php5 5.1.2-1ubuntu3.1 source package in Ubuntu
Changelog
php5 (5.1.2-1ubuntu3.1) dapper-security; urgency=low
* SECURITY UPDATE: Multiple vulnerabilities.
* debian/patches/CVE-2006-0996.patch:
- XSS in phpinfo() [CVE-2006-0996]
- http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261
* debian/patches/CVE-2006-1490.patch:
- Memory disclosure in html_entity_decode() [CVE-2006-1490]
- http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113
* debian/patches/CVE-2006-1494.patch:
- Bypassing open_basedir restrictions with tempnam()
[CVE-2006-1494, CVE-2006-2660]
- http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.279.2.70.2.4&r2=1.279.2.70.2.5
* debian/patches/CVE-2006-1608.patch:
- Bypassing open_basedir restrictions with copy() via a source argument
containing a compress.zlib:// URI [CVE-2006-1494]
- http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.382.2.10&r2=1.382.2.11
* debian/patches/CVE-2006-1990.patch:
- Integer overflow in wordwrap function (usually not triggerable from
outside). [CVE-2006-1990]
- Zend/zend_alloc.c: Fix variable declaration to work on 64-bit systems to
plug this vulnerability on amd64/ia64, too. (not yet fixed upstream)
* debian/patches/CVE-2006-1991.patch:
- DoS with out-of-bounds offset argument to substr_compare()
[CVE-2006-1991]
* debian/patches/CVE-2006-2563.patch:
- Bypassing safe mode/open_basedir restrictions with curl module
[CVE-2006-2563]
- Patch taken from Mandriva, not fixed upstream.
* debian/patches/CVE-2006-3011.patch:
- Bypassing safe mode/open_basedir restrictions with error_log() with
'php://' or other schema in the third argument. [CVE-2006-3011]
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10
* debian/patches/CVE-2006-3016.patch:
- Check session name for invalid characters to prevent CRLF and other
malicious injections. [CVE-2006-3016]
- http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.425&r2=1.426
* debian/patches/CVE-2006-3017.patch:
- Fix zend_hash_del() (previously could delete the wrong element, which
prevented a variable from being unset even when the PHP unset function
was called, which might cause the variable's value to be used in
security-relevant operations). [CVE-2006-3017]
- http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?r1=1.87.4.8.2.1&r2=1.87.4.8.2.3
* debian/patches/CVE-2006-3018.patch:
- Heap corruption in session extension. [CVE-2006-3018]
- http://cvs.php.net/viewcvs.cgi/php-src/ext/session/mod_files.c?r1=1.102&r2=1.103
-- Martin Pitt <email address hidden> Tue, 18 Jul 2006 17:22:30 +0000
Upload details
- Uploaded by:
- Martin Pitt
- Uploaded to:
- Dapper
- Original maintainer:
- Debian PHP Maintainers
- Architectures:
- any
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| php5_5.1.2.orig.tar.gz | 7.7 MiB | cafedfc92b80cba342abfeab91a6498b080dc3af8c22667423c33a3cec956251 |
| php5_5.1.2-1ubuntu3.1.diff.gz | 99.9 KiB | a2473c83dee48c7d221c0803f87a9f5df2dcfbe5e5b0d9c495f6d36148193336 |
| php5_5.1.2-1ubuntu3.1.dsc | 1.7 KiB | a53aa5719b230e3b4d1e0cee75171969cbfddb47c199be7f3d6c5a4399bc1d4c |
Binary packages built by this source
- libapache2-mod-php5: No summary available for libapache2-mod-php5 in ubuntu dapper.
No description available for libapache2-mod-php5 in ubuntu dapper.
- php-pear: No summary available for php-pear in ubuntu dapper.
No description available for php-pear in ubuntu dapper.
- php5: No summary available for php5 in ubuntu dapper.
No description available for php5 in ubuntu dapper.
- php5-cgi: No summary available for php5-cgi in ubuntu dapper.
No description available for php5-cgi in ubuntu dapper.
- php5-cli: No summary available for php5-cli in ubuntu dapper.
No description available for php5-cli in ubuntu dapper.
- php5-common: No summary available for php5-common in ubuntu dapper.
No description available for php5-common in ubuntu dapper.
- php5-curl: No summary available for php5-curl in ubuntu dapper.
No description available for php5-curl in ubuntu dapper.
- php5-dev: No summary available for php5-dev in ubuntu dapper.
No description available for php5-dev in ubuntu dapper.
- php5-gd: No summary available for php5-gd in ubuntu dapper.
No description available for php5-gd in ubuntu dapper.
- php5-ldap: No summary available for php5-ldap in ubuntu dapper.
No description available for php5-ldap in ubuntu dapper.
- php5-mhash: No summary available for php5-mhash in ubuntu dapper.
No description available for php5-mhash in ubuntu dapper.
- php5-mysql: No summary available for php5-mysql in ubuntu dapper.
No description available for php5-mysql in ubuntu dapper.
- php5-mysqli: No summary available for php5-mysqli in ubuntu dapper.
No description available for php5-mysqli in ubuntu dapper.
- php5-odbc: No summary available for php5-odbc in ubuntu dapper.
No description available for php5-odbc in ubuntu dapper.
- php5-pgsql: No summary available for php5-pgsql in ubuntu dapper.
No description available for php5-pgsql in ubuntu dapper.
- php5-recode: No summary available for php5-recode in ubuntu dapper.
No description available for php5-recode in ubuntu dapper.
- php5-snmp: No summary available for php5-snmp in ubuntu dapper.
No description available for php5-snmp in ubuntu dapper.
- php5-sqlite: No summary available for php5-sqlite in ubuntu dapper.
No description available for php5-sqlite in ubuntu dapper.
- php5-sybase: No summary available for php5-sybase in ubuntu dapper.
No description available for php5-sybase in ubuntu dapper.
- php5-xmlrpc: No summary available for php5-xmlrpc in ubuntu dapper.
No description available for php5-xmlrpc in ubuntu dapper.
- php5-xsl: No summary available for php5-xsl in ubuntu dapper.
No description available for php5-xsl in ubuntu dapper.
