[ubuntu/precise-security] php5 5.3.10-1ubuntu3.16 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Tue Feb 17 17:58:02 UTC 2015
php5 (5.3.10-1ubuntu3.16) precise-security; urgency=medium
* SECURITY UPDATE: arbitrary code execution via improper handling of
duplicate keys in unserializer
- debian/patches/CVE-2014-8142.patch: fix use after free in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/serialize/bug68594.phpt.
- CVE-2014-8142
* SECURITY UPDATE: arbitrary code execution via improper handling of
duplicate keys in unserializer, additional fix
- debian/patches/CVE-2015-0231.patch: fix use after free in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/strings/bug68710.phpt.
- CVE-2015-0231
* debian/patches/remove_readelf.patch: remove readelf.c from fileinfo as
it isn't used, and is a source of confusion when doing security
updates.
* debian/patches/CVE-2014-3710.patch: removed, wasn't needed.
Date: 2015-02-13 19:42:12.121725+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/php5/5.3.10-1ubuntu3.16
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list