Ubuntu

“php5” 5.3.5-1ubuntu7.1 source package in Ubuntu

Changelog

php5 (5.3.5-1ubuntu7.1) natty-security; urgency=low

  * SECURITY UPDATE: arbitrary files removal via cronjob
    - debian/php5-common.php5.cron.d: take greater care when removing
      session files.
    - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09
    - CVE-2011-0441
  * SECURITY UPDATE: symlink tmp races in pear install
    - debian/patches/php5-pear-CVE-2011-1072.patch: improved
      tempfile handling.
    - debian/rules: apply patch manually after unpacking PEAR phar
      archive.
    - CVE-2011-1072
  * SECURITY UPDATE: more symlink races in pear install
    - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save
      file handler.
    - debian/rules: apply patch manually after unpacking PEAR phar
      archive.
    - CVE-2011-1144
  * SECURITY UPDATE: denial of service through application crash with
    invalid images
    - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing
      steps are either 4 or 16.
    - CVE-2010-4698
  * SECURITY UPDATE: denial of service through application crash
    - debian/patches/php5-CVE-2011-0420.patch: improve grapheme_extract()
      argument validation.
    - CVE-2011-0420
  * SECURITY UPDATE: denial of service through application crash
    - debian/patches/php5-CVE-2011-0421.patch: fail operation gracefully
      when handling zero sized zipfile with the FL_UNCHANGED argument
    - CVE-2011-0421
  * SECURITY UPDATE: denial of service through application crash when
    handling images with invalid exif tags
    - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking
    - CVE-2011-0708
  * SECURITY UPDATE: denial of service and possible data disclosure
    through integer overflow
    - debian/patches/php5-CVE-2011-1092.patch: better boundary
      condition checks in shmop_read()
    - CVE-2011-1092
  * SECURITY UPDATE: use-after-free vulnerability
    - debian/patches/php5-CVE-2011-1148.patch: improve reference
      counting
    - CVE-2011-1148
  * SECURITY UPDATE: format string vulnerability
    - debian/patches/php5-CVE-2011-1153.patch: correctly quote format
      strings
    - CVE-2011-1153
  * SECURITY UPDATE: denial of service through buffer overflow crash
    (code execution mitigated by compilation with Fortify Source)
    - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision
      to ensure fitting within MAX_BUF_SIZE
    - CVE-2011-1464
  * SECURITY UPDATE: denial of service through application crash
    - debian/patches/php5-CVE-2011-1467.patch: check for invalid
      attribute symbols in NumberFormatter::setSymbol()
    - CVE-2011-1467
  * SECURITY UPDATE: denial of service through memory leak
    - debian/patches/php5-CVE-2011-1468.patch: fix memory leak of
      openssl contexts
    - CVE-2011-1468
  * SECURITY UPDATE: denial of service through application crash
    when using HTTP proxy with the FTP wrapper
    - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling
    - CVE-2011-1469
  * SECURITY UPDATE: denial of service through application crash when
    handling ziparchive streams
    - debian/patches/php5-CVE-2011-1470.patch: set necessary elements of
      the meta data structure
    - CVE-2011-1470
  * SECURITY UPDATE: denial of service through application crash when
    handling malformed zip files
    - debian/patches/php5-CVE-2011-1471.patch: correct integer
      signedness error when handling zip_fread() return value.
    - CVE-2011-1471
  * debian/control: replace build-depends on mysql-server with
    mysql-server-core-5.1 and mysql-client-5.1 to avoid upstart and
    mysql-server-5.1 postinst confusion with starting up multiple
    mysqlds listening on the same port.
 -- Steve Beattie <email address hidden>   Tue, 26 Apr 2011 08:34:26 -0700

Upload details

Uploaded by:
Steve Beattie on 2011-04-26
Uploaded to:
Natty
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
any
Section:
php
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
php5_5.3.5.orig.tar.gz 12.7 MiB 1568bff29e1d2c742589dda540e7c2d7
php5_5.3.5-1ubuntu7.1.diff.gz 214.8 KiB a7a1aaef5d25f93e0a83664a287231ed
php5_5.3.5-1ubuntu7.1.dsc 3.2 KiB b6a9c594b0d47f2797a416cc9ee74d44

Binary packages built by this source

libapache2-mod-php5: No summary available for libapache2-mod-php5 in ubuntu natty.

No description available for libapache2-mod-php5 in ubuntu natty.

libapache2-mod-php5filter: No summary available for libapache2-mod-php5filter in ubuntu natty.

No description available for libapache2-mod-php5filter in ubuntu natty.

php-pear: No summary available for php-pear in ubuntu natty.

