Change log for php5 package in Ubuntu
76 → 150 of 362 results | First • Previous • Next • Last |
php5 (5.5.3+dfsg-1ubuntu2.5) saucy-security; urgency=medium * SECURITY UPDATE: better FastCGI socket permissions (LP: #1334337) - debian/rules: enable listen.owner and listen.group so that the socket is accessible to www-data by default. This allows most setups to continue working with the more restrictive permissions. -- Marc Deslauriers <email address hidden> Wed, 25 Jun 2014 11:52:07 -0400
Available diffs
php5 (5.5.12+dfsg-2ubuntu2) utopic; urgency=medium * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info - debian/patches/CVE-2014-0237.patch: remove file_printf calls in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0237 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-0238.patch: fix infinite loop in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0238 * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record parsing - debian/patches/CVE-2014-4049.patch: check length in ext/standard/dns.c. - CVE-2014-4049 -- Marc Deslauriers <email address hidden> Thu, 19 Jun 2014 13:21:19 -0400
Available diffs
php5 (5.3.2-1ubuntu4.25) lucid-security; urgency=medium * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info - debian/patches/CVE-2014-0237.patch: remove file_printf calls in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0237 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-0238.patch: fix infinite loop in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0238 * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record parsing - debian/patches/CVE-2014-4049.patch: check length in ext/standard/dns.c. - CVE-2014-4049 -- Marc Deslauriers <email address hidden> Thu, 19 Jun 2014 13:48:46 -0400
Available diffs
php5 (5.3.10-1ubuntu3.12) precise-security; urgency=medium * SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027) - debian/patches/CVE-2014-0185.patch: default to 0660 in sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in. - CVE-2014-0185 * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info - debian/patches/CVE-2014-0237.patch: remove file_printf calls in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0237 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-0238.patch: fix infinite loop in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0238 * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record parsing - debian/patches/CVE-2014-4049.patch: check length in ext/standard/dns.c. - CVE-2014-4049 -- Marc Deslauriers <email address hidden> Thu, 19 Jun 2014 13:44:17 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu4.1) trusty-security; urgency=medium * SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027) - debian/patches/CVE-2014-0185.patch: default to 0660 in sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in. - CVE-2014-0185 * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info - debian/patches/CVE-2014-0237.patch: remove file_printf calls in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0237 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-0238.patch: fix infinite loop in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0238 * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record parsing - debian/patches/CVE-2014-4049.patch: check length in ext/standard/dns.c. - CVE-2014-4049 -- Marc Deslauriers <email address hidden> Thu, 19 Jun 2014 13:30:13 -0400
Available diffs
php5 (5.5.3+dfsg-1ubuntu2.4) saucy-security; urgency=medium * SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027) - debian/patches/CVE-2014-0185.patch: default to 0660 in sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in. - CVE-2014-0185 * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info - debian/patches/CVE-2014-0237.patch: remove file_printf calls in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0237 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-0238.patch: fix infinite loop in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0238 * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record parsing - debian/patches/CVE-2014-4049.patch: check length in ext/standard/dns.c. - CVE-2014-4049 -- Marc Deslauriers <email address hidden> Thu, 19 Jun 2014 13:33:33 -0400
Available diffs
php5 (5.5.12+dfsg-2ubuntu1) utopic; urgency=medium * Merge from Debian unstable. Remaining changes: - d/control: drop Build-Depends that are in universe: firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. - d/rules: drop configuration of packages that are in universe: qdgm, onig. - d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. - d/rules: export DEB_HOST_MULTIARCH properly. - d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt since we have separate versions in universe. - d/modulelist: drop imap, interbase and mcrypt since we have separate versions in universe. - d/rules: drop configuration of imap and mcrypt since we have separate versions in universe. - d/source_php5.py, d/rules: add apport hook. - d/rules: stop mysql instance on clean just in case we failed in tests. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - debian/rules: re-enable tests - d/tests/{cgi,cli,mod-php}: dep8 tests for common use cases. - d/rules: load dpkg-buildflags earlier, so that CFLAGS changes are not overridden. * Drop changes (upstreamed / in-Debian): - CVE-2014-2270, CVE-2013-1943, imageconvolution-regression.patch: included in this merge * Drop changes (no longer needed): - d/rules, d/control: re-add use of dh_systemd as it is in main now. - php5-fpm.upstart: re-add "reload signal USR2" stanza, LTS was released.
Available diffs
Superseded in utopic-release |
Published in trusty-release |
Deleted in trusty-proposed (Reason: moved to release) |
php5 (5.5.9+dfsg-1ubuntu4) trusty; urgency=medium * Comment out "reload signal USR2" stanza from php5-fpm to make the job compatible with Precise upstart, when it's still running as pid1 during upgrade to trusty and before the restart. We'd rather support shorter down-time then reload interface. (LP: #1272788) -- Dimitri John Ledkov <email address hidden> Wed, 09 Apr 2014 16:23:30 +0100
Available diffs
php5 (5.3.2-1ubuntu4.24) lucid-security; urgency=medium * SECURITY UPDATE: denial of service in fileinfo via crafted offset in PE executable - debian/patches/CVE-2014-2270.patch: check bounds in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-2270 -- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 15:23:04 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu3) trusty; urgency=medium * SECURITY UPDATE: denial of service in fileinfo via crafted offset in PE executable - debian/patches/CVE-2014-2270.patch: check bounds in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-2270 -- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 15:12:10 -0400
Available diffs
php5 (5.4.6-1ubuntu1.8) quantal-security; urgency=medium * SECURITY UPDATE: denial of service in fileinfo via crafted offset in PE executable - debian/patches/CVE-2014-2270.patch: check bounds in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-2270 -- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 15:18:45 -0400
