php4 4:4.3.8-3ubuntu7.15 source package in Ubuntu
Changelog
php4 (4:4.3.8-3ubuntu7.15) warty-security; urgency=low
* SECURITY UPDATE: multiple fixes backported from 5.1.2 and CVS:
- Fix multiple HTTP response splitting vulnerabilities in sessions and
the header() function, due to lack of input validation; CVE-2006-0207
+ Add safety checks in the header() function to make sure that we
don't get newlines injected by (mis)use of user input in headers.
+ Add a check for invalid characters in session names, so that we
aren't subject to HTTP response splitting vulnerabilities in
the Set-Cookie header we send back out as a result of user input.
+ Bring in a patch from newer versions of php4 and php5, preventing
us from sending session cookies when we were just handed one,
unless the session ID has changed, eliminating another vector.
- Filter HTML error reporting, preventing cross-site scripting attacks
when both display_errors and html_errors are enabled; CVE-2006-0208
-- Adam Conrad <email address hidden> Wed, 8 Mar 2006 18:17:46 +1100
Upload details
- Uploaded by:
- Adam Conrad
- Uploaded to:
- Warty
- Original maintainer:
- Adam Conrad
- Architectures:
- any
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| php4_4.3.8.orig.tar.gz | 4.6 MiB | 3985f285644868bdb404de7138d90fab761a92684f48b99c431a570fd9fe2abc |
| php4_4.3.8-3ubuntu7.15.diff.gz | 613.4 KiB | 189ddb1d305419202ba9d6fe48dd8576ed0a1c7882ee691fe07d6f9f2efa7067 |
| php4_4.3.8-3ubuntu7.15.dsc | 1.6 KiB | 981e75cf71920fcee3e95bc65b213121c2c07a6ec2b4b96882b38bf179ce7a7e |
Binary packages built by this source
- libapache2-mod-php4: No summary available for libapache2-mod-php4 in ubuntu warty.
No description available for libapache2-mod-php4 in ubuntu warty.
- php4: No summary available for php4 in ubuntu warty.
No description available for php4 in ubuntu warty.
- php4-cgi: No summary available for php4-cgi in ubuntu warty.
No description available for php4-cgi in ubuntu warty.
- php4-curl: No summary available for php4-curl in ubuntu warty.
No description available for php4-curl in ubuntu warty.
- php4-dev: No summary available for php4-dev in ubuntu warty.
No description available for php4-dev in ubuntu warty.
- php4-domxml: No summary available for php4-domxml in ubuntu warty.
No description available for php4-domxml in ubuntu warty.
- php4-gd: No summary available for php4-gd in ubuntu warty.
No description available for php4-gd in ubuntu warty.
- php4-ldap: No summary available for php4-ldap in ubuntu warty.
No description available for php4-ldap in ubuntu warty.
- php4-mcal: No summary available for php4-mcal in ubuntu warty.
No description available for php4-mcal in ubuntu warty.
- php4-mhash: No summary available for php4-mhash in ubuntu warty.
No description available for php4-mhash in ubuntu warty.
- php4-mysql: No summary available for php4-mysql in ubuntu warty.
No description available for php4-mysql in ubuntu warty.
- php4-odbc: No summary available for php4-odbc in ubuntu warty.
No description available for php4-odbc in ubuntu warty.
- php4-pear: No summary available for php4-pear in ubuntu warty.
No description available for php4-pear in ubuntu warty.
- php4-recode: No summary available for php4-recode in ubuntu warty.
No description available for php4-recode in ubuntu warty.
- php4-snmp: No summary available for php4-snmp in ubuntu warty.
No description available for php4-snmp in ubuntu warty.
- php4-sybase: No summary available for php4-sybase in ubuntu warty.
No description available for php4-sybase in ubuntu warty.
- php4-xslt: No summary available for php4-xslt in ubuntu warty.
No description available for php4-xslt in ubuntu warty.
