Format: 1.8 Date: Mon, 01 Aug 2016 13:27:52 -0400 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: armel armel_translations Version: 5.3.10-1ubuntu3.24 Distribution: precise Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary) php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mysql - MySQL module for php5 php5-mysqlnd - MySQL module for php5 (Native Driver) php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 1594041 Changes: php5 (5.3.10-1ubuntu3.24) precise-security; urgency=medium . * SECURITY UPDATE: segfault in SplMinHeap::compare - debian/patches/CVE-2015-4116.patch: properly handle count in ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt. - CVE-2015-4116 * SECURITY UPDATE: denial of service via recursive method calls - debian/patches/CVE-2015-8873.patch: add limit to Zend/zend_exceptions.c, add tests to ext/standard/tests/serialize/bug69152.phpt, ext/standard/tests/serialize/bug69793.phpt, sapi/cli/tests/005.phpt. - CVE-2015-8873 * SECURITY UPDATE: denial of service or code execution via crafted serialized data - debian/patches/CVE-2015-8876.patch: fix logic in Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt. - CVE-2015-8876 * SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041) - debian/patches/CVE-2015-8935.patch: update header handling to RFC 7230 in main/SAPI.c, added tests to ext/standard/tests/general_functions/bug60227_*.phpt. - CVE-2015-8935 * SECURITY UPDATE: get_icu_value_internal out-of-bounds read - debian/patches/CVE-2016-5093.patch: add enough space in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72241.phpt. - CVE-2016-5093 * SECURITY UPDATE: integer overflow in php_html_entities() - debian/patches/CVE-2016-5094.patch: don't create strings with lengths outside int range in ext/standard/html.c. - CVE-2016-5094 * SECURITY UPDATE: string overflows in string add operations - debian/patches/CVE-2016-5095.patch: check for size overflow in Zend/zend_operators.c. - CVE-2016-5095 * SECURITY UPDATE: int/size_t confusion in fread - debian/patches/CVE-2016-5096.patch: check string length in ext/standard/file.c, added test to ext/standard/tests/file/bug72114.phpt. - CVE-2016-5096 * SECURITY UPDATE: memory leak and buffer overflow in FPM - debian/patches/CVE-2016-5114.patch: check buffer length in sapi/fpm/fpm/fpm_log.c. - CVE-2016-5114 * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the local environment in ext/standard/basic_functions.c, main/SAPI.c, main/php_variables.c. - CVE-2016-5385 * SECURITY UPDATE: inadequate error handling in bzread() - debian/patches/CVE-2016-5399.patch: do not allow reading past error read in ext/bz2/bz2.c. - CVE-2016-5399 * SECURITY UPDATE: integer overflows in mcrypt - debian/patches/CVE-2016-5769.patch: check for overflow in ext/mcrypt/mcrypt.c. - CVE-2016-5769 * SECURITY UPDATE: double free corruption in wddx_deserialize - debian/patches/CVE-2016-5772.patch: prevent double-free in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt. - CVE-2016-5772 * SECURITY UPDATE: buffer overflow in php_url_parse_ex() - debian/patches/CVE-2016-6288.patch: handle length in ext/standard/url.c. - CVE-2016-6288 * SECURITY UPDATE: integer overflow in the virtual_file_ex function - debian/patches/CVE-2016-6289.patch: properly check path_length in Zend/zend_virtual_cwd.c. - CVE-2016-6289 * SECURITY UPDATE: use after free in unserialize() with unexpected session deserialization - debian/patches/CVE-2016-6290.patch: destroy var_hash properly in ext/session/session.c, added test to ext/session/tests/bug72562.phpt. - CVE-2016-6290 * SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE - debian/patches/CVE-2016-6291.patch: add more bounds checks to ext/exif/exif.c. - CVE-2016-6291 * SECURITY UPDATE: locale_accept_from_http out-of-bounds access - debian/patches/CVE-2016-6294.patch: check length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72533.phpt. - CVE-2016-6294 * SECURITY UPDATE: heap buffer overflow in simplestring_addn - debian/patches/CVE-2016-6296.patch: prevent overflows in ext/xmlrpc/libxmlrpc/simplestring.*. - CVE-2016-6296 * SECURITY UPDATE: integer overflow in php_stream_zip_opener - debian/patches/CVE-2016-6297.patch: use size_t in ext/zip/zip_stream.c. - CVE-2016-6297 * debian/patches/fix_exif_tests.patch: fix exif test results after security changes. Checksums-Sha1: 5f6d6fab0bb240840783895154ca3cb8ece8534b 1758572 php5-common_5.3.10-1ubuntu3.24_armel.deb 8d3386c7d0272af53eda736d2ad5c70ce07340af 2801670 libapache2-mod-php5_5.3.10-1ubuntu3.24_armel.deb fcd4a692de5c1bf54c4750e8d940953a19b29678 2800774 libapache2-mod-php5filter_5.3.10-1ubuntu3.24_armel.deb 8cd6360e7c20680145eeaf392d127a0413c9b766 5579438 php5-cgi_5.3.10-1ubuntu3.24_armel.deb 4c05bb50af4c5ce8b7c92a7ecfaa59a137dd40a5 2787246 php5-cli_5.3.10-1ubuntu3.24_armel.deb ff369940b5a9b57fd4056121d5aeb6d2fb392f8c 2827438 php5-fpm_5.3.10-1ubuntu3.24_armel.deb cfd95ee5739c2e1ba1812f746336c2f3bb98a86e 422792 php5-dev_5.3.10-1ubuntu3.24_armel.deb aa151e8a6e70fea9b54793e211ec5a377f152791 14045174 php5-dbg_5.3.10-1ubuntu3.24_armel.deb 007cfc00f9dea45b898c7043d069da14bc8ebf4b 24346 php5-curl_5.3.10-1ubuntu3.24_armel.deb d9fec38db5ecbf355cb0b9011858d0362e1a39b5 7248 php5-enchant_5.3.10-1ubuntu3.24_armel.deb 7d982205d69cec26efb8e27e81f92078188b6bbb 31688 php5-gd_5.3.10-1ubuntu3.24_armel.deb 646f105ef0fb6b2ffb802d84c6e935fc74d13a30 13318 php5-gmp_5.3.10-1ubuntu3.24_armel.deb 3e2ef001b8bee58105508abe8caaf96d3d4cc76e 49430 php5-intl_5.3.10-1ubuntu3.24_armel.deb 599a54ffd3a8a277b6c3964ebbace422369b1d1c 15736 php5-ldap_5.3.10-1ubuntu3.24_armel.deb d245f66298f1c2bed970f78774407586260038c4 61862 php5-mysql_5.3.10-1ubuntu3.24_armel.deb 2a70f2c137556439cc35977f273da155baf204a7 118552 php5-mysqlnd_5.3.10-1ubuntu3.24_armel.deb 0f79fbda7bcbd1dbab5fdaf93dbed862de86eb5b 28424 php5-odbc_5.3.10-1ubuntu3.24_armel.deb 2cb869153a7c77a8f8e82d79d46aa7d3bf9e55b0 49448 php5-pgsql_5.3.10-1ubuntu3.24_armel.deb 98dcd71bed6f60a57f05840289079163e6aaf3f8 6788 php5-pspell_5.3.10-1ubuntu3.24_armel.deb b6dcb3f54644ee6c4258092aa4c97101a3c775f9 3772 php5-recode_5.3.10-1ubuntu3.24_armel.deb aca8a005269c3c6e2516ddb20457c3d3afe81511 8908 php5-snmp_5.3.10-1ubuntu3.24_armel.deb 6eb3640f09c3cdf847c3411df74685c9abbb992d 19792 php5-sqlite_5.3.10-1ubuntu3.24_armel.deb d02195b28e15277a1fe3d4d17b2bf0acfdf929c7 20474 php5-sybase_5.3.10-1ubuntu3.24_armel.deb 82f8aa51cdbf9531805d13f8a8630dcb400d8ab1 14626 php5-tidy_5.3.10-1ubuntu3.24_armel.deb b20997effab0e42cccfcb2d6e36b551334660ec0 27290 php5-xmlrpc_5.3.10-1ubuntu3.24_armel.deb 06215644ea6aed03d0993c4eadac6394ee279cad 11326 php5-xsl_5.3.10-1ubuntu3.24_armel.deb 87622a32a03821ef720191c617ca179cd55fd92d 86090 php5-intl-dbgsym_5.3.10-1ubuntu3.24_armel.ddeb d3bd6c9495d7fab09a72585d1eb561165849f625 816 php5_5.3.10-1ubuntu3.24_armel_translations.tar.gz Checksums-Sha256: 2cf9aa344123430754b63b0c3bd2c12438ec66574fc9f0a760560b772a0b6cef 1758572 php5-common_5.3.10-1ubuntu3.24_armel.deb fa4cb1fff64b360775e56f0f63f27855df581fe6f678ec835c73790574ce8af6 2801670 libapache2-mod-php5_5.3.10-1ubuntu3.24_armel.deb a91a462ba8ddddf17fa62a4b103bb287581f592eaf7684f90ae32f0ded3221cc 2800774 libapache2-mod-php5filter_5.3.10-1ubuntu3.24_armel.deb c94eb226aec795cc6951a4705262fe0e7e98dc5f3683ef7d722eebc55716fa28 5579438 php5-cgi_5.3.10-1ubuntu3.24_armel.deb 89af11620bffad19ec6090a33985f7c621fad3c5743621412e9c609a330f5322 2787246 php5-cli_5.3.10-1ubuntu3.24_armel.deb 50820b33eaee14f5761d8c82816e87ec544997293de07e567f4d548de8d63228 2827438 php5-fpm_5.3.10-1ubuntu3.24_armel.deb 36ebb6a40e81f1039e8e449cb68f55ee037399871dbef6d08deb6b32a6804ea5 422792 php5-dev_5.3.10-1ubuntu3.24_armel.deb 1facbd58fa72f934e55bbeb5c9748dea4067ae4bced852660371196f7945cc30 14045174 php5-dbg_5.3.10-1ubuntu3.24_armel.deb 674a7b249cbb1c5a6d5351d0defa7071440174118b4622d52903c056ddd1c65a 24346 php5-curl_5.3.10-1ubuntu3.24_armel.deb 94a7a8c2e1cd295cefe3e6862f39cb0e9317679d5bcdcaea638879eb9ec91ec7 7248 php5-enchant_5.3.10-1ubuntu3.24_armel.deb fdd80a62d373a4e07cf31c8e2e1050777ce129dca848d9ee9bea44605dbd0e25 31688 php5-gd_5.3.10-1ubuntu3.24_armel.deb 79a124f3ec70614d77859f737327c9a114cf24bb92898a5a60fd04d4e0cf7097 13318 php5-gmp_5.3.10-1ubuntu3.24_armel.deb ddd805b50b762e31ba25f8ec1c5c93eacbe320e9a5499e18d88e98073eea670e 49430 php5-intl_5.3.10-1ubuntu3.24_armel.deb 5f5f40688ec7c4d6d487b68e6abd6ca72130e249de740acdb04b8b03080cda4a 15736 php5-ldap_5.3.10-1ubuntu3.24_armel.deb db993dafab1d31a5fd2c3fdf07bdcc47ee682b353695263d66be743513732f71 61862 php5-mysql_5.3.10-1ubuntu3.24_armel.deb e5130bc372a1e6f634c3c8cd62b1d9f922aeb9eaf7fd40e63501e0df13f40e4d 118552 php5-mysqlnd_5.3.10-1ubuntu3.24_armel.deb bdef97895605977222a28d55bfd79a74f9a26a9100f664e25e1bd36cbe2289bc 28424 php5-odbc_5.3.10-1ubuntu3.24_armel.deb d8f4bb5bbff82e62b8bf90207530b59626e7e078f6e8b08cbc19ccde3a20cbac 49448 php5-pgsql_5.3.10-1ubuntu3.24_armel.deb 8fed1d5faad3a5e2443b72dd13132910a8838f64fce12e8b29d0ee1e9643b27b 6788 php5-pspell_5.3.10-1ubuntu3.24_armel.deb 43b7efabec6813e7cadad6de9f064b5a3700ea0606269a2c9d7283bcdbfee2f7 3772 php5-recode_5.3.10-1ubuntu3.24_armel.deb e0ee14331ec31b03bb06c1c3d8cc6d6b19f306d1fd3f831318668f0fb3add36f 8908 php5-snmp_5.3.10-1ubuntu3.24_armel.deb d1b839028f79d98e3cef1d7429ae4f423f269ab38ae578eb644095c197a21b9c 19792 php5-sqlite_5.3.10-1ubuntu3.24_armel.deb 00e5826d687f86261ef44610eb0592970a429edfd96723ccca848a977e25779c 20474 php5-sybase_5.3.10-1ubuntu3.24_armel.deb 26f90eedc1a7e9d82f2baef2aa01839d6eab73069fba311185b760f534ceb5c8 14626 