[ubuntu/trusty-updates] php5 5.5.9+dfsg-1ubuntu4.29 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Apr 23 13:58:17 UTC 2019

php5 (5.5.9+dfsg-1ubuntu4.29) trusty-security; urgency=medium

  * SECURITY UPDATE: Unauthorized users access
    - debian/patches/CVE-2019-9637.patch: fix in
    - CVE-2019-9637
  * SECURITY UPDATE: Invalid read in exif_process_IFD_MAKERNOTE
    - debian/patches/CVE-2019-9638-and-CVE-2019-9639-*.patch: fix in
      ext/exif/exif.c, added tests in ext/exif/tests/bug77563.jpg,
    - CVE-2019-9638
    - CVE-2019-9639
  * SECURITY UPDATE: Invalid read
    - debian/patches/CVE-2019-9640.patch: fix in
      ext/exif/exif.c, added tests in ext/exif/tests/bug77540.jpg,
    - CVE-2019-9640
  * SECURITY UPDATE: Unitialized read
    - debian/patches/CVE-2019-9641.patch: fix in ext/exif/exif.c.
    - CVE-2019-9641
  * SECURITY UPDATE: Buffer overflow
    - debian/patches/CVE-2019-9675.patch: fix in
      ext/phar/tar.c, added tests, ext/phar/tests/bug77586,phpt,
    - CVE-2019-9675
  * Changed the way MAKERNOTE is handled in case we do not have a matching
    signature, in order to support tests CVE-2019-9638 and CVE-2019-9639.
    - debian/patches/Changed-the-way-MAKERNOTE-is-handled-in-case.patch: fix
      it changing the behavior in order to continue the parse in
  * SECURITY UPDATE: buffer over-read in dns_get_record
    - debian/patches/CVE-2019-9022.patch: check length in
    - CVE-2019-9022

Date: 2019-04-22 18:24:12.533464+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list