+ segmentation fault when using bad column_number in sqlite3 columnName
* Add comment about cherry picked patches (and last revision) from
upstream SVN to README.source
.
php5 (5.3.3-6) unstable; urgency=medium
.
* Cherry-pick fix for crashes on invalid parameters in intl extension.
(CVE-2010-4409).
* Cherry pick fix for crash in zip extract method (possible CWE-170)
* Cherry pick fix for unaligned memory access in ext/hash/hash_tiger.c
* Update CVE-2010-3870 to include test case
* Cherry pick complete fix to reject filenames with NULL (CVE requested)
.
php5 (5.3.3-5) unstable; urgency=high
.
* Add firebird support for armhf (Closes: #604526)
* More updates to open_basedir (Closes: #605391)
.
php5 (5.3.3-4) unstable; urgency=low
.
* Cherry pick patches for (Closes: #603751):
+ NULL pointer dereference in ZipArchive::getArchiveComment
(CVE-2010-3709)
+ utf8_decode xml_utf8_decode vulnerability (CVE-2010-3870)
+ mb_strcut() returns garbage with the excessive length parameter
(CVE-2010-4156)
+ possible flaw in open_basedir (CVE-2010-3436)
+ segfault in SplFileObject::fscanf
+ memory leak in PDO::FETCH_INTO
+ crash when storing many SPLFixedArray in an array
+ possible crash in php_mssql_get_column_content_without_type()
+ cURL leaks handle and causes assertion error (CURLOPT_STDERR)
+ segfault when optional parameters are not passed in to mssql_connect
+ segfault when ssl stream option capture_peer_cert_chain used
+ crash in GC because of incorrect reference counting
+ crash when calling enchant_broker_get_dict_path before set_path
+ crash in pdo_firebird getAttribute()
.
php5 (5.3.3-3) unstable; urgency=high
.
* Fix segfault in filter_var with FILTER_VALIDATE_EMAIL with large
amount of data (CVE-2010-3710, Closes: #601619)
.
php5 (5.3.3-2) unstable; urgency=low
.
* Upload 5.3.3 to unstable
+ Fixes CVE-2010-2225, CVE-2010-2094, CVE-2010-1917, CVE-2010-1866,
CVE-2010-2531, CVE-2010-3065.
* Don't build FPM SAPI now
* Bump standards version to 3.9.1
* Synchronize system crypt patch
* Cherry pick upstream fix for format vulnerability in phar/stream.c
+ Fixes CVE-2010-2950.
* Set explicit error level to hide warnings on systems with modified
php.ini (Closes: #590485)
* Apply patch to fix loading of extensions without [PHP] section
(Closes: #595761)
* Set session.gc_probability back to 0 (Closes: #595706)
* Update PHP5 description to not include references to C, Java and
Perl (Closes: #351032)
Checksums-Sha1:
a447d83751b76d9bfc9336650c73175fd1113733 2588 php5_5.3.3-7ubuntu1.dsc
4e171266045fbf1e454134765f037560df7ba794 223419 php5_5.3.3-7ubuntu1.diff.gz
Checksums-Sha256:
c26ddc97f3b46c71ef5cb36382907d5cdc5b9c66084b5be284f9505b4b119e1c 2588 php5_5.3.3-7ubuntu1.dsc
15b72357ece596a53f15d7e3a2c35b5e94bac3216801d7a4ddc23fae84710779 223419 php5_5.3.3-7ubuntu1.diff.gz
Files:
cc322cda21472fa6f90cd4daf4e460e8 2588 php optional php5_5.3.3-7ubuntu1.dsc
05d9eef01138dfc3ebfd7b64d9c80981 223419 php optional php5_5.3.3-7ubuntu1.diff.gz
Original-Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAk00SwoACgkQIHZ33voUATsHowCfde3uPCoencMt3YmZDsM0S7TC
tfYAnAlD94s8mKsmxBC+9ndhbmVjwfWC
=Yyyt
-----END PGP SIGNATURE-----
More information about the Natty-changes
mailing list