php4 4:4.3.8-3ubuntu7.15 source package in Ubuntu

Changelog

php4 (4:4.3.8-3ubuntu7.15) warty-security; urgency=low

  * SECURITY UPDATE: multiple fixes backported from 5.1.2 and CVS:
    - Fix multiple HTTP response splitting vulnerabilities in sessions and
      the header() function, due to lack of input validation; CVE-2006-0207
      + Add safety checks in the header() function to make sure that we
        don't get newlines injected by (mis)use of user input in headers.
      + Add a check for invalid characters in session names, so that we
        aren't subject to HTTP response splitting vulnerabilities in
        the Set-Cookie header we send back out as a result of user input.
      + Bring in a patch from newer versions of php4 and php5, preventing
        us from sending session cookies when we were just handed one,
        unless the session ID has changed, eliminating another vector.
    - Filter HTML error reporting, preventing cross-site scripting attacks
      when both display_errors and html_errors are enabled; CVE-2006-0208

 -- Adam Conrad <email address hidden>   Wed,  8 Mar 2006 18:17:46 +1100

Upload details

Uploaded by:
Adam Conrad on 2006-03-10
Uploaded to:
Warty
Original maintainer:
Adam Conrad
Architectures:
any
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
php4_4.3.8.orig.tar.gz 4.6 MiB 3985f285644868bdb404de7138d90fab761a92684f48b99c431a570fd9fe2abc
php4_4.3.8-3ubuntu7.15.diff.gz 613.4 KiB 189ddb1d305419202ba9d6fe48dd8576ed0a1c7882ee691fe07d6f9f2efa7067
php4_4.3.8-3ubuntu7.15.dsc 1.6 KiB 981e75cf71920fcee3e95bc65b213121c2c07a6ec2b4b96882b38bf179ce7a7e

View changes file

Binary packages built by this source

libapache2-mod-php4: No summary available for libapache2-mod-php4 in ubuntu warty.

No description available for libapache2-mod-php4 in ubuntu warty.

php4: No summary available for php4 in ubuntu warty.

No description available for php4 in ubuntu warty.

php4-cgi: No summary available for php4-cgi in ubuntu warty.

No description available for php4-cgi in ubuntu warty.

php4-curl: No summary available for php4-curl in ubuntu warty.

No description available for php4-curl in ubuntu warty.

php4-dev: No summary available for php4-dev in ubuntu warty.

No description available for php4-dev in ubuntu warty.

php4-domxml: No summary available for php4-domxml in ubuntu warty.

No description available for php4-domxml in ubuntu warty.

php4-gd: No summary available for php4-gd in ubuntu warty.

No description available for php4-gd in ubuntu warty.

php4-ldap: No summary available for php4-ldap in ubuntu warty.

No description available for php4-ldap in ubuntu warty.

php4-mcal: No summary available for php4-mcal in ubuntu warty.

No description available for php4-mcal in ubuntu warty.

php4-mhash: No summary available for php4-mhash in ubuntu warty.

No description available for php4-mhash in ubuntu warty.

php4-mysql: No summary available for php4-mysql in ubuntu warty.

No description available for php4-mysql in ubuntu warty.

php4-odbc: No summary available for php4-odbc in ubuntu warty.

No description available for php4-odbc in ubuntu warty.

php4-pear: No summary available for php4-pear in ubuntu warty.

No description available for php4-pear in ubuntu warty.

php4-recode: No summary available for php4-recode in ubuntu warty.

No description available for php4-recode in ubuntu warty.

php4-snmp: No summary available for php4-snmp in ubuntu warty.

No description available for php4-snmp in ubuntu warty.

php4-sybase: No summary available for php4-sybase in ubuntu warty.

No description available for php4-sybase in ubuntu warty.

php4-xslt: No summary available for php4-xslt in ubuntu warty.

No description available for php4-xslt in ubuntu warty.