Format: 1.8 Date: Mon, 01 Aug 2016 13:27:52 -0400 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: armhf armhf_translations Version: 5.3.10-1ubuntu3.24 Distribution: precise Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary) php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mysql - MySQL module for php5 php5-mysqlnd - MySQL module for php5 (Native Driver) php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 1594041 Changes: php5 (5.3.10-1ubuntu3.24) precise-security; urgency=medium . * SECURITY UPDATE: segfault in SplMinHeap::compare - debian/patches/CVE-2015-4116.patch: properly handle count in ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt. - CVE-2015-4116 * SECURITY UPDATE: denial of service via recursive method calls - debian/patches/CVE-2015-8873.patch: add limit to Zend/zend_exceptions.c, add tests to ext/standard/tests/serialize/bug69152.phpt, ext/standard/tests/serialize/bug69793.phpt, sapi/cli/tests/005.phpt. - CVE-2015-8873 * SECURITY UPDATE: denial of service or code execution via crafted serialized data - debian/patches/CVE-2015-8876.patch: fix logic in Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt. - CVE-2015-8876 * SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041) - debian/patches/CVE-2015-8935.patch: update header handling to RFC 7230 in main/SAPI.c, added tests to ext/standard/tests/general_functions/bug60227_*.phpt. - CVE-2015-8935 * SECURITY UPDATE: get_icu_value_internal out-of-bounds read - debian/patches/CVE-2016-5093.patch: add enough space in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72241.phpt. - CVE-2016-5093 * SECURITY UPDATE: integer overflow in php_html_entities() - debian/patches/CVE-2016-5094.patch: don't create strings with lengths outside int range in ext/standard/html.c. - CVE-2016-5094 * SECURITY UPDATE: string overflows in string add operations - debian/patches/CVE-2016-5095.patch: check for size overflow in Zend/zend_operators.c. - CVE-2016-5095 * SECURITY UPDATE: int/size_t confusion in fread - debian/patches/CVE-2016-5096.patch: check string length in ext/standard/file.c, added test to ext/standard/tests/file/bug72114.phpt. - CVE-2016-5096 * SECURITY UPDATE: memory leak and buffer overflow in FPM - debian/patches/CVE-2016-5114.patch: check buffer length in sapi/fpm/fpm/fpm_log.c. - CVE-2016-5114 * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the local environment in ext/standard/basic_functions.c, main/SAPI.c, main/php_variables.c. - CVE-2016-5385 * SECURITY UPDATE: inadequate error handling in bzread() - debian/patches/CVE-2016-5399.patch: do not allow reading past error read in ext/bz2/bz2.c. - CVE-2016-5399 * SECURITY UPDATE: integer overflows in mcrypt - debian/patches/CVE-2016-5769.patch: check for overflow in ext/mcrypt/mcrypt.c. - CVE-2016-5769 * SECURITY UPDATE: double free corruption in wddx_deserialize - debian/patches/CVE-2016-5772.patch: prevent double-free in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt. - CVE-2016-5772 * SECURITY UPDATE: buffer overflow in php_url_parse_ex() - debian/patches/CVE-2016-6288.patch: handle length in ext/standard/url.c. - CVE-2016-6288 * SECURITY UPDATE: integer overflow in the virtual_file_ex function - debian/patches/CVE-2016-6289.patch: properly check path_length in Zend/zend_virtual_cwd.c. - CVE-2016-6289 * SECURITY UPDATE: use after free in unserialize() with unexpected session deserialization - debian/patches/CVE-2016-6290.patch: destroy var_hash properly in ext/session/session.c, added test to ext/session/tests/bug72562.phpt. - CVE-2016-6290 * SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE - debian/patches/CVE-2016-6291.patch: add more bounds checks to ext/exif/exif.c. - CVE-2016-6291 * SECURITY UPDATE: locale_accept_from_http out-of-bounds access - debian/patches/CVE-2016-6294.patch: check length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72533.phpt. - CVE-2016-6294 * SECURITY UPDATE: heap buffer overflow in simplestring_addn - debian/patches/CVE-2016-6296.patch: prevent overflows in ext/xmlrpc/libxmlrpc/simplestring.*. - CVE-2016-6296 * SECURITY UPDATE: integer overflow in php_stream_zip_opener - debian/patches/CVE-2016-6297.patch: use size_t in ext/zip/zip_stream.c. - CVE-2016-6297 * debian/patches/fix_exif_tests.patch: fix exif test results after security changes. Checksums-Sha1: 672e30aff6b9fa418405247725fb8b7c832845b3 1758990 php5-common_5.3.10-1ubuntu3.24_armhf.deb 2d7b37ca2bfc2f4aafeb34a33826495329c36e06 2801394 libapache2-mod-php5_5.3.10-1ubuntu3.24_armhf.deb cde55e52f4827c1276147ad2e1c1a0d77db4d370 2800612 libapache2-mod-php5filter_5.3.10-1ubuntu3.24_armhf.deb 4d3b68b16d2019c2ef11968f80f5e4736bc2bf5e 5578596 php5-cgi_5.3.10-1ubuntu3.24_armhf.deb 4ffe61a938f75e99b4580b35a0af092ac61db825 2786732 php5-cli_5.3.10-1ubuntu3.24_armhf.deb f8323d9c44951bebb744fe7a542dcc8837ac5041 2827482 php5-fpm_5.3.10-1ubuntu3.24_armhf.deb 87290deb8f404a56b7911104159b2c2bfcc70b8a 422750 php5-dev_5.3.10-1ubuntu3.24_armhf.deb 4fedd3d06a290ffc2a8b81e2b2980c44898dee13 14044396 php5-dbg_5.3.10-1ubuntu3.24_armhf.deb ddb947a3998280b38e5f4d1b484d8b15f5817a29 24332 php5-curl_5.3.10-1ubuntu3.24_armhf.deb a2198156839c4b6a0628433702b89ae079667a96 7246 php5-enchant_5.3.10-1ubuntu3.24_armhf.deb 3e3da3f030052f2edc94dff673387f469be3fa18 31596 php5-gd_5.3.10-1ubuntu3.24_armhf.deb a5faef343536a738f089a0c9075622aef1f26d6f 13310 php5-gmp_5.3.10-1ubuntu3.24_armhf.deb fe94a07ac05a7ef6ef5f237759991b66e6af60d9 49410 php5-intl_5.3.10-1ubuntu3.24_armhf.deb 504291e9d2a780777999035629f821aa0a2793e9 15742 php5-ldap_5.3.10-1ubuntu3.24_armhf.deb 9f199dfa4fde006f30f911430e1f537f7670e919 61866 php5-mysql_5.3.10-1ubuntu3.24_armhf.deb df4f6a0c93dd0b416fc2743a5ef54e2d7480a1bc 118566 php5-mysqlnd_5.3.10-1ubuntu3.24_armhf.deb 5a0a69210d4b4ce1f0f1c3e4a029bf1b41833931 28428 php5-odbc_5.3.10-1ubuntu3.24_armhf.deb 0c72b3d9d9fa3ae2e4a15c0c2dfce82c515d2b7c 49468 php5-pgsql_5.3.10-1ubuntu3.24_armhf.deb f60fbfa7f53f0ff33ca7778c5c7940f5836423e3 6798 php5-pspell_5.3.10-1ubuntu3.24_armhf.deb 4e2ed1ad87f48159aa931ee4e817cb644a326944 3778 php5-recode_5.3.10-1ubuntu3.24_armhf.deb a4d8c31ae0afc0cbf16340a7019493de38b1b198 8914 php5-snmp_5.3.10-1ubuntu3.24_armhf.deb 1fc7fa665b5bc82d53856957c0058ea7d49cfa87 19808 php5-sqlite_5.3.10-1ubuntu3.24_armhf.deb b6a0bd8d0bb6fb8fe8b19e73d0d91de8dc46b059 20482 php5-sybase_5.3.10-1ubuntu3.24_armhf.deb efca17cf8f112b5d2b3bd0f44efe95fa233a6b47 14626 php5-tidy_5.3.10-1ubuntu3.24_armhf.deb 18a07832e2a5c5f516002c51c60ebc1173d1dfa7 27324 php5-xmlrpc_5.3.10-1ubuntu3.24_armhf.deb 612f0fd10aeae7c2aac5ebd3ca4f90fd9b2ca32c 11328 php5-xsl_5.3.10-1ubuntu3.24_armhf.deb 58af5dba0914bf4a9c12658c0a17b703e49b9f81 86178 php5-intl-dbgsym_5.3.10-1ubuntu3.24_armhf.ddeb 705d1dd0c0d959361fe356b57d76bdc1baa73695 816 php5_5.3.10-1ubuntu3.24_armhf_translations.tar.gz Checksums-Sha256: 2bb9192f44cfcbd171d5fb7634dbb2cb6f