[ubuntu/trusty-updates] php5 5.5.9+dfsg-1ubuntu4.9 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon Apr 20 16:28:27 UTC 2015

php5 (5.5.9+dfsg-1ubuntu4.9) trusty-security; urgency=medium

  * SECURITY UPDATE: potential remote code execution vulnerability when
    used with the Apache 2.4 apache2handler
    - debian/patches/bug69218.patch: perform proper cleanup in
    - CVE number pending
  * SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
    - debian/patches/bug69441.patch: check lengths in
    - CVE number pending
  * SECURITY UPDATE: heap overflow in regexp library
    - debian/patches/CVE-2015-2305.patch: check for overflow in
    - CVE-2015-2305
  * SECURITY UPDATE: move_uploaded_file filename restriction bypass
    - debian/patches/CVE-2015-2348.patch: handle nulls in
    - CVE-2015-2348
  * SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
    - debian/patches/CVE-2015-2783.patch: properly check lengths in
      ext/phar/phar.c, ext/phar/phar_internal.h.
    - CVE-2015-2783
  * SECURITY UPDATE: arbitrary code exection via process_nested_data
    - debian/patches/CVE-2015-2787.patch: fix logic in
    - CVE-2015-2787

php5 (5.5.9+dfsg-1ubuntu4.8) trusty; urgency=medium

  * Fix php5-fpm logrotate since the upstart job has been introduced.
    (LP: #1230917)
    - Backport the /usr/lib/php5/php5-fpm-reopenlogs script from utopic.
    - Call the script in postrotate instead of invoke-rc.d php5-fpm reopen-logs.
      Upstart jobs don't support custom actions.

Date: 2015-04-17 11:35:20.705864+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list