php5-tidy_5.3.10-1ubuntu3.24_armel.deb be3a800eeb59a5c31d86bb2a1393a2300eac61f0459102071e95715b0871e140 27290 php5-xmlrpc_5.3.10-1ubuntu3.24_armel.deb 73ccca8baff68ea76b03a300ce53c80a691ab25337acc05a04085cbf2da9f7ec 11326 php5-xsl_5.3.10-1ubuntu3.24_armel.deb 0803dbb5cf6f826b4c1bea529f0af3877e58e654c1308cf1a7d37b887021985a 86090 php5-intl-dbgsym_5.3.10-1ubuntu3.24_armel.ddeb 4785eb9ad3c16919b86ab2e48d212c7267fea650da7bc702be798750c28d17f6 816 php5_5.3.10-1ubuntu3.24_armel_translations.tar.gz Files: fbdcacebec221f448993cdbb2427a16a 1758572 php optional php5-common_5.3.10-1ubuntu3.24_armel.deb 64e816b3c91ebed180a682eed1accc55 2801670 httpd optional libapache2-mod-php5_5.3.10-1ubuntu3.24_armel.deb d698daf8464f5b60aa43b72823fb8c87 2800774 httpd extra libapache2-mod-php5filter_5.3.10-1ubuntu3.24_armel.deb 721bf5fba85dbea392cb51a307c49abe 5579438 php optional php5-cgi_5.3.10-1ubuntu3.24_armel.deb a9a8181f9a7dcc8730e38ba68e8d4c5d 2787246 php optional php5-cli_5.3.10-1ubuntu3.24_armel.deb daf25ef71b3ca5b69aaad6a259bd489e 2827438 php optional php5-fpm_5.3.10-1ubuntu3.24_armel.deb abf4dff65ec02e512b9411d59bfd5a70 422792 php optional php5-dev_5.3.10-1ubuntu3.24_armel.deb a8afdcd30b59fb7d6f02c380283abb88 14045174 debug extra php5-dbg_5.3.10-1ubuntu3.24_armel.deb 837667d2480f823ef8f6ea12d031a83c 24346 php optional php5-curl_5.3.10-1ubuntu3.24_armel.deb 57982ee663eaceaa12bccbac9d3c39ad 7248 php optional php5-enchant_5.3.10-1ubuntu3.24_armel.deb a0f6882d8141b6cbcd07b12a5190acbe 31688 php optional php5-gd_5.3.10-1ubuntu3.24_armel.deb 5d5170b24016edef8512cd6924e0e9b3 13318 php optional php5-gmp_5.3.10-1ubuntu3.24_armel.deb ce5bb3ea47da34b36cd4e5ce04383b2a 49430 php optional php5-intl_5.3.10-1ubuntu3.24_armel.deb 5df2c98094df94b50d75a4fc65503747 15736 php optional php5-ldap_5.3.10-1ubuntu3.24_armel.deb 712cd1672c6596e7273e26f38e3f196c 61862 php optional php5-mysql_5.3.10-1ubuntu3.24_armel.deb bd25d4a052aa65f9156f01e75872e385 118552 php optional php5-mysqlnd_5.3.10-1ubuntu3.24_armel.deb fc06f254f51841e52adbfb7253cbe5a6 28424 php optional php5-odbc_5.3.10-1ubuntu3.24_armel.deb 164a8049e7768b663744b898c6b35724 49448 php optional php5-pgsql_5.3.10-1ubuntu3.24_armel.deb dcd7f72efbc0f596828dda49f180585d 6788 php optional php5-pspell_5.3.10-1ubuntu3.24_armel.deb 1a6432bf469245ab59548679050b1e3d 3772 php optional php5-recode_5.3.10-1ubuntu3.24_armel.deb 34432c64aacf56b188ad76db9e9abae6 8908 php optional php5-snmp_5.3.10-1ubuntu3.24_armel.deb 64bbb0afe68a126c5718db89fda59fed 19792 php optional php5-sqlite_5.3.10-1ubuntu3.24_armel.deb 8ea030748a3fc2d622a5418a46234d29 20474 php optional php5-sybase_5.3.10-1ubuntu3.24_armel.deb c46e424ecde3305e8522c60956182274 14626 php optional php5-tidy_5.3.10-1ubuntu3.24_armel.deb 0f60d9b236009d10a19c03be7527b3e9 27290 php optional php5-xmlrpc_5.3.10-1ubuntu3.24_armel.deb 009fcf5f57a9979d3a176ed3e59f54f6 11326 php optional php5-xsl_5.3.10-1ubuntu3.24_armel.deb 1f62847b6db9c2973580aaab18fde4a1 86090 php extra php5-intl-dbgsym_5.3.10-1ubuntu3.24_armel.ddeb fb7ea45bd3c14970b3ff5fdefd2f1604 816 raw-translations - php5_5.3.10-1ubuntu3.24_armel_translations.tar.gz Original-Maintainer: Debian PHP Maintainers