Available diffs
php5 (5.5.3+dfsg-1ubuntu2.3) saucy-security; urgency=medium * SECURITY UPDATE: denial of service in fileinfo via crafted offset in PE executable - debian/patches/CVE-2014-2270.patch: check bounds in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-2270 -- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 15:14:26 -0400
Available diffs
php5 (5.3.10-1ubuntu3.11) precise-security; urgency=medium * SECURITY UPDATE: denial of service in fileinfo via crafted offset in PE executable - debian/patches/CVE-2014-2270.patch: check bounds in ext/fileinfo/libmagic/softmagic.c. - CVE-2014-2270 -- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 15:21:27 -0400
Available diffs
php5 (5.5.9+dfsg-1ubuntu2) trusty; urgency=medium * SECURITY UPDATE: denial of service via crafted indirect offset value in fileinfo - debian/patches/CVE-2013-1943.patch: properly handle recursion in ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added test to ext/fileinfo/tests/cve-2014-1943.phpt. - CVE-2013-1943 * debian/patches/imageconvolution-regression.patch: fix regression in imageconvolution caused by security fix in 5.5.9. -- Marc Deslauriers <email address hidden> Mon, 03 Mar 2014 13:42:25 -0500
Available diffs
php5 (5.3.2-1ubuntu4.23) lucid-security; urgency=medium * SECURITY UPDATE: denial of service via crafted indirect offset value in fileinfo - debian/patches/CVE-2013-1943.patch: properly handle recursion in ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added test to ext/fileinfo/tests/cve-2014-1943.phpt. - CVE-2013-1943 -- Marc Deslauriers <email address hidden> Fri, 28 Feb 2014 17:40:15 -0500
Available diffs
php5 (5.3.10-1ubuntu3.10) precise-security; urgency=medium * SECURITY UPDATE: denial of service via crafted indirect offset value in fileinfo - debian/patches/CVE-2013-1943.patch: properly handle recursion in ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added test to ext/fileinfo/tests/cve-2014-1943.phpt. - CVE-2013-1943 -- Marc Deslauriers <email address hidden> Fri, 28 Feb 2014 14:55:00 -0500
Available diffs
php5 (5.4.6-1ubuntu1.7) quantal-security; urgency=medium * SECURITY UPDATE: denial of service via crafted indirect offset value in fileinfo - debian/patches/CVE-2013-1943.patch: properly handle recursion in ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added test to ext/fileinfo/tests/cve-2014-1943.phpt. - CVE-2013-1943 * This package does _not_ contain the changes from .4.6-1ubuntu1.6 in quantal-proposed. -- Marc Deslauriers <email address hidden> Fri, 28 Feb 2014 11:40:51 -0500
Available diffs
php5 (5.5.3+dfsg-1ubuntu2.2) saucy-security; urgency=medium * SECURITY UPDATE: denial of service and possible code execution via multiple issues in gdImageCrop - debian/patches/CVE-2013-7226.patch: fix overflows and data type issues in ext/gd/gd.c,ext/gd/libgd/gd_crop.c, added test to ext/gd/tests/bug66356.phpt. - CVE-2013-7226 - CVE-2013-7327 - CVE-2013-7328 - CVE-2014-2020 * SECURITY UPDATE: denial of service via crafted indirect offset value in fileinfo - debian/patches/CVE-2013-1943.patch: properly handle recursion in ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added test to ext/fileinfo/tests/cve-2014-1943.phpt. - CVE-2013-1943 * debian/rules: re-enable tests. -- Marc Deslauriers <email address hidden> Fri, 28 Feb 2014 11:15:03 -0500
Available diffs
php5 (5.5.9+dfsg-1ubuntu1) trusty; urgency=medium * Merge from Debian testing. Remaining changes: - d/control: drop Build-Depends that are in universe: firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. - d/rules: drop configuration of packages that are in universe: qdgm, onig. - d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. - d/rules: export DEB_HOST_MULTIARCH properly. - d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt since we have separate versions in universe. - d/modulelist: drop imap, interbase and mcrypt since we have separate versions in universe. - d/rules: drop configuration of imap and mcrypt since we have separate versions in universe. - d/source_php5.py, d/rules: add apport hook. - d/rules: stop mysql instance on clean just in case we failed in tests. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/rules, d/control: drop use of dh_systemd as it is in universe. - debian/rules: re-enable tests - d/tests/{cgi,cli,mod-php}: dep8 tests for common use cases. * Drop changes (upstreamed to Debian): - d/p/use-system-timezone.patch, d/tests/system-timezone: use system timezone by default, instead of requiring it to be configured. * d/rules: load dpkg-buildflags earlier, so that CFLAGS changes are not overridden (LP: #1280044).
Available diffs
php5 (5.5.8+dfsg-2ubuntu1) trusty; urgency=medium * Merge from Debian unstable. Remaining changes: - d/control: drop Build-Depends that are in universe: firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. - d/rules: drop configuration of packages that are in universe: qdgm, onig. - d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. - d/rules: export DEB_HOST_MULTIARCH properly. - d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt since we have separate versions in universe. - d/modulelist: drop imap, interbase and mcrypt since we have separate versions in universe. - d/rules: drop configuration of imap and mcrypt since we have separate versions in universe. - d/source_php5.py, d/rules: add apport hook. - d/rules: stop mysql instance on clean just in case we failed in tests. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/rules, d/control: drop use of dh_systemd as it is in universe. - debian/rules: re-enable tests * Previously undocumented changes: - d/tests/{cgi,cli,mod_php}: dep8 tests for common use cases. * Drop changes: - d/p/{CVE-2013-6420,CVE-2013-6712,fix-freetype-ftbfs}.patch: upstreamed. - d/control: relegate php5-json and pkg-php-tools from Recommends to Suggests as they are in universe: php5-json and pkg-php-tools are now in main (LP: #1242726). - d/control, d/rules: re-enable libedit-dev: libedit-dev is now enabled in Debian. * d/tests/mod-php: rename from mod_php; the previous name was illegal. * d/tests/{cgi,mod-php}: use new default Apache DocumentRoot /var/www/html. * d/p/use-system-timezone.patch, d/tests/system-timezone: use system timezone by default, instead of requiring it to be configured. (LP: #1244343). -- Robie Basak <email address hidden> Tue, 21 Jan 2014 15:40:58 +0000
Available diffs
Deleted in quantal-proposed (Reason: moved to -updates) |
php5 (5.4.6-1ubuntu1.6) quantal; urgency=low * debian/patches/lp1102366.patch: properly reset rfc1867 callbacks to prevent segfault. (LP: #1102366) -- Marc Deslauriers <email address hidden> Mon, 23 Dec 2013 09:00:58 -0500
Available diffs
php5 (5.5.6+dfsg-1ubuntu2) trusty; urgency=medium * No change rebuild against libicu52 -- Dimitri John Ledkov <email address hidden> Sat, 28 Dec 2013 05:16:26 +0000
