php5 5.6.11+dfsg-1ubuntu3.2 source package in Ubuntu

Changelog

php5 (5.6.11+dfsg-1ubuntu3.2) wily-security; urgency=medium

  * SECURITY UPDATE: directory traversal in ZipArchive::extractTo
    - debian/patches/CVE-2014-9767.patch: use proper path in
      ext/zip/php_zip.c, added test to ext/zip/tests/bug70350.phpt.
    - CVE-2014-9767
  * SECURITY UPDATE: type confusion issue in SoapClient
    - debian/patches/CVE-2015-8835.patch: check types in
      ext/soap/php_http.c.
    - CVE-2015-8835
    - CVE-2016-3185
  * SECURITY UPDATE: denial of service or memory disclosure in gd via large
    bgd_color argument to imagerotate
    - debian/patches/CVE-2016-1903.patch: check bgcolor in
      ext/gd/libgd/gd_interpolation.c, added test to
      ext/gd/tests/bug70976.phpt.
    - CVE-2016-1903
  * SECURITY UPDATE: stack overflow when decompressing tar archives
    - debian/patches/CVE-2016-2554.patch: handle non-terminated linknames
      in ext/phar/tar.c.
    - CVE-2016-2554
  * SECURITY UPDATE: use-after-free in WDDX
    - debian/patches/CVE-2016-3141.patch: fix stack in ext/wddx/wddx.c,
      added test to ext/wddx/tests/bug71587.phpt.
    - CVE-2016-3141
  * SECURITY UPDATE: out-of-Bound Read in phar_parse_zipfile()
    - debian/patches/CVE-2016-3142.patch: check bounds in ext/phar/zip.c.
    - CVE-2016-3142
  * SECURITY UPDATE: openssl_random_pseudo_bytes() is not cryptographically
    secure
    - debian/patches/bug70014.patch: use RAND_bytes instead of deprecated
      RAND_pseudo_bytes in ext/openssl/openssl.c.
    - No CVE number
  * SECURITY UPDATE: buffer over-write in finfo_open with malformed magic
    file
    - debian/patches/bug71527.patch: properly calculate length in
      ext/fileinfo/libmagic/funcs.c, added test to
      ext/fileinfo/tests/bug71527.magic.
    - CVE number pending
  * SECURITY UPDATE: php_snmp_error() format string Vulnerability
    - debian/patches/bug71704.patch: use format string in ext/snmp/snmp.c.
    - CVE number pending
  * SECURITY UPDATE: integer overflow in php_raw_url_encode
    - debian/patches/bug71798.patch: use size_t in ext/standard/url.c.
    - CVE number pending
  * SECURITY UPDATE: invalid memory write in phar on filename containing
    NULL
    - debian/patches/bug71860.patch: require valid paths in
      ext/phar/phar.c, ext/phar/phar_object.c, fix tests in
      ext/phar/tests/badparameters.phpt,
      ext/phar/tests/bug64931/bug64931.phpt,
      ext/phar/tests/create_path_error.phpt,
      ext/phar/tests/phar_extract.phpt,
      ext/phar/tests/phar_isvalidpharfilename.phpt,
      ext/phar/tests/phar_unlinkarchive.phpt,
      ext/phar/tests/pharfileinfo_construct.phpt.
    - CVE number pending
  * SECURITY UPDATE: invalid negative size in mbfl_strcut
    - debian/patches/bug71906.patch: fix length checks in
      ext/mbstring/libmbfl/mbfl/mbfilter.c.
    - CVE number pending

 -- Marc Deslauriers <email address hidden>  Fri, 15 Apr 2016 10:37:57 -0400

Upload details

Uploaded by:
Marc Deslauriers on 2016-04-15
Uploaded to:
Wily
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
php
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
php5_5.6.11+dfsg.orig.tar.xz 11.0 MiB d3d0c57daa5d7111bccaef80d05c46c223ef98a559f4117d615cb4f310aea9a5
php5_5.6.11+dfsg-1ubuntu3.2.debian.tar.xz 145.8 KiB cf1d23ec2b6c65ee6975a130a5e230640fd12d50e622f06a72a3c803bdf9ba96
php5_5.6.11+dfsg-1ubuntu3.2.dsc 4.7 KiB 6370f54495628a8959c70b29efa005956a285fa4dfecddce64587f9af934496c

View changes file

Binary packages built by this source

libapache2-mod-php5: No summary available for libapache2-mod-php5 in ubuntu wily.

