php5 5.3.10-1ubuntu3.24 source package in Ubuntu

Changelog

php5 (5.3.10-1ubuntu3.24) precise-security; urgency=medium

  * SECURITY UPDATE: segfault in SplMinHeap::compare
    - debian/patches/CVE-2015-4116.patch: properly handle count in
      ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt.
    - CVE-2015-4116
  * SECURITY UPDATE: denial of service via recursive method calls
    - debian/patches/CVE-2015-8873.patch: add limit to
      Zend/zend_exceptions.c, add tests to
      ext/standard/tests/serialize/bug69152.phpt,
      ext/standard/tests/serialize/bug69793.phpt,
      sapi/cli/tests/005.phpt.
    - CVE-2015-8873
  * SECURITY UPDATE: denial of service or code execution via crafted
    serialized data
    - debian/patches/CVE-2015-8876.patch: fix logic in
      Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt.
    - CVE-2015-8876
  * SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041)
    - debian/patches/CVE-2015-8935.patch: update header handling to
      RFC 7230 in main/SAPI.c, added tests to
      ext/standard/tests/general_functions/bug60227_*.phpt.
    - CVE-2015-8935
  * SECURITY UPDATE: get_icu_value_internal out-of-bounds read
    - debian/patches/CVE-2016-5093.patch: add enough space in
      ext/intl/locale/locale_methods.c, added test to
      ext/intl/tests/bug72241.phpt.
    - CVE-2016-5093
  * SECURITY UPDATE: integer overflow in php_html_entities()
    - debian/patches/CVE-2016-5094.patch: don't create strings with lengths
      outside int range in ext/standard/html.c.
    - CVE-2016-5094
  * SECURITY UPDATE: string overflows in string add operations
    - debian/patches/CVE-2016-5095.patch: check for size overflow in
      Zend/zend_operators.c.
    - CVE-2016-5095
  * SECURITY UPDATE: int/size_t confusion in fread
    - debian/patches/CVE-2016-5096.patch: check string length in
      ext/standard/file.c, added test to
      ext/standard/tests/file/bug72114.phpt.
    - CVE-2016-5096
  * SECURITY UPDATE: memory leak and buffer overflow in FPM
    - debian/patches/CVE-2016-5114.patch: check buffer length in
      sapi/fpm/fpm/fpm_log.c.
    - CVE-2016-5114
  * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
    - debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the
      local environment in ext/standard/basic_functions.c, main/SAPI.c,
      main/php_variables.c.
    - CVE-2016-5385
  * SECURITY UPDATE: inadequate error handling in bzread()
    - debian/patches/CVE-2016-5399.patch: do not allow reading past error
      read in ext/bz2/bz2.c.
    - CVE-2016-5399
  * SECURITY UPDATE: integer overflows in mcrypt
    - debian/patches/CVE-2016-5769.patch: check for overflow in
      ext/mcrypt/mcrypt.c.
    - CVE-2016-5769
  * SECURITY UPDATE: double free corruption in wddx_deserialize
    - debian/patches/CVE-2016-5772.patch: prevent double-free in
      ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt.
    - CVE-2016-5772
  * SECURITY UPDATE: buffer overflow in php_url_parse_ex()
    - debian/patches/CVE-2016-6288.patch: handle length in
      ext/standard/url.c.
    - CVE-2016-6288
  * SECURITY UPDATE: integer overflow in the virtual_file_ex function
    - debian/patches/CVE-2016-6289.patch: properly check path_length in
      Zend/zend_virtual_cwd.c.
    - CVE-2016-6289
  * SECURITY UPDATE: use after free in unserialize() with unexpected
    session deserialization
    - debian/patches/CVE-2016-6290.patch: destroy var_hash properly in
      ext/session/session.c, added test to ext/session/tests/bug72562.phpt.
    - CVE-2016-6290
  * SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE
    - debian/patches/CVE-2016-6291.patch: add more bounds checks to
      ext/exif/exif.c.
    - CVE-2016-6291
  * SECURITY UPDATE: locale_accept_from_http out-of-bounds access
    - debian/patches/CVE-2016-6294.patch: check length in
      ext/intl/locale/locale_methods.c, added test to
      ext/intl/tests/bug72533.phpt.
    - CVE-2016-6294
  * SECURITY UPDATE: heap buffer overflow in simplestring_addn
    - debian/patches/CVE-2016-6296.patch: prevent overflows in
      ext/xmlrpc/libxmlrpc/simplestring.*.
    - CVE-2016-6296
  * SECURITY UPDATE: integer overflow in php_stream_zip_opener
    - debian/patches/CVE-2016-6297.patch: use size_t in
      ext/zip/zip_stream.c.
    - CVE-2016-6297
  * debian/patches/fix_exif_tests.patch: fix exif test results after
    security changes.