Available diffs
php5 (5.5.6+dfsg-1ubuntu1) trusty; urgency=low * Merge from Debian unstable. Remaining changes: - d/control: drop Build-Depends that are in universe: firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. - d/rules: drop configuration of packages that are in universe: qdgm, onig. - d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. - d/rules: export DEB_HOST_MULTIARCH properly. - d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt since we have separate versions in universe. - d/modulelist: drop imap, interbase and mcrypt since we have separate versions in universe. - d/rules: drop configuration of imap and mcrypt since we have separate versions in universe. - d/source_php5.py, d/rules: add apport hook. - d/rules: stop mysql instance on clean just in case we failed in tests. - d/control, d/rules: re-enable libedit-dev. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/rules, d/control: drop use of dh_systemd as it is in universe. - d/control: relegate php5-json and pkg-php-tools from Recommends to Suggests as they are in universe. * Dropped changes: - d/p/crash_in_get_zval_ptr_ptr_var.patch: upstream * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*. - CVE-2013-6420 * SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712 * debian/patches/fix-freetype-ftbfs.patch: fix compilation with newer freetype * debian/rules: re-enable tests
Available diffs
php5 (5.5.3+dfsg-1ubuntu2.1) saucy-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*. - CVE-2013-6420 * SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2013 13:45:28 -0500
Available diffs
php5 (5.3.2-1ubuntu4.22) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*. - CVE-2013-6420 * SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2013 19:23:24 -0500
Available diffs
php5 (5.4.6-1ubuntu1.5) quantal-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*. - CVE-2013-6420 * SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2013 19:20:51 -0500
Available diffs
php5 (5.4.9-4ubuntu2.4) raring-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*. - CVE-2013-6420 * SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2013 19:19:30 -0500
Available diffs
php5 (5.3.10-1ubuntu3.9) precise-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via malicious certificate - debian/patches/CVE-2013-6420.patch: properly validate timestr in ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*. - CVE-2013-6420 * SECURITY UPDATE: denial of service via crafted interval specification - debian/patches/CVE-2013-6712.patch: check error_count in ext/date/lib/parse_iso_intervals.*. - CVE-2013-6712 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2013 19:22:04 -0500
Available diffs
php5 (5.5.3+dfsg-1ubuntu3) trusty; urgency=low * No change rebuild against db 5.3. -- Dmitrijs Ledkovs <email address hidden> Sat, 02 Nov 2013 20:03:00 +0000
Available diffs
Superseded in trusty-release |
Obsolete in saucy-release |
Deleted in saucy-proposed (Reason: moved to release) |
php5 (5.5.3+dfsg-1ubuntu2) saucy; urgency=low * d/p/crash_in_get_zval_ptr_ptr_var.patch: cherry-pick from upstream to fix segfault (LP: #1236733). -- Robie Basak <email address hidden> Wed, 09 Oct 2013 11:29:29 +0000
Available diffs
php5 (5.3.10-1ubuntu3.8) precise-security; urgency=low * SECURITY UPDATE: SSL cert validation spoofing via NULL character in subjectAltName. - debian/patches/CVE-2013-4248.patch: validate subjectAltName in ext/openssl/openssl.c, added test to ext/openssl/tests/cve2013_4073*. - CVE-2013-4248 -- Marc Deslauriers <email address hidden> Wed, 04 Sep 2013 12:54:39 -0400
Available diffs
php5 (5.4.6-1ubuntu1.4) quantal-security; urgency=low * SECURITY UPDATE: SSL cert validation spoofing via NULL character in subjectAltName. - debian/patches/CVE-2013-4248.patch: validate subjectAltName in ext/openssl/openssl.c, added test to ext/openssl/tests/cve2013_4073*. - CVE-2013-4248 -- Marc Deslauriers <email address hidden> Wed, 04 Sep 2013 11:07:56 -0400
Available diffs
php5 (5.4.9-4ubuntu2.3) raring-security; urgency=low * SECURITY UPDATE: SSL cert validation spoofing via NULL character in subjectAltName. - debian/patches/CVE-2013-4248.patch: validate subjectAltName in ext/openssl/openssl.c, added test to ext/openssl/tests/cve2013_4073*. - CVE-2013-4248 -- Marc Deslauriers <email address hidden> Wed, 04 Sep 2013 10:59:04 -0400
Available diffs
php5 (5.3.2-1ubuntu4.21) lucid-security; urgency=low * SECURITY UPDATE: SSL cert validation spoofing via NULL character in subjectAltName. - debian/patches/CVE-2013-4248.patch: validate subjectAltName in ext/openssl/openssl.c, added test to ext/openssl/tests/cve2013_4073*. - CVE-2013-4248 -- Marc Deslauriers <email address hidden> Wed, 04 Sep 2013 12:56:49 -0400
Available diffs
php5 (5.5.3+dfsg-1ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: - d/control: drop Build-Depends that are in universe: firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. - d/rules: drop configuration of packages that are in universe: qdgm, onig. - d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. - d/rules: export DEB_HOST_MULTIARCH properly. - d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt since we have separate versions in universe. - d/modulelist: drop imap, interbase and mcrypt since we have separate versions in universe. - d/rules: drop configuration of imap and mcrypt since we have separate versions in universe. - d/source_php5.py, d/rules: add apport hook. - d/rules: stop mysql instance on clean just in case we failed in tests. - d/control, d/rules: re-enable libedit-dev. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/rules, d/control: drop use of dh_systemd as it is in universe. - d/control: relegate php5-json and pkg-php-tools from Recommends to Suggests as they are in universe.
Available diffs
php5 (5.5.1+dfsg-1ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: - d/control: drop Build-Depends that are in universe: firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. - d/rules: drop configuration of packages that are in universe: qdgm, onig. - d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. - d/rules: export DEB_HOST_MULTIARCH properly. - d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt since we have separate versions in universe. - d/modulelist: drop imap, interbase and mcrypt since we have separate versions in universe. - d/rules: drop configuration of imap and mcrypt since we have separate versions in universe. - d/source_php5.py, d/rules: add apport hook. - d/rules: stop mysql instance on clean just in case we failed in tests. - d/control, d/rules: re-enable libedit-dev. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/rules, d/control: drop use of dh_systemd as it is in universe. - d/control: relegate php5-json and pkg-php-tools from Recommends to Suggests as they are in universe.
Available diffs
php5 (5.5.0+dfsg-15ubuntu1) saucy; urgency=low * Merged from Debian unstable to get security fix.