No description available for libapache2-mod-php5 in ubuntu wily.

libapache2-mod-php5-dbgsym: No summary available for libapache2-mod-php5-dbgsym in ubuntu wily.

No description available for libapache2-mod-php5-dbgsym in ubuntu wily.

libapache2-mod-php5filter: No summary available for libapache2-mod-php5filter in ubuntu wily.

No description available for libapache2-mod-php5filter in ubuntu wily.

libapache2-mod-php5filter-dbgsym: No summary available for libapache2-mod-php5filter-dbgsym in ubuntu wily.

No description available for libapache2-mod-php5filter-dbgsym in ubuntu wily.

libphp5-embed: No summary available for libphp5-embed in ubuntu wily.

No description available for libphp5-embed in ubuntu wily.

libphp5-embed-dbgsym: No summary available for libphp5-embed-dbgsym in ubuntu wily.

No description available for libphp5-embed-dbgsym in ubuntu wily.

php-pear: No summary available for php-pear in ubuntu wily.

No description available for php-pear in ubuntu wily.

php5: No summary available for php5 in ubuntu wily.

No description available for php5 in ubuntu wily.

php5-cgi: No summary available for php5-cgi in ubuntu wily.

No description available for php5-cgi in ubuntu wily.

php5-cgi-dbgsym: No summary available for php5-cgi-dbgsym in ubuntu wily.

No description available for php5-cgi-dbgsym in ubuntu wily.

php5-cli: No summary available for php5-cli in ubuntu wily.

No description available for php5-cli in ubuntu wily.

php5-cli-dbgsym: No summary available for php5-cli-dbgsym in ubuntu wily.

No description available for php5-cli-dbgsym in ubuntu wily.

php5-common: No summary available for php5-common in ubuntu wily.

No description available for php5-common in ubuntu wily.

php5-common-dbgsym: No summary available for php5-common-dbgsym in ubuntu wily.

No description available for php5-common-dbgsym in ubuntu wily.

php5-curl: No summary available for php5-curl in ubuntu wily.

No description available for php5-curl in ubuntu wily.

php5-curl-dbgsym: No summary available for php5-curl-dbgsym in ubuntu wily.

No description available for php5-curl-dbgsym in ubuntu wily.

php5-dbg: No summary available for php5-dbg in ubuntu wily.

No description available for php5-dbg in ubuntu wily.

php5-dev: No summary available for php5-dev in ubuntu wily.

No description available for php5-dev in ubuntu wily.

php5-dev-dbgsym: No summary available for php5-dev-dbgsym in ubuntu wily.

No description available for php5-dev-dbgsym in ubuntu wily.

php5-enchant: No summary available for php5-enchant in ubuntu wily.

No description available for php5-enchant in ubuntu wily.

php5-enchant-dbgsym: No summary available for php5-enchant-dbgsym in ubuntu wily.

No description available for php5-enchant-dbgsym in ubuntu wily.

php5-fpm: No summary available for php5-fpm in ubuntu wily.

No description available for php5-fpm in ubuntu wily.

php5-fpm-dbgsym: No summary available for php5-fpm-dbgsym in ubuntu wily.

No description available for php5-fpm-dbgsym in ubuntu wily.

php5-gd: No summary available for php5-gd in ubuntu wily.

No description available for php5-gd in ubuntu wily.

php5-gd-dbgsym: No summary available for php5-gd-dbgsym in ubuntu wily.

No description available for php5-gd-dbgsym in ubuntu wily.

php5-gmp: No summary available for php5-gmp in ubuntu wily.

No description available for php5-gmp in ubuntu wily.

php5-gmp-dbgsym: No summary available for php5-gmp-dbgsym in ubuntu wily.

No description available for php5-gmp-dbgsym in ubuntu wily.

php5-intl: No summary available for php5-intl in ubuntu wily.

No description available for php5-intl in ubuntu wily.

php5-intl-dbgsym: No summary available for php5-intl-dbgsym in ubuntu wily.

No description available for php5-intl-dbgsym in ubuntu wily.

php5-ldap: No summary available for php5-ldap in ubuntu wily.

No description available for php5-ldap in ubuntu wily.

php5-ldap-dbgsym: No summary available for php5-ldap-dbgsym in ubuntu wily.

No description available for php5-ldap-dbgsym in ubuntu wily.

php5-mysql: No summary available for php5-mysql in ubuntu wily.

No description available for php5-mysql in ubuntu wily.

php5-mysql-dbgsym: No summary available for php5-mysql-dbgsym in ubuntu wily.

No description available for php5-mysql-dbgsym in ubuntu wily.

php5-mysqlnd: No summary available for php5-mysqlnd in ubuntu wily.

No description available for php5-mysqlnd in ubuntu wily.

php5-mysqlnd-dbgsym: No summary available for php5-mysqlnd-dbgsym in ubuntu wily.

No description available for php5-mysqlnd-dbgsym in ubuntu wily.

php5-odbc: No summary available for php5-odbc in ubuntu wily.

No description available for php5-odbc in ubuntu wily.

php5-odbc-dbgsym: No summary available for php5-odbc-dbgsym in ubuntu wily.

No description available for php5-odbc-dbgsym in ubuntu wily.

php5-pgsql: No summary available for php5-pgsql in ubuntu wily.

No description available for php5-pgsql in ubuntu wily.

php5-pgsql-dbgsym: No summary available for php5-pgsql-dbgsym in ubuntu wily.

No description available for php5-pgsql-dbgsym in ubuntu wily.

php5-phpdbg: No summary available for php5-phpdbg in ubuntu wily.

No description available for php5-phpdbg in ubuntu wily.

php5-phpdbg-dbgsym: No summary available for php5-phpdbg-dbgsym in ubuntu wily.

No description available for php5-phpdbg-dbgsym in ubuntu wily.

php5-pspell: No summary available for php5-pspell in ubuntu wily.

No description available for php5-pspell in ubuntu wily.

php5-pspell-dbgsym: No summary available for php5-pspell-dbgsym in ubuntu wily.

No description available for php5-pspell-dbgsym in ubuntu wily.

php5-readline: No summary available for php5-readline in ubuntu wily.

No description available for php5-readline in ubuntu wily.

php5-readline-dbgsym: No summary available for php5-readline-dbgsym in ubuntu wily.

No description available for php5-readline-dbgsym in ubuntu wily.

php5-recode: No summary available for php5-recode in ubuntu wily.

No description available for php5-recode in ubuntu wily.

php5-recode-dbgsym: No summary available for php5-recode-dbgsym in ubuntu wily.

No description available for php5-recode-dbgsym in ubuntu wily.

php5-snmp: No summary available for php5-snmp in ubuntu wily.

No description available for php5-snmp in ubuntu wily.

php5-snmp-dbgsym: No summary available for php5-snmp-dbgsym in ubuntu wily.

No description available for php5-snmp-dbgsym in ubuntu wily.

php5-sqlite: No summary available for php5-sqlite in ubuntu wily.

No description available for php5-sqlite in ubuntu wily.

php5-sqlite-dbgsym: No summary available for php5-sqlite-dbgsym in ubuntu wily.

No description available for php5-sqlite-dbgsym in ubuntu wily.

php5-sybase: No summary available for php5-sybase in ubuntu wily.

No description available for php5-sybase in ubuntu wily.

php5-sybase-dbgsym: No summary available for php5-sybase-dbgsym in ubuntu wily.

No description available for php5-sybase-dbgsym in ubuntu wily.

php5-tidy: No summary available for php5-tidy in ubuntu wily.

No description available for php5-tidy in ubuntu wily.

php5-tidy-dbgsym: No summary available for php5-tidy-dbgsym in ubuntu wily.

No description available for php5-tidy-dbgsym in ubuntu wily.

php5-xmlrpc: No summary available for php5-xmlrpc in ubuntu wily.

No description available for php5-xmlrpc in ubuntu wily.

php5-xmlrpc-dbgsym: No summary available for php5-xmlrpc-dbgsym in ubuntu wily.

No description available for php5-xmlrpc-dbgsym in ubuntu wily.

php5-xsl: No summary available for php5-xsl in ubuntu wily.

No description available for php5-xsl in ubuntu wily.

php5-xsl-dbgsym: No summary available for php5-xsl-dbgsym in ubuntu wily.

No description available for php5-xsl-dbgsym in ubuntu wily.