 -- Marc Deslauriers <email address hidden>  Mon, 01 Aug 2016 13:27:52 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Precise
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
php
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
php5_5.3.10.orig.tar.gz 14.7 MiB ee26ff003eaeaefb649735980d9ef1ffad3ea8c2836e6ad520de598da225eaab
php5_5.3.10-1ubuntu3.24.diff.gz 422.7 KiB f29e9842e78695c29ab49b3a87237e5f6080559ae85022eed0299db1859e7f3e
php5_5.3.10-1ubuntu3.24.dsc 4.0 KiB 2907b65cfd572242bf247b8c79bf955a107a623c165be239856fa564e4cb9b48

View changes file

Binary packages built by this source

libapache2-mod-php5: server-side, HTML-embedded scripting language (Apache 2 module)

 This package provides the PHP5 module for the Apache 2 webserver (as
 found in the apache2-mpm-prefork package). Please note that this package
 ONLY works with Apache's prefork MPM, as it is not compiled thread-safe.
 The following extensions are built in: bcmath bz2 calendar Core ctype date
  dba dom ereg exif fileinfo filter ftp gettext hash iconv json libxml
  mbstring mhash openssl pcre Phar posix Reflection session shmop SimpleXML
  soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer wddx xml
  xmlreader xmlwriter zip zlib.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

libapache2-mod-php5filter: server-side, HTML-embedded scripting language (apache 2 filter module)

 This package provides the PHP5 Filter module for the Apache 2 webserver (as
 found in the apache2-mpm-prefork package). Please note that this package
 ONLY works with Apache's prefork MPM, as it is not compiled thread-safe.
 Unless you specifically need filter-module support, you most likely
 should instead install libapache2-mod-php5.
 .
 The following extensions are built in: bcmath bz2 calendar Core ctype date
  dba dom ereg exif fileinfo filter ftp gettext hash iconv json libxml
  mbstring mhash openssl pcre Phar posix Reflection session shmop SimpleXML
  soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer wddx xml
  xmlreader xmlwriter zip zlib.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php-pear: PEAR - PHP Extension and Application Repository

 This package contains the base PEAR classes for PHP, as well as the PEAR
 installer. Many PEAR classes are already packaged for Debian, and can be
 easily identified by names beginning with "php-", such as php-db and
 php-auth. Note: to build and install precompiled PECL extensions, you
 will need one of the php development packages installed.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5: server-side, HTML-embedded scripting language (metapackage)

 This package is a metapackage that, when installed, guarantees that you
 have at least one of the four server-side versions of the PHP5 interpreter
 installed. Removing this package won't remove PHP5 from your system, however
 it may remove other packages that depend on this one.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-cgi: server-side, HTML-embedded scripting language (CGI binary)

 This package provides the /usr/lib/cgi-bin/php5 CGI interpreter built
 for use in Apache 2 with mod_actions, or any other CGI httpd that
 supports a similar mechanism. Note that MOST Apache users probably
 want the libapache2-mod-php5 package.
 The following extensions are built in: bcmath bz2 calendar Core ctype date
  dba dom ereg exif fileinfo filter ftp gettext hash iconv json libxml
  mbstring mhash openssl pcntl pcre Phar posix Reflection session shmop
  SimpleXML soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer wddx
  xml xmlreader xmlwriter zip zlib.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-cli: command-line interpreter for the php5 scripting language

 This package provides the /usr/bin/php5 command interpreter, useful for
 testing PHP scripts from a shell or performing general shell scripting tasks.
 The following extensions are built in: bcmath bz2 calendar Core ctype date
  dba dom ereg exif fileinfo filter ftp gettext hash iconv json libxml
  mbstring mhash openssl pcntl pcre Phar posix readline Reflection session
  shmop SimpleXML soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer
  wddx xml xmlreader xmlwriter zip zlib.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-common: Common files for packages built from the php5 source

 This package contains the documentation and example files relevant to all
 the other packages built from the php5 source.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-curl: CURL module for php5