Available diffs
php5 (5.5.0+dfsg-14ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: - d/control: drop Build-Depends that are in universe: firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. - d/rules: drop configuration of packages that are in universe: qdgm, onig. - d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. - d/rules: export DEB_HOST_MULTIARCH properly. - d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt since we have separate versions in universe. - d/modulelist: drop imap, interbase and mcrypt since we have separate versions in universe. - d/rules: drop configuration of imap and mcrypt since we have separate versions in universe. - d/source_php5.py, d/rules: add apport hook. - d/rules: stop mysql instance on clean just in case we failed in tests. - d/control, d/rules: re-enable libedit-dev. - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. - d/rules, d/control: drop use of dh_systemd as it is in universe. - d/control: relegate php5-json from Recommends to Suggests as it is in universe. * Relegate pkg-php-tools Recommends to Suggests as it is in universe. -- Robie Basak <email address hidden> Wed, 17 Jul 2013 18:00:02 +0000
Available diffs
php5 (5.4.9-4ubuntu2.2) raring-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via xml parser heap overflow - debian/patches/CVE-2013-4113.patch: check against XML_MAXLEVEL in ext/xml/xml.c, add test to ext/xml/tests/bug65236.phpt. - CVE-2013-4113 * SECURITY UPDATE: denial of service via overflow in SdnToJewish - debian/patches/CVE-2013-4635.patch: check value in ext/calendar/jewish.c, add test to ext/calendar/tests/jdtojewish64.phpt. - CVE-2013-4635 -- Marc Deslauriers <email address hidden> Mon, 15 Jul 2013 09:42:36 -0400
Available diffs
php5 (5.4.6-1ubuntu1.3) quantal-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via xml parser heap overflow - debian/patches/CVE-2013-4113.patch: check against XML_MAXLEVEL in ext/xml/xml.c, add test to ext/xml/tests/bug65236.phpt. - CVE-2013-4113 * SECURITY UPDATE: denial of service via overflow in SdnToJewish - debian/patches/CVE-2013-4635.patch: check value in ext/calendar/jewish.c, add test to ext/calendar/tests/jdtojewish64.phpt. - CVE-2013-4635 -- Marc Deslauriers <email address hidden> Mon, 15 Jul 2013 09:48:22 -0400
Available diffs
php5 (5.3.10-1ubuntu3.7) precise-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via xml parser heap overflow - debian/patches/CVE-2013-4113.patch: check against XML_MAXLEVEL in ext/xml/xml.c, add test to ext/xml/tests/bug65236.phpt. - CVE-2013-4113 * SECURITY UPDATE: denial of service via overflow in SdnToJewish - debian/patches/CVE-2013-4635.patch: check value in ext/calendar/jewish.c, add test to ext/calendar/tests/jdtojewish64.phpt. - CVE-2013-4635 -- Marc Deslauriers <email address hidden> Mon, 15 Jul 2013 09:49:43 -0400
Available diffs
php5 (5.3.2-1ubuntu4.20) lucid-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via xml parser heap overflow - debian/patches/CVE-2013-4113.patch: check against XML_MAXLEVEL in ext/xml/xml.c, add test to ext/xml/tests/bug65236.phpt. - CVE-2013-4113 * SECURITY UPDATE: denial of service via overflow in SdnToJewish - debian/patches/CVE-2013-4635.patch: check value in ext/calendar/jewish.c, add test to ext/calendar/tests/jdtojewish64.phpt. - CVE-2013-4635 -- Marc Deslauriers <email address hidden> Mon, 15 Jul 2013 09:50:48 -0400
Available diffs
Superseded in saucy-proposed |
php5 (5.5.0+dfsg-6ubuntu1) saucy; urgency=low * Merge from Debian unstable. Remaining changes: - d/control: drop Build-Depends that are in universe: firebird-dev, libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev. - d/rules: drop configuration of packages that are in universe: qdgm, onig. - d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build interbase or firebird. - d/rules: export DEB_HOST_MULTIARCH properly. - d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt since we have separate versions in universe. - d/modulelist: drop imap, interbase and mcrypt since we have separate versions in universe. - d/rules: drop configuration of imap and mcrypt since we have separate versions in universe. - d/source_php5.py, d/rules: add apport hook. - d/rules: stop mysql instance on clean just in case we failed in tests. - d/control, d/rules: re-enable libedit-dev. * Remaining changes that were previously undocumented: - d/control: switch Build-Depends of netcat-traditional to netcat-openbsd as only the latter is in main. * Drop changes: - Add build-dependency on lemon, which we now need. This is evidently no longer required, since there is no sign of it being used in 5.4.15-1ubuntu3. - Dropped libcurl-dev not in the archive. libcurl-dev is a virtual alternative, so doesn't need to be dropped. - debian/control: replace build-depends on mysql-server with mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and mysql-server-5.5 postinst confusion with starting up multiple mysqlds listening on the same port. The test infrastructure in packaging has changed, and now breaks without the mysql-server-5.5 postinst having run and created the mysql user. However, it also finds an available port itself so no longer conflicts with our mysql-server-5.5 postinst. - Patches included upstream: + debian/patches/CVE-2013-2110.patch + debian/patches/fix_gd_210.patch + debian/patches/CVE-2013-4635.patch + debian/patches/CVE-2013-4636.patch * Drop changes that were previously undocumented: - d/rules: adjust memory limits in .ini files. It appears that this was intended to be dropped back in 5.4.6-1ubuntu1, going by the old changelog entry. - d/rules: adjust openssl path in configure script. PHP still appears to configure, detect and build openssl-related components correctly regardless. - d/rules: disable parallel builds. There is no previous explanation as to why this was disabled, and having this in place is standard practice and in the Debian packaging. - d/rules: adjust PHP5_{HOST,BUILD}_GNU_TYPE. There is no previous explanation as to why this was present, and I can't find any regression that would be fixed by this change. * New changes: - d/rules, d/control: drop use of dh_systemd as it is in universe. - d/control: relegate php5-json from Recommends to Suggests as it is in universe. -- Robie Basak <email address hidden> Mon, 15 Jul 2013 14:09:59 +0000
Available diffs
