php4 4:4.4.2-1 source package in Ubuntu

Changelog

php4 (4:4.4.2-1) unstable; urgency=low


  * New upstream bugfix release, skipping the problematic 4.4.1 release:
    - Remove some PEAR cruft from 006-debian_quirks.patch, since we don't
      build PEAR from php4 anymore, and it conflicted with upstream diffs.
    - Remove 054-open_basedir_slash.patch, now integrated upstream.
    - Remove 055-gd_safe_mode_checks.patch, fixed differently upstream.
  * Many security vulns fixed (closes: #336645, #339577, #336004, #341726):
    - Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208
    - Resolves multiple HTTP response splitting vulnerabilities, allowing
      arbitrary header injection via Set-Cookie headers; see CVE-2006-0207
    - Resolves a local denial of service in the apache2 SAPI, which can
      be triggered by using session.save_path in .htaccess; CVE-2005-3319
    - Resolves an infinite loop in the exif_read_data function which can
      be triggered with a specially-crafted JPEG image; CVE-2005-3353
    - Resolves an XSS vulnerability in the phpinfo function; CVE-2005-3388
    - Resolves a vulnerability in the parse_str function whereby a remote
      attacker can fool PHP into turning on register_globals, thus making
      applications vulnerable to global variable injections; CVE-2005-3389
    - Resolves a vulnerability in the RFC1867 file upload feature where, if
      register_globals is enabled, a remote attacker can modify the GLOBALS
      array with a multipart/form-data POST request; see CVE-2005-3390
    - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391
    - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode
      and open_basedir bypasses between virtual hosts; CVE-2005-3392
    - Resolves a CRLF injection vulnerability in the mb_send_mail function,
      allowing injection of arbitrary mail headers; see CVE-2005-3883
  * Bump libdb build-dep from 4.2 to 4.3, matching apache (closes: #343399)
  * Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343791)
  * Automate the process of getting the list of built-in modules into the
    package descriptions, so it stays fresh in the future (see: #341867)
  * Create 056-mime_magic_strings.patch, making the mime_magic extension
    more liberal about what mime-types is accepts, as well as making it skip
    over ones it dislikes, rather than disabling itself (see: #335674)
  * Add 057-no_apache_installed.patch, to stop spewing a mess of errors in
    configure because we don't have the apache binaries in the build chroot.
  * Fix small typo in the php4-xslt package description (see: #344816)

 -- Adam Conrad <adconrad@0c3.net>  Wed, 18 Jan 2006 18:41:11 +1100

Upload details

Uploaded by:
Ubuntu Archive Auto-Sync on 2006-01-24
Uploaded to:
Dapper
Original maintainer:
Debian PHP Maintainers
Architectures:
any
Section:
web
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
php4_4.4.2-1.dsc 1.7 KiB 3e1344f663e4ad927f7ed02778d7483ee7eac22ff2dcf9bd2c41cdb7ae091a0a
php4_4.4.2.orig.tar.gz 5.2 MiB 8480727dfc7ae29100c18002f22b4caa2ba49953d756e18ad75bae3560036cd3
php4_4.4.2-1.diff.gz 95.8 KiB 210b891e0d8bb7aa393111c3a8eb4ea8117e9de4385e203a1ab4f168e60c3c66

No changes file available.

Binary packages built by this source

libapache-mod-php4: No summary available for libapache-mod-php4 in ubuntu dapper.

No description available for libapache-mod-php4 in ubuntu dapper.

libapache2-mod-php4: No summary available for libapache2-mod-php4 in ubuntu dapper.

No description available for libapache2-mod-php4 in ubuntu dapper.

php4: No summary available for php4 in ubuntu dapper.

No description available for php4 in ubuntu dapper.

php4-cgi: No summary available for php4-cgi in ubuntu dapper.

No description available for php4-cgi in ubuntu dapper.

php4-cli: No summary available for php4-cli in ubuntu dapper.

No description available for php4-cli in ubuntu dapper.

php4-common: No summary available for php4-common in ubuntu dapper.

No description available for php4-common in ubuntu dapper.

php4-curl: No summary available for php4-curl in ubuntu dapper.

No description available for php4-curl in ubuntu dapper.

php4-dev: No summary available for php4-dev in ubuntu dapper.

No description available for php4-dev in ubuntu dapper.

php4-domxml: No summary available for php4-domxml in ubuntu dapper.

No description available for php4-domxml in ubuntu dapper.

php4-gd: No summary available for php4-gd in ubuntu dapper.

No description available for php4-gd in ubuntu dapper.

php4-ldap: No summary available for php4-ldap in ubuntu dapper.

No description available for php4-ldap in ubuntu dapper.

php4-mcal: No summary available for php4-mcal in ubuntu dapper.

No description available for php4-mcal in ubuntu dapper.

php4-mhash: No summary available for php4-mhash in ubuntu dapper.

No description available for php4-mhash in ubuntu dapper.

php4-mysql: No summary available for php4-mysql in ubuntu dapper.

No description available for php4-mysql in ubuntu dapper.

php4-odbc: No summary available for php4-odbc in ubuntu dapper.

No description available for php4-odbc in ubuntu dapper.

php4-pear: No summary available for php4-pear in ubuntu dapper.

No description available for php4-pear in ubuntu dapper.

php4-pgsql: No summary available for php4-pgsql in ubuntu dapper.

No description available for php4-pgsql in ubuntu dapper.

php4-recode: No summary available for php4-recode in ubuntu dapper.

No description available for php4-recode in ubuntu dapper.

php4-snmp: No summary available for php4-snmp in ubuntu dapper.

No description available for php4-snmp in ubuntu dapper.

php4-sybase: No summary available for php4-sybase in ubuntu dapper.

No description available for php4-sybase in ubuntu dapper.

php4-xslt: No summary available for php4-xslt in ubuntu dapper.

No description available for php4-xslt in ubuntu dapper.