php4 4:4.3.10-10ubuntu4.3 source package in Ubuntu

Changelog

php4 (4:4.3.10-10ubuntu4.3) hoary-security; urgency=low


  * SECURITY UPDATE: multiple fixes backported from new upstream releases:
    - Resolves a local denial of service in the apache2 SAPI, which can
      be triggered by using session.save_path in .htaccess; CVE-2005-3319
    - Resolves an infinite loop in the exif_read_data function which can
      be triggered with a specially-crafted JPEG image; CVE-2005-3353
    - Resolves an XSS vulnerability in the phpinfo function; CVE-2005-3388
    - Resolves a vulnerability in the parse_str function whereby a remote
      attacker can fool PHP into turning on register_globals, thus making
      applications vulnerable to global variable injections; CVE-2005-3389
    - Resolves a vulnerability in the RFC1867 file upload feature where, if
      register_globals is enabled, a remote attacker can modify the GLOBALS
      array with a multipart/form-data POST request; see CVE-2005-3390
    - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode
      and open_basedir bypasses between virtual hosts; CVE-2005-3392
    - Resolves a CRLF injection vulnerability in the mb_send_mail function,
      allowing injection of arbitrary mail headers; see CVE-2005-3883

 -- Adam Conrad <email address hidden>  Fri, 23 Dec 2005 15:06:06 +1000

Upload details

Uploaded by:
Ubuntu Archive Auto-Sync on 2005-12-23
Uploaded to:
Hoary
Original maintainer:
Adam Conrad
Architectures:
any
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
php4_4.3.10-10ubuntu4.3.dsc 1.4 KiB 4a8e6241f4c7c5c2d2b59b3303fad3c7c0412aefd9475a513887fa2e583c41b7
php4_4.3.10.orig.tar.gz 4.7 MiB 8d5d292cf20df5ba6d3c769319e330f127a39f7da8244849cba17bbc7f04e4ef
php4_4.3.10-10ubuntu4.3.diff.gz 269.5 KiB f2352bb400680e84390ae60d46d7487616a9228c44c0d80bdf0fc04efefb80b8

No changes file available.

Binary packages built by this source

libapache2-mod-php4: No summary available for libapache2-mod-php4 in ubuntu hoary.

No description available for libapache2-mod-php4 in ubuntu hoary.

php4: No summary available for php4 in ubuntu hoary.

No description available for php4 in ubuntu hoary.

php4-cgi: No summary available for php4-cgi in ubuntu hoary.

No description available for php4-cgi in ubuntu hoary.

php4-cli: No summary available for php4-cli in ubuntu hoary.

No description available for php4-cli in ubuntu hoary.

php4-common: No summary available for php4-common in ubuntu hoary.

No description available for php4-common in ubuntu hoary.

php4-dev: No summary available for php4-dev in ubuntu hoary.

No description available for php4-dev in ubuntu hoary.