[ubuntu/trusty-security] php5 5.5.9+dfsg-1ubuntu4.29 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Tue Apr 23 13:32:48 UTC 2019
php5 (5.5.9+dfsg-1ubuntu4.29) trusty-security; urgency=medium
* SECURITY UPDATE: Unauthorized users access
- debian/patches/CVE-2019-9637.patch: fix in
main/streams/plain_wrapper.c.
- CVE-2019-9637
* SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
- debian/patches/CVE-2019-9638-and-CVE-2019-9639-*.patch: fix in
ext/exif/exif.c, added tests in ext/exif/tests/bug77563.jpg,
ext/exif/tests/bug77563.phpt.
- CVE-2019-9638
- CVE-2019-9639
* SECURITY UPDATE: Invalid read
- debian/patches/CVE-2019-9640.patch: fix in
ext/exif/exif.c, added tests in ext/exif/tests/bug77540.jpg,
ext/exif/tests/bug77540.phpt.
- CVE-2019-9640
* SECURITY UPDATE: Unitialized read
- debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
- CVE-2019-9641
* SECURITY UPDATE: Buffer overflow
- debian/patches/CVE-2019-9675.patch: fix in
ext/phar/tar.c, added tests, ext/phar/tests/bug77586,phpt,
ext/phar/tests/bug77586/files/*.
- CVE-2019-9675
* Changed the way MAKERNOTE is handled in case we do not have a matching
signature, in order to support tests CVE-2019-9638 and CVE-2019-9639.
- debian/patches/Changed-the-way-MAKERNOTE-is-handled-in-case.patch: fix
it changing the behavior in order to continue the parse in
ext/exif/exif.c
* SECURITY UPDATE: buffer over-read in dns_get_record
- debian/patches/CVE-2019-9022.patch: check length in
ext/standard/dns.c.
- CVE-2019-9022
Date: 2019-04-22 18:24:12.533464+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.29
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list