[ubuntu/wily-updates] php5 5.6.11+dfsg-1ubuntu3.2 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Thu Apr 21 15:58:42 UTC 2016 

php5 (5.6.11+dfsg-1ubuntu3.2) wily-security; urgency=medium

  * SECURITY UPDATE: directory traversal in ZipArchive::extractTo
    - debian/patches/CVE-2014-9767.patch: use proper path in
      ext/zip/php_zip.c, added test to ext/zip/tests/bug70350.phpt.
    - CVE-2014-9767
  * SECURITY UPDATE: type confusion issue in SoapClient
    - debian/patches/CVE-2015-8835.patch: check types in
      ext/soap/php_http.c.
    - CVE-2015-8835
    - CVE-2016-3185
  * SECURITY UPDATE: denial of service or memory disclosure in gd via large
    bgd_color argument to imagerotate
    - debian/patches/CVE-2016-1903.patch: check bgcolor in
      ext/gd/libgd/gd_interpolation.c, added test to
      ext/gd/tests/bug70976.phpt.
    - CVE-2016-1903
  * SECURITY UPDATE: stack overflow when decompressing tar archives
    - debian/patches/CVE-2016-2554.patch: handle non-terminated linknames
      in ext/phar/tar.c.
    - CVE-2016-2554
  * SECURITY UPDATE: use-after-free in WDDX
    - debian/patches/CVE-2016-3141.patch: fix stack in ext/wddx/wddx.c,
      added test to ext/wddx/tests/bug71587.phpt.
    - CVE-2016-3141
  * SECURITY UPDATE: out-of-Bound Read in phar_parse_zipfile()
    - debian/patches/CVE-2016-3142.patch: check bounds in ext/phar/zip.c.
    - CVE-2016-3142
  * SECURITY UPDATE: openssl_random_pseudo_bytes() is not cryptographically
    secure
    - debian/patches/bug70014.patch: use RAND_bytes instead of deprecated
      RAND_pseudo_bytes in ext/openssl/openssl.c.
    - No CVE number
  * SECURITY UPDATE: buffer over-write in finfo_open with malformed magic
    file
    - debian/patches/bug71527.patch: properly calculate length in
      ext/fileinfo/libmagic/funcs.c, added test to
      ext/fileinfo/tests/bug71527.magic.
    - CVE number pending
  * SECURITY UPDATE: php_snmp_error() format string Vulnerability
    - debian/patches/bug71704.patch: use format string in ext/snmp/snmp.c.
    - CVE number pending
  * SECURITY UPDATE: integer overflow in php_raw_url_encode
    - debian/patches/bug71798.patch: use size_t in ext/standard/url.c.
    - CVE number pending
  * SECURITY UPDATE: invalid memory write in phar on filename containing
    NULL
    - debian/patches/bug71860.patch: require valid paths in
      ext/phar/phar.c, ext/phar/phar_object.c, fix tests in
      ext/phar/tests/badparameters.phpt,
      ext/phar/tests/bug64931/bug64931.phpt,
      ext/phar/tests/create_path_error.phpt,
      ext/phar/tests/phar_extract.phpt,
      ext/phar/tests/phar_isvalidpharfilename.phpt,
      ext/phar/tests/phar_unlinkarchive.phpt,
      ext/phar/tests/pharfileinfo_construct.phpt.
    - CVE number pending
  * SECURITY UPDATE: invalid negative size in mbfl_strcut
    - debian/patches/bug71906.patch: fix length checks in
      ext/mbstring/libmbfl/mbfl/mbfilter.c.
    - CVE number pending

Date: 2016-04-15 17:17:15.270824+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/php5/5.6.11+dfsg-1ubuntu3.2
-------------- next part --------------
Sorry, changesfile not available.

More information about the Wily-changes mailing list