php4 4:4.3.8-3ubuntu7.15 source package in Ubuntu
Changelog
php4 (4:4.3.8-3ubuntu7.15) warty-security; urgency=low * SECURITY UPDATE: multiple fixes backported from 5.1.2 and CVS: - Fix multiple HTTP response splitting vulnerabilities in sessions and the header() function, due to lack of input validation; CVE-2006-0207 + Add safety checks in the header() function to make sure that we don't get newlines injected by (mis)use of user input in headers. + Add a check for invalid characters in session names, so that we aren't subject to HTTP response splitting vulnerabilities in the Set-Cookie header we send back out as a result of user input. + Bring in a patch from newer versions of php4 and php5, preventing us from sending session cookies when we were just handed one, unless the session ID has changed, eliminating another vector. - Filter HTML error reporting, preventing cross-site scripting attacks when both display_errors and html_errors are enabled; CVE-2006-0208 -- Adam Conrad <email address hidden> Wed, 8 Mar 2006 18:17:46 +1100
Upload details
- Uploaded by:
- Adam Conrad
- Uploaded to:
- Warty
- Original maintainer:
- Adam Conrad
- Architectures:
- any
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
php4_4.3.8.orig.tar.gz | 4.6 MiB | 3985f285644868bdb404de7138d90fab761a92684f48b99c431a570fd9fe2abc |
php4_4.3.8-3ubuntu7.15.diff.gz | 613.4 KiB | 189ddb1d305419202ba9d6fe48dd8576ed0a1c7882ee691fe07d6f9f2efa7067 |
php4_4.3.8-3ubuntu7.15.dsc | 1.6 KiB | 981e75cf71920fcee3e95bc65b213121c2c07a6ec2b4b96882b38bf179ce7a7e |
Binary packages built by this source
- libapache2-mod-php4: No summary available for libapache2-mod-php4 in ubuntu warty.
No description available for libapache2-mod-php4 in ubuntu warty.
- php4: No summary available for php4 in ubuntu warty.
No description available for php4 in ubuntu warty.
- php4-cgi: No summary available for php4-cgi in ubuntu warty.
No description available for php4-cgi in ubuntu warty.
- php4-curl: No summary available for php4-curl in ubuntu warty.
No description available for php4-curl in ubuntu warty.
- php4-dev: No summary available for php4-dev in ubuntu warty.
No description available for php4-dev in ubuntu warty.
- php4-domxml: No summary available for php4-domxml in ubuntu warty.
No description available for php4-domxml in ubuntu warty.
- php4-gd: No summary available for php4-gd in ubuntu warty.
No description available for php4-gd in ubuntu warty.
- php4-ldap: No summary available for php4-ldap in ubuntu warty.
No description available for php4-ldap in ubuntu warty.
- php4-mcal: No summary available for php4-mcal in ubuntu warty.
No description available for php4-mcal in ubuntu warty.
- php4-mhash: No summary available for php4-mhash in ubuntu warty.
No description available for php4-mhash in ubuntu warty.
- php4-mysql: No summary available for php4-mysql in ubuntu warty.
No description available for php4-mysql in ubuntu warty.
- php4-odbc: No summary available for php4-odbc in ubuntu warty.
No description available for php4-odbc in ubuntu warty.
- php4-pear: No summary available for php4-pear in ubuntu warty.
No description available for php4-pear in ubuntu warty.
- php4-recode: No summary available for php4-recode in ubuntu warty.
No description available for php4-recode in ubuntu warty.
- php4-snmp: No summary available for php4-snmp in ubuntu warty.
No description available for php4-snmp in ubuntu warty.
- php4-sybase: No summary available for php4-sybase in ubuntu warty.
No description available for php4-sybase in ubuntu warty.
- php4-xslt: No summary available for php4-xslt in ubuntu warty.
No description available for php4-xslt in ubuntu warty.