[ubuntu/saucy-updates] php5 5.5.3+dfsg-1ubuntu2.2 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Mar 3 18:29:15 UTC 2014


php5 (5.5.3+dfsg-1ubuntu2.2) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    multiple issues in gdImageCrop
    - debian/patches/CVE-2013-7226.patch: fix overflows and data type
      issues in ext/gd/gd.c,ext/gd/libgd/gd_crop.c, added test to
      ext/gd/tests/bug66356.phpt.
    - CVE-2013-7226
    - CVE-2013-7327
    - CVE-2013-7328
    - CVE-2014-2020
  * SECURITY UPDATE: denial of service via crafted indirect offset value
    in fileinfo
    - debian/patches/CVE-2013-1943.patch: properly handle recursion in
      ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added
      test to ext/fileinfo/tests/cve-2014-1943.phpt.
    - CVE-2013-1943
  * debian/rules: re-enable tests.

Date: 2014-02-28 19:49:12.471384+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/saucy/+source/php5/5.5.3+dfsg-1ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Saucy-changes mailing list