 CURL is a library for getting files from FTP, GOPHER, HTTP server.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-dbg: Debug symbols for PHP5

 This package provides the debug symbols for PHP5 needed for properly
 debugging errors in PHP5 with gdb.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-dev: Files for PHP5 module development

 This package provides the files from the PHP5 source needed for compiling
 additional modules.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-enchant: Enchant module for php5

 This package provides a module for the generic spell checking library
 Enchant, which can use engines such as ispell, aspell and myspells.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-fpm: server-side, HTML-embedded scripting language (FPM-CGI binary)

 This package provides the Fast Process Manager interpreter that runs
 as a daemon and receives Fast/CGI requests. Note that MOST Apache users
 probably want the libapache2-mod-php5 package.
 The following extensions are built in: bcmath bz2 calendar Core ctype date
  dba dom ereg exif fileinfo filter ftp gettext hash iconv json libxml
  mbstring mhash openssl pcre Phar posix Reflection session shmop SimpleXML
  soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer wddx xml
  xmlreader xmlwriter zip zlib.
 .
 PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
 from C, Java and Perl with a couple of unique PHP-specific features thrown
 in. The goal of the language is to allow web developers to write dynamically
 generated pages quickly.

php5-gd: GD module for php5

 This package provides a module for handling graphics directly from PHP
 scripts. It supports the PNG, JPEG, XPM formats as well as Freetype/ttf fonts.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-gmp: GMP module for php5

 This package provides a module for arbitrary precision arithmetic via the
 GNU Multiple Precision (GMP) Arithmetic Library.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-intl: internationalisation module for php5

 This package provides a module to ease internationalisation of PHP scripts.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-intl-dbgsym: debug symbols for package php5-intl

 This package provides a module to ease internationalisation of PHP scripts.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-ldap: LDAP module for php5

 This package provides a module for LDAP functions in PHP scripts.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-mysql: MySQL module for php5

 This package provides modules for MySQL database connections directly from
 PHP scripts. It includes the generic "mysql" module which can be used
 to connect to all versions of MySQL, an improved "mysqli" module for
 MySQL version 4.1 or later, and the pdo_mysql module for use with
 the PHP Data Object extension.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-mysqlnd: MySQL module for php5 (Native Driver)

 This package provides modules for MySQL database connections directly from
 PHP scripts. It includes the generic "mysql" module which can be used
 to connect to all versions of MySQL, an improved "mysqli" module for
 MySQL version 4.1 or later, and the pdo_mysql module for use with
 the PHP Data Object extension.
 .
 This package use the MySQL Native Driver.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-odbc: ODBC module for php5

 This package provides a module for database access through ODBC drivers.
 It uses the unixODBC library as an ODBC provider. It also contains the
 pdo_odbc module, for use with the PHP Data Object extension.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-pgsql: PostgreSQL module for php5

 This package provides a module for PostgreSQL database connections
 directly from PHP scripts. It also includes the pdo_pgsql module for
 use with the PHP Data Object extension.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-pspell: pspell module for php5

 This package provides a module for pspell functions in PHP scripts.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-recode: recode module for php5

 This package provides a module for recode - character set recoding.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-snmp: SNMP module for php5

 This package provides a module for SNMP functions in PHP scripts.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-sqlite: SQLite module for php5

 This package provides a module allowing you to use the SQLite self-contained
 database engine from within your PHP scripts, eliminating the need for a full
 SQL server installation like MySQL or PostgreSQL. It also includes the
 pdo_sqlite module, for use with the PHP Data Object extension.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-sybase: Sybase / MS SQL Server module for php5

 This package provides a module for Sybase and Microsoft SQL Server
 database connections directly from PHP scripts. It also includes the
 pdo_dblib module for use with the PHP Data Object extension.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-tidy: tidy module for php5

 This package provides a module for tidy functions in PHP scripts.
 .
 Tidy is an extension based on Libtidy (http://tidy.sf.net/) and allows
 a PHP developer to clean, repair, and traverse HTML, XHTML, and XML
 documents -- including ones with embedded scripting languages such as PHP
 or ASP within them using OO constructs.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-xmlrpc: XML-RPC module for php5

 This package provides a module for XML-RPC functions in PHP scripts.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.

php5-xsl: XSL module for php5

 This package provides a module for XSL using the libxslt XSL parser.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly.