[ubuntu/trusty-updates] php5 5.5.9+dfsg-1ubuntu4.22 (Accepted)
Ubuntu Archive Robot
cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Aug 10 15:58:25 UTC 2017
php5 (5.5.9+dfsg-1ubuntu4.22) trusty-security; urgency=medium
* SECURITY UPDATE: Zend OpCache shared memory issue
- debian/patches/CVE-2015-8994-1.patch: check cached files permissions
in ext/opcache/ZendAccelerator.*,
ext/opcache/zend_accelerator_hash.c,
ext/opcache/zend_accelerator_module.c.
- debian/patches/CVE-2015-8994-2.patch: use full path in
ext/opcache/ZendAccelerator.c.
- debian/patches/CVE-2015-8994-3.patch: handle big inodes in
ext/opcache/ZendAccelerator.c.
- CVE-2015-8994
* SECURITY UPDATE: URL check bypass
- debian/patches/CVE-2016-10397-1.patch: fix logic in
ext/standard/url.c, added tests to
ext/standard/tests/url/bug73192.phpt,
ext/standard/tests/url/parse_url_basic_00*.phpt.
- debian/patches/CVE-2016-10397-2.patch: respect length argument in
ext/standard/url.c.
- CVE-2016-10397
* SECURITY UPDATE: wddx empty boolean tag parsing issue
- debian/patches/CVE-2017-11143-1.patch: handle empty tag in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug74145.*.
- debian/patches/CVE-2017-11143-2.patch: improve fix in
ext/wddx/wddx.c.
- CVE-2017-11143
* SECURITY UPDATE: DoS in OpenSSL sealing function
- debian/patches/CVE-2017-11144.patch: check return code in
ext/openssl/openssl.c, added test to ext/openssl/tests/*74651*.
- CVE-2017-11144
* SECURITY UPDATE: information leak in the date extension
- debian/patches/CVE-2017-11145.patch: fix parsing of strange formats
in ext/date/lib/parse_date.*.
- CVE-2017-11145
* SECURITY UPDATE: buffer overread in phar_parse_pharfile
- debian/patches/CVE-2017-11147.patch: use proper sizes in
ext/phar/phar.c.
- CVE-2017-11147
* SECURITY UPDATE: DoS via long locale
- debian/patches/CVE-2017-11362.patch: check length in
ext/intl/msgformat/msgformat_parse.c.
- CVE-2017-11362
* SECURITY UPDATE: buffer overflow in the zend_ini_do_op()
- debian/patches/CVE-2017-11628.patch: use correct buffer size in
Zend/zend_ini_parser.y, added tests to Zend/tests/bug74603.*.
- CVE-2017-11628
* SECURITY UPDATE: out-of-bounds read in oniguruma in mbstring
- debian/patches/CVE-2017-9224.patch: fix logic in
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9224
* SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
- debian/patches/CVE-2017-9226.patch: add checks to
ext/mbstring/oniguruma/regparse.c.
- CVE-2017-9226
* SECURITY UPDATE: stack out-of-bounds read in oniguruma in mbstring
- debian/patches/CVE-2017-9227.patch: add bounds check to
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9227
* SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
- debian/patches/CVE-2017-9228.patch: add check to
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9228
* SECURITY UPDATE: invalid pointer dereference in oniguruma in mbstring
- debian/patches/CVE-2017-9229.patch: fix logic in
ext/mbstring/oniguruma/regexec.c.
- CVE-2017-9229
Date: 2017-08-04 19:26:13.907337+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.22
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list