No description available for php-pear in ubuntu natty.

php5: No summary available for php5 in ubuntu natty.

No description available for php5 in ubuntu natty.

php5-cgi: No summary available for php5-cgi in ubuntu natty.

No description available for php5-cgi in ubuntu natty.

php5-cli: No summary available for php5-cli in ubuntu natty.

No description available for php5-cli in ubuntu natty.

php5-common: Common files for packages built from the php5 source

 This package contains the documentation and example files relevant to all
 the other packages built from the php5 source.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly. This version of PHP5 was built
 with the Suhosin patch.

php5-curl: CURL module for php5

 CURL is a library for getting files from FTP, GOPHER, HTTP server.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly. This version of PHP5 was built
 with the Suhosin patch.

php5-dbg: No summary available for php5-dbg in ubuntu natty.

No description available for php5-dbg in ubuntu natty.

php5-dev: Files for PHP5 module development

 This package provides the files from the PHP5 source needed for compiling
 additional modules.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly. This version of PHP5 was built
 with the Suhosin patch.

php5-enchant: No summary available for php5-enchant in ubuntu natty.

No description available for php5-enchant in ubuntu natty.

php5-fpm: server-side, HTML-embedded scripting language (FPM-CGI binary)

 This package provides the Fast Process Manager interpreter that runs
 as a daemon and receives Fast/CGI requests. Note that MOST Apache users
 probably want the libapache2-mod-php5 package.
 The following extensions are built in: bcmath bz2 calendar Core ctype date
  dba dom ereg exif fileinfo filter ftp gettext hash iconv json libxml
  mbstring mhash openssl pcre Phar posix Reflection session shmop SimpleXML
  soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer wddx xml
  xmlreader xmlwriter zip zlib.
 .
 PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
 from C, Java and Perl with a couple of unique PHP-specific features thrown
 in. The goal of the language is to allow web developers to write dynamically
 generated pages quickly. This version of PHP5 was built with the Suhosin patch.

php5-gd: No summary available for php5-gd in ubuntu natty.

No description available for php5-gd in ubuntu natty.

php5-gmp: GMP module for php5

 This package provides a module for arbitrary precision arithmetic via the
 GNU Multiple Precision (GMP) Arithmetic Library.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly. This version of PHP5 was built
 with the Suhosin patch.

php5-intl: internationalisation module for php5

 This package provides a module to ease internationalisation of PHP scripts.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly. This version of PHP5 was built
 with the Suhosin patch.

php5-ldap: LDAP module for php5

 This package provides a module for LDAP functions in PHP scripts.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly. This version of PHP5 was built
 with the Suhosin patch.

php5-mysql: MySQL module for php5

 This package provides modules for MySQL database connections directly from
 PHP scripts. It includes the generic "mysql" module which can be used
 to connect to all versions of MySQL, an improved "mysqli" module for
 MySQL version 4.1 or later, and the pdo_mysql module for use with
 the PHP Data Object extension.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly. This version of PHP5 was built
 with the Suhosin patch.

php5-odbc: ODBC module for php5

 This package provides a module for database access through ODBC drivers.
 It uses the unixODBC library as an ODBC provider. It also contains the
 pdo_odbc module, for use with the PHP Data Object extension.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly. This version of PHP5 was built
 with the Suhosin patch.

php5-pgsql: No summary available for php5-pgsql in ubuntu natty.

No description available for php5-pgsql in ubuntu natty.

php5-pspell: No summary available for php5-pspell in ubuntu natty.

No description available for php5-pspell in ubuntu natty.

php5-recode: recode module for php5

 This package provides a module for recode - character set recoding.
 .
 PHP5 is a widely-used general-purpose scripting language that is
 especially suited for Web development and can be embedded into HTML.
 The goal of the language is to allow web developers to write
 dynamically generated pages quickly. This version of PHP5 was built
 with the Suhosin patch.

php5-snmp: No summary available for php5-snmp in ubuntu natty.

No description available for php5-snmp in ubuntu natty.

php5-sqlite: No summary available for php5-sqlite in ubuntu natty.

No description available for php5-sqlite in ubuntu natty.

php5-sybase: No summary available for php5-sybase in ubuntu natty.

No description available for php5-sybase in ubuntu natty.

php5-tidy: No summary available for php5-tidy in ubuntu natty.

No description available for php5-tidy in ubuntu natty.

php5-xmlrpc: No summary available for php5-xmlrpc in ubuntu natty.

No description available for php5-xmlrpc in ubuntu natty.

php5-xsl: No summary available for php5-xsl in ubuntu natty.

No description available for php5-xsl in ubuntu natty.