moved to release
php5 (5.6.4+dfsg-4ubuntu2) vivid; urgency=medium * SECURITY UPDATE: out of bounds read via invalid php file - debian/patches/CVE-2014-9427.patch: fix bounds in sapi/cgi/cgi_main.c. - CVE-2014-9427 * SECURITY UPDATE: out of bounds read in fileinfo - debian/patches/CVE-2014-9652.patch: properly check length in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-9652 * SECURITY UPDATE: arbitrary code execution via improper handling of duplicate keys in unserializer, additional fix - debian/patches/CVE-2015-0231.patch: fix use after free in ext/standard/var_unserializer.*, added test to ext/standard/tests/strings/bug68710.phpt. - CVE-2015-0231 * SECURITY UPDATE: arbitrary code execution or denial of service via crafted EXIF data - debian/patches/CVE-2015-0232.patch: fix uninitialized pointer free in ext/exif/exif.c. - CVE-2015-0232 * SECURITY UPDATE: use after free in opcache component - debian/patches/CVE-2015-1351.patch: fix use after free in ext/opcache/zend_shared_alloc.c. - CVE-2015-1351 * SECURITY UPDATE: null pointer dereference in pgsql - debian/patches/CVE-2015-1352.patch: properly set valid token in ext/pgsql/pgsql.c. - CVE-2015-1352 * debian/patches/remove_readelf.patch: remove readelf.c from fileinfo as it isn't used, and is a source of confusion when doing security updates. -- Marc Deslauriers <email address hidden> Tue, 17 Feb 2015 15:47:51 -0500