[Bug 227464] Re: Please roll out security fixes from PHP 5.2.6
Launchpad Bug Tracker
227464 at bugs.launchpad.net
Wed Jul 23 20:07:13 BST 2008
This bug was fixed in the package php5 - 5.2.1-0ubuntu1.6
---------------
php5 (5.2.1-0ubuntu1.6) feisty-security; urgency=low
* debian/patches/209-CVE-2008-2050.patch: possible stack overflow and
sending of unitialized paddings
* debian/patches/210-CVE-2008-2051.patch: properly address incomplete
multibyte chars inside escapeshellcmd()
* debian/patches/211-CVE-2007-4850.patch: fixed a safe_mode bypass in cURL
* debian/patches/212-CVE-2008-2829.patch: unsafe usage of deprecated imap
functions (patch from Debian)
* debian/patches/213-CVE-2008-1384.patch: integer overflow in printf()
(patch from Debian)
* debian/patches/214-CVE-2008-2107+2108.patch: weak random number seed
* debian/patches/215-CVE-2007-4782.patch: DoS via long string in the fnmatch
functions
* debian/patches/216-pcre-compile.patch: avoid stack overflow (fix from
pcre 7.6)
* Update debian/patches/207-htmlentity-utf8-fix.patch: fail on improperly
finished UTF sequence
* References
CVE-2008-2050
CVE-2008-2051
CVE-2007-4850
CVE-2008-2829
CVE-2008-1384
CVE-2008-2107
CVE-2008-2108
CVE-2007-4782
CVE-2007-5898
LP: #227464
-- Jamie Strandboge <jamie at ubuntu.com> Wed, 16 Jul 2008 15:45:20
-0400
--
Please roll out security fixes from PHP 5.2.6
https://bugs.launchpad.net/bugs/227464
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to php5 in ubuntu.
More information about the Ubuntu-server-bugs
mailing list