php5 (5.4.15-1ubuntu3) saucy; urgency=low * SECURITY UPDATE: denial of service via overflow in SdnToJewish - debian/patches/CVE-2013-4635.patch: check value in ext/calendar/jewish.c, add test to ext/calendar/tests/jdtojewish64.phpt. - CVE-2013-4635 * SECURITY UPDATE: denial of service via incorrect MIME type detection - debian/patches/CVE-2013-4636.patch: use efree in ext/fileinfo/libmagic/softmagic.c. - CVE-2013-4636 -- Marc Deslauriers <email address hidden> Fri, 28 Jun 2013 08:20:11 -0400
Available diffs
php5 (5.4.15-1ubuntu2) saucy; urgency=low * SECURITY UPDATE: denial of service and possible code execution via quoted_printable_encode overflow - debian/patches/CVE-2013-2110.patch: calculate proper string size in ext/standard/quot_print.c, add test to ext/standard/tests/strings/bug64879.phpt. - CVE-2013-2110 * debian/patches/fix_gd_210.patch: fix php-gd compatibility with libgd2 2.1.0. (LP: #1188070) -- Marc Deslauriers <email address hidden> Tue, 11 Jun 2013 09:19:47 -0400
Available diffs
php5 (5.4.9-4ubuntu2.1) raring-security; urgency=low * SECURITY UPDATE: denial of service and possible code execution via quoted_printable_encode overflow - debian/patches/CVE-2013-2110.patch: calculate proper string size in ext/standard/quot_print.c, add test to ext/standard/tests/strings/bug64879.phpt. - CVE-2013-2110 -- Marc Deslauriers <email address hidden> Mon, 10 Jun 2013 16:02:40 -0400
Available diffs
php5 (5.4.15-1ubuntu1) saucy; urgency=low * Merge from Debian experimental. Remaining changes: - d/rules: Simplify apache config settings since we never build interbase or firebird. - debian/rules: export DEB_HOST_MULTIARCH properly. - Add build-dependency on lemon, which we now need. - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. - Dropped libcurl-dev not in the archive. - debian/control: replace build-depends on mysql-server with mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and mysql-server-5.5 postinst confusion with starting up multiple mysqlds listening on the same port. - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in universe. - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR has been declined due to an inactive upstream. So this is probably a permanent change). - modulelist: Drop imap, interbase, sybase, and mcrypt. - debian/rules: - Dropped building of mcrypt, imap, and interbase. - Install apport hook for php5. - stop mysql instance on clean just in case we failed in tests - debian/control, debian/rules: Re-enable libedit-dev. * Dropped changes: - debian/patches/CVE-2013-1643.patch: included upstream.
Available diffs
Superseded in saucy-release |
Obsolete in raring-release |
Deleted in raring-proposed (Reason: moved to release) |
php5 (5.4.9-4ubuntu2) raring; urgency=low * SECURITY UPDATE: arbitrary file disclosure via XML External Entity - debian/patches/CVE-2013-1643.patch: disable the entity loader in ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c. - CVE-2013-1643 -- Marc Deslauriers <email address hidden> Fri, 08 Mar 2013 16:12:43 -0500
Available diffs
php5 (5.3.2-1ubuntu4.19) lucid-security; urgency=low * SECURITY UPDATE: arbitrary file disclosure via XML External Entity - debian/patches/CVE-2013-1643.patch: disable the entity loader in ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c. - CVE-2013-1643 -- Marc Deslauriers <email address hidden> Mon, 11 Mar 2013 07:49:54 -0400
Available diffs
php5 (5.4.6-1ubuntu1.2) quantal-security; urgency=low * SECURITY UPDATE: arbitrary file disclosure via XML External Entity - debian/patches/CVE-2013-1643.patch: disable the entity loader in ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c. - CVE-2013-1643 -- Marc Deslauriers <email address hidden> Fri, 08 Mar 2013 16:18:48 -0500
Available diffs
php5 (5.3.10-1ubuntu3.6) precise-security; urgency=low * SECURITY UPDATE: arbitrary file disclosure via XML External Entity - debian/patches/CVE-2013-1643.patch: disable the entity loader in ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c. - CVE-2013-1643 -- Marc Deslauriers <email address hidden> Fri, 08 Mar 2013 16:22:01 -0500
Available diffs
php5 (5.3.6-13ubuntu3.10) oneiric-security; urgency=low * SECURITY UPDATE: arbitrary file disclosure via XML External Entity - debian/patches/CVE-2013-1643.patch: disable the entity loader in ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c. - CVE-2013-1643 -- Marc Deslauriers <email address hidden> Fri, 08 Mar 2013 16:32:19 -0500
Available diffs
php5 (5.2.4-2ubuntu5.27) hardy-security; urgency=low * SECURITY UPDATE: arbitrary file disclosure via XML External Entity - debian/patches/CVE-2013-1643.patch: disable the entity loader in ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c. - CVE-2013-1643 -- Marc Deslauriers <email address hidden> Mon, 11 Mar 2013 07:55:03 -0400
Available diffs
php5 (5.3.10-1ubuntu3.5) precise-security; urgency=low * SECURITY UPDATE: arbitrary memory disclosure (LP: #1099793) - debian/patches/CVE-2012-6113.patch: properly initialize length in ext/openssl/openssl.c. - CVE-2012-6113 -- Marc Deslauriers <email address hidden> Fri, 18 Jan 2013 09:49:22 -0500
Available diffs
- diff from 5.3.10-1ubuntu3.4 to 5.3.10-1ubuntu3.5 (846 bytes)
php5 (5.4.9-4ubuntu1) raring; urgency=low * Merge from Debian experimental. Remaining changes: - d/rules: Simplify apache config settings since we never build interbase or firebird. - debian/rules: export DEB_HOST_MULTIARCH properly. - Add build-dependency on lemon, which we now need. - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. - Dropped libcurl-dev not in the archive. - debian/control: replace build-depends on mysql-server with mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and mysql-server-5.5 postinst confusion with starting up multiple mysqlds listening on the same port. - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in universe. - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR has been declined due to an inactive upstream. So this is probably a permanent change). - modulelist: Drop imap, interbase, sybase, and mcrypt. - debian/rules: - Dropped building of mcrypt, imap, and interbase. - Install apport hook for php5. - stop mysql instance on clean just in case we failed in tests - debian/control, debian/rules: Re-enable libedit-dev. * Dropped changes: - Re-add logic to guess default timezone from system to fix default timezone regression Cherry-picked from Debian 5.4.4-6 (also in Debian 5.4.6-2). - debian/patches/libxml290.patch: Fix FTBFS with libxml 2.9.0. (included upstream)
Available diffs
- diff from 5.4.6-1ubuntu2 to 5.4.9-4ubuntu1 (641.6 KiB)
php5 (5.4.6-1ubuntu2) raring; urgency=low [ Robie Basak ] * Re-add logic to guess default timezone from system to fix default timezone regression (LP: #1069529). Cherry-picked from Debian 5.4.4-6 (also in Debian 5.4.6-2). [ Marc Deslauriers ] * debian/patches/libxml290.patch: Fix FTBFS with libxml 2.9.0. -- Marc Deslauriers <email address hidden> Wed, 07 Nov 2012 11:54:55 -0500
Available diffs
php5 (5.4.6-1ubuntu1.1) quantal-proposed; urgency=low * Re-add logic to guess default timezone from system to fix default timezone regression (LP: #1069529). Cherry-picked from Debian 5.4.4-6 (also in Debian 5.4.6-2). -- Robie Basak <email address hidden> Wed, 24 Oct 2012 10:04:51 +0000
Available diffs
- diff from 5.4.6-1ubuntu1 to 5.4.6-1ubuntu1.1 (861 bytes)
php5 (5.2.4-2ubuntu5.26) hardy-security; urgency=low * SECURITY UPDATE: HTTP response-splitting issue with %0D sequences - debian/patches/CVE-2011-1398.patch: properly handle %0D and NUL in main/SAPI.c. - CVE-2011-1398 - CVE-2012-4388 * SECURITY UPDATE: denial of service and possible code execution via _php_stream_scandir function (LP: #1028064) - debian/patches/CVE-2012-2688.patch: prevent overflow in main/streams/streams.c. - CVE-2012-2688 * SECURITY UPDATE: denial of service via PDO extension crafted parameter - debian/patches/CVE-2012-3450.patch: improve logic in ext/pdo/pdo_sql_parser.re, regenerate ext/pdo/pdo_sql_parser.c, add test to ext/pdo_mysql/tests/bug_61755.phpt. - CVE-2012-3450 -- Marc Deslauriers <email address hidden> Wed, 12 Sep 2012 11:51:06 -0400
Available diffs
php5 (5.3.2-1ubuntu4.18) lucid-security; urgency=low * SECURITY UPDATE: HTTP response-splitting issue with %0D sequences - debian/patches/CVE-2011-1398.patch: properly handle %0D and NUL in main/SAPI.c, added tests to ext/standard/tests/*, fix test suite failures in ext/phar/phar_object.c. - CVE-2011-1398 - CVE-2012-4388 * SECURITY UPDATE: denial of service and possible code execution via _php_stream_scandir function (LP: #1028064) - debian/patches/CVE-2012-2688.patch: prevent overflow in main/streams/streams.c. - CVE-2012-2688 * SECURITY UPDATE: denial of service via PDO extension crafted parameter - debian/patches/CVE-2012-3450.patch: improve logic in ext/pdo/pdo_sql_parser.re, regenerate ext/pdo/pdo_sql_parser.c, add test to ext/pdo_mysql/tests/bug_61755.phpt. - CVE-2012-3450 -- Marc Deslauriers <email address hidden> Wed, 12 Sep 2012 11:33:30 -0400
Available diffs
php5 (5.3.5-1ubuntu7.11) natty-security; urgency=low * SECURITY UPDATE: HTTP response-splitting issue with %0D sequences - debian/patches/CVE-2011-1398.patch: properly handle %0D and NUL in main/SAPI.c, added tests to ext/standard/tests/*, fix test suite failures in ext/phar/phar_object.c. - CVE-2011-1398 - CVE-2012-4388 * SECURITY UPDATE: denial of service and possible code execution via _php_stream_scandir function (LP: #1028064) - debian/patches/CVE-2012-2688.patch: prevent overflow in main/streams/streams.c. - CVE-2012-2688 * SECURITY UPDATE: denial of service via PDO extension crafted parameter - debian/patches/CVE-2012-3450.patch: improve logic in ext/pdo/pdo_sql_parser.re, regenerate ext/pdo/pdo_sql_parser.c, add test to ext/pdo_mysql/tests/bug_61755.phpt. - CVE-2012-3450 -- Marc Deslauriers <email address hidden> Wed, 12 Sep 2012 09:11:28 -0400
Available diffs
php5 (5.3.6-13ubuntu3.9) oneiric-security; urgency=low * SECURITY UPDATE: HTTP response-splitting issue with %0D sequences - debian/patches/CVE-2011-1398.patch: properly handle %0D and NUL in main/SAPI.c, added tests to ext/standard/tests/*, fix test suite failures in ext/phar/phar_object.c. - CVE-2011-1398 - CVE-2012-4388 * SECURITY UPDATE: denial of service and possible code execution via _php_stream_scandir function (LP: #1028064) - debian/patches/CVE-2012-2688.patch: prevent overflow in main/streams/streams.c. - CVE-2012-2688 * SECURITY UPDATE: denial of service via PDO extension crafted parameter - debian/patches/CVE-2012-3450.patch: improve logic in ext/pdo/pdo_sql_parser.re, regenerate ext/pdo/pdo_sql_parser.c, add test to ext/pdo_mysql/tests/bug_61755.phpt. - CVE-2012-3450 -- Marc Deslauriers <email address hidden> Wed, 12 Sep 2012 09:09:05 -0400
Available diffs
php5 (5.3.10-1ubuntu3.4) precise-security; urgency=low * SECURITY UPDATE: HTTP response-splitting issue with %0D sequences - debian/patches/CVE-2011-1398.patch: properly handle %0D and NUL in main/SAPI.c, added tests to ext/standard/tests/*, fix test suite failures in ext/phar/phar_object.c. - CVE-2011-1398 - CVE-2012-4388 * SECURITY UPDATE: denial of service and possible code execution via _php_stream_scandir function (LP: #1028064) - debian/patches/CVE-2012-2688.patch: prevent overflow in main/streams/streams.c. - CVE-2012-2688 * SECURITY UPDATE: denial of service via PDO extension crafted parameter - debian/patches/CVE-2012-3450.patch: improve logic in ext/pdo/pdo_sql_parser.re, regenerate ext/pdo/pdo_sql_parser.c, add test to ext/pdo_mysql/tests/bug_61755.phpt. - CVE-2012-3450 -- Marc Deslauriers <email address hidden> Tue, 11 Sep 2012 11:28:52 -0400
Available diffs
php5 (5.3.10-1ubuntu3.3) precise-proposed; urgency=low * Applies upstream bug fixes for several issues and bugs: * php5-fpm segfaults with error 4 in libc-2.15.so (LP: #1006738. Bug Priority: High) * PHP5-FPM not reporting errors to web server (nginx) (LP: #1014044. Bug Priority: Medium) -- Thomas Ward <email address hidden> Tue, 31 Jul 2012 21:15:08 -0400
Available diffs
php5 (5.4.6-1ubuntu1) quantal; urgency=low * Merge from Debian experimental (LP: #1006738 , LP: #1040212) Remaining changes: - d/rules: Simplify apache config settings since we never build interbase or firebird. - debian/rules: export DEB_HOST_MULTIARCH properly. - Add build-dependency on lemon, which we now need. - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. - Dropped libcurl-dev not in the archive. - debian/control: replace build-depends on mysql-server with mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and mysql-server-5.5 postinst confusion with starting up multiple mysqlds listening on the same port. - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in universe. - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR has been declined due to an inactive upstream. So this is probably a permanent change). - modulelist: Drop imap, interbase, sybase, and mcrypt. - debian/rules: - Dropped building of mcrypt, imap, and interbase. - Install apport hook for php5. - stop mysql instance on clean just in case we failed in tests - debian/control, debian/rules: Re-enable libedit-dev. * Dropped Changes: - debian/rules: change memory limits on example .ini files.
