[ubuntu/utopic-updates] php5 5.5.12+dfsg-2ubuntu4.2 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Feb 17 18:58:21 UTC 2015 

php5 (5.5.12+dfsg-2ubuntu4.2) utopic-security; urgency=medium

  * SECURITY UPDATE: arbitrary code execution via improper handling of
    duplicate keys in unserializer
    - debian/patches/CVE-2014-8142.patch: fix use after free in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/serialize/bug68594.phpt.
    - CVE-2014-8142
  * SECURITY UPDATE: out of bounds read via invalid php file
    - debian/patches/CVE-2014-9427.patch: fix bounds in
      sapi/cgi/cgi_main.c.
    - CVE-2014-9427
  * SECURITY UPDATE: out of bounds read in fileinfo
    - debian/patches/CVE-2014-9652.patch: properly check length in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-9652
  * SECURITY UPDATE: arbitrary code execution via improper handling of
    duplicate keys in unserializer, additional fix
    - debian/patches/CVE-2015-0231.patch: fix use after free in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/strings/bug68710.phpt.
    - CVE-2015-0231
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    crafted EXIF data
    - debian/patches/CVE-2015-0232.patch: fix uninitialized pointer free in
      ext/exif/exif.c.
    - CVE-2015-0232
  * SECURITY UPDATE: use after free in opcache component
    - debian/patches/CVE-2015-1351.patch: fix use after free in
      ext/opcache/zend_shared_alloc.c.
    - CVE-2015-1351
  * SECURITY UPDATE: null pointer dereference in pgsql
    - debian/patches/CVE-2015-1352.patch: properly set valid token in
      ext/pgsql/pgsql.c.
    - CVE-2015-1352
  * debian/patches/remove_readelf.patch: remove readelf.c from fileinfo as
    it isn't used, and is a source of confusion when doing security
    updates.
  * debian/patches/CVE-2014-3710.patch: removed, wasn't needed.

Date: 2015-02-13 18:15:11.745237+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/php5/5.5.12+dfsg-2ubuntu4.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Utopic-changes mailing list