Available diffs
- diff from 5.4.4-3ubuntu1 to 5.4.6-1ubuntu1 (382.0 KiB)
Superseded in quantal-release |
php5 (5.4.4-3ubuntu1) quantal; urgency=low * Merge from Debian unstable. (LP: #1014044) (LP: #1024355) Remaining changes: - d/rules: Simplify apache config settings since we never build interbase or firebird. - debian/rules: export DEB_HOST_MULTIARCH properly. - Add build-dependency on lemon, which we now need. - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. - Dropped libcurl-dev not in the archive. - debian/control: replace build-depends on mysql-server with mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and mysql-server-5.5 postinst confusion with starting up multiple mysqlds listening on the same port. - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in universe. - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR has been declined due to an inactive upstream. So this is probably a permanent change). - modulelist: Drop imap, interbase, sybase, and mcrypt. - debian/rules: * Dropped building of mcrypt, imap, and interbase. * Install apport hook for php5. * stop mysql instance on clean just in case we failed in tests
Available diffs
Superseded in quantal-release |
php5 (5.4.4-1ubuntu1) quantal; urgency=low * Merge from Debian unstable. Remaining changes: - d/rules: Simplify apache config settings since we never build interbase or firebird. - debian/rules: export DEB_HOST_MULTIARCH properly. - Add build-dependency on lemon, which we now need. - Dropped firebird2.1-dev, libc-client-dev, libmcrypt-dev as it is in universe. - Dropped libcurl-dev not in the archive. - debian/control: replace build-depends on mysql-server with mysql-server-core-5.5 and mysql-client-5.5 to avoid upstart and mysql-server-5.5 postinst confusion with starting up multiple mysqlds listening on the same port. - Dropped php5-imap, php5-interbase, php5-mcrypt since we have versions already in universe. - Dropped libonig-dev and libqgdbm since its in universe. (libonig MIR has been declined due to an inactive upstream. So this is probably a permanent change). - modulelist: Drop imap, interbase, sybase, and mcrypt. - debian/rules: * Dropped building of mcrypt, imap, and interbase. * Install apport hook for php5. * stop mysql instance on clean just in case we failed in tests * Dropped Changes: * d/rules: enable Suhosin patch with PHP5_SUHOSIN=yes -- Upstream suhosin has been slow to adopt PHP 5.4, and is showing signs of disengagement. Therefore, we will follow Debian's lead and drop Suhosin for now. - d/control: build-depend on mysql 5.5 instead of 5.1 for running tests. -- Debian just deps on mysql-server - Suggest php5-suhosin rather than recommends. -- Dropping suhosin - d/setup-mysql.sh: modify to work with mysql 5.5 differences -- superseded in Debian. - Only build php5-sqlite for sqlite3, dropping the obsolete sqlite2. -- superseded in Debian - d/maxlifetime: Improve maxlifetime script to scan for more SAPIs and scan all *.ini in conf.d directory. -- Change came from Debian - d/libapache2-mod-php5.postinst,libapache2-mod-php5filter.postinst: Restart apache on first install to ensure module is fully enabled. -- Change came from Debian - debian/patches/php5-CVE-2012-1823.patch: filter query strings that are prefixed with '-' -- Fixed upstream - debian/control: Recommend php5-dev for php-pear. -- This was a poorly conceived idea anyway. - Pre-Depend on a new enough version of dpkg for dpkg-maintscript-helper rather than checking whether it exists at run-time, leading to more predictable behaviour on upgrades. -- Applied in Debian - d/p/gd-multiarch-fix.patch: superseded * d/NEWS: add note explaining that SUHOSIN is no longer enabled in the Ubuntu packages.
Available diffs
php5 (5.3.2-1ubuntu4.17) lucid-security; urgency=low * SECURITY UPDATE: denial of service via invalid tidy objects - debian/patches/CVE-2012-0781.patch: track initialization in ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt, ext/tidy/tests/bug54682.phpt. - CVE-2012-0781 * SECURITY UPDATE: denial of service or possible directory traversal via invalid filename. - debian/patches/CVE-2012-1172.patch: ensure brackets get closed in main/rfc1867.c, add test to tests/basic/bug55500.phpt. - CVE-2012-1172 * SECURITY UPDATE: password truncation via invalid byte - debian/patches/CVE-2012-2143.patch: improve logic in ext/standard/crypt_freesec.c, add test to ext/standard/tests/strings/crypt_chars.phpt. - CVE-2012-2143 * SECURITY UPDATE: crypto() empty salt string issue - debian/patches/php_crypt_revamped.patch: Return fail string on invalid Blowfish salt rounds, fix regression when the salt is empty. - CVE-2012-2317 * SECURITY UPDATE: improve php5-cgi query string parameter parsing - debian/patches/CVE-2012-233x.patch: improve parsing in sapi/cgi/cgi_main.c. - CVE-2012-2335 - CVE-2012-2336 * SECURITY UPDATE: phar extension heap overflow - debian/patches/CVE-2012-2386.patch: check for overflow in ext/phar/tar.c. - CVE-2012-2386 -- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 15:51:23 -0400
Available diffs
php5 (5.3.5-1ubuntu7.10) natty-security; urgency=low * SECURITY UPDATE: denial of service via invalid tidy objects - debian/patches/CVE-2012-0781.patch: track initialization in ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt, ext/tidy/tests/bug54682.phpt. - CVE-2012-0781 * SECURITY UPDATE: denial of service or possible directory traversal via invalid filename. - debian/patches/CVE-2012-1172.patch: ensure brackets get closed in main/rfc1867.c, add test to tests/basic/bug55500.phpt. - CVE-2012-1172 * SECURITY UPDATE: password truncation via invalid byte - debian/patches/CVE-2012-2143.patch: improve logic in ext/standard/crypt_freesec.c, add test to ext/standard/tests/strings/crypt_chars.phpt. - CVE-2012-2143 * SECURITY UPDATE: crypto() empty salt string issue - debian/patches/{php_crypt_revamped,use_system_crypt_fixes}.patch: Return fail string on invalid Blowfish salt rounds, fix regression when the salt is empty. - CVE-2012-2317 * SECURITY UPDATE: improve php5-cgi query string parameter parsing - debian/patches/CVE-2012-233x.patch: improve parsing in sapi/cgi/cgi_main.c. - CVE-2012-2335 - CVE-2012-2336 * SECURITY UPDATE: phar extension heap overflow - debian/patches/CVE-2012-2386.patch: check for overflow in ext/phar/tar.c. - CVE-2012-2386 -- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 15:38:21 -0400
Available diffs
php5 (5.2.4-2ubuntu5.25) hardy-security; urgency=low * SECURITY UPDATE: denial of service via invalid tidy objects - debian/patches/CVE-2012-0781.patch: track initialization in ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt, ext/tidy/tests/bug54682.phpt. - CVE-2012-0781 * SECURITY UPDATE: denial of service or possible directory traversal via invalid filename. - debian/patches/CVE-2012-1172.patch: ensure brackets get closed in main/rfc1867.c, add test to tests/basic/bug55500.phpt. - CVE-2012-1172 * SECURITY UPDATE: improve php5-cgi query string parameter parsing - debian/patches/CVE-2012-233x.patch: improve parsing in sapi/cgi/cgi_main.c. - CVE-2012-2335 - CVE-2012-2336 -- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 16:02:25 -0400
Available diffs
php5 (5.3.6-13ubuntu3.8) oneiric-security; urgency=low * SECURITY UPDATE: denial of service via invalid tidy objects - debian/patches/CVE-2012-0781.patch: track initialization in ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt, ext/tidy/tests/bug54682.phpt. - CVE-2012-0781 * SECURITY UPDATE: denial of service or possible directory traversal via invalid filename. - debian/patches/CVE-2012-1172.patch: ensure brackets get closed in main/rfc1867.c, add test to tests/basic/bug55500.phpt. - CVE-2012-1172 * SECURITY UPDATE: password truncation via invalid byte - debian/patches/CVE-2012-2143.patch: improve logic in ext/standard/crypt_freesec.c, add test to ext/standard/tests/strings/crypt_chars.phpt. - CVE-2012-2143 * SECURITY UPDATE: improve php5-cgi query string parameter parsing - debian/patches/CVE-2012-233x.patch: improve parsing in sapi/cgi/cgi_main.c. - CVE-2012-2335 - CVE-2012-2336 * SECURITY UPDATE: phar extension heap overflow - debian/patches/CVE-2012-2386.patch: check for overflow in ext/phar/tar.c. - CVE-2012-2386 -- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 15:31:43 -0400
Available diffs
php5 (5.3.10-1ubuntu3.2) precise-security; urgency=low * SECURITY UPDATE: denial of service via invalid tidy objects - debian/patches/CVE-2012-0781.patch: track initialization in ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt, ext/tidy/tests/bug54682.phpt. - CVE-2012-0781 * SECURITY UPDATE: denial of service or possible directory traversal via invalid filename. - debian/patches/CVE-2012-1172.patch: ensure brackets get closed in main/rfc1867.c, add test to tests/basic/bug55500.phpt. - CVE-2012-1172 * SECURITY UPDATE: password truncation via invalid byte - debian/patches/CVE-2012-2143.patch: improve logic in ext/standard/crypt_freesec.c, add test to ext/standard/tests/strings/crypt_chars.phpt. - CVE-2012-2143 * SECURITY UPDATE: improve php5-cgi query string parameter parsing - debian/patches/CVE-2012-233x.patch: improve parsing in sapi/cgi/cgi_main.c. - CVE-2012-2335 - CVE-2012-2336 * SECURITY UPDATE: phar extension heap overflow - debian/patches/CVE-2012-2386.patch: check for overflow in ext/phar/tar.c. - CVE-2012-2386 -- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 13:40:37 -0400
Available diffs
Superseded in quantal-release |
php5 (5.3.10-1ubuntu4) quantal; urgency=low * SECURITY UPDATE: php5-cgi query string parameters parsing vulnerability - debian/patches/php5-CVE-2012-1823.patch: filter query strings that are prefixed with '-' - CVE-2012-1823 - CVE-2012-2311 -- Steve Beattie <email address hidden> Wed, 23 May 2012 15:57:57 -0400
Available diffs
php5 (5.3.10-1ubuntu3.1) precise-security; urgency=low * SECURITY UPDATE: php5-cgi query string parameters parsing vulnerability - debian/patches/php5-CVE-2012-1823.patch: filter query strings that are prefixed with '-' - CVE-2012-1823 - CVE-2012-2311 -- Steve Beattie <email address hidden> Thu, 03 May 2012 15:42:08 -0700
Available diffs
php5 (5.2.4-2ubuntu5.24) hardy-security; urgency=low * SECURITY UPDATE: php5-cgi query string parameters parsing vulnerability - debian/patches/php5-CVE-2012-1823.patch: filter query strings that are prefixed with '-' - CVE-2012-1823 - CVE-2012-2311 -- Steve Beattie <email address hidden> Thu, 03 May 2012 15:33:40 -0700
Available diffs
php5 (5.3.6-13ubuntu3.7) oneiric-security; urgency=low * SECURITY UPDATE: php5-cgi query string parameters parsing vulnerability - debian/patches/php5-CVE-2012-1823.patch: filter query strings that are prefixed with '-' - CVE-2012-1823 - CVE-2012-2311 -- Steve Beattie <email address hidden> Thu, 03 May 2012 15:12:00 -0700
Available diffs
76 → 150 of 362 results | First • Previous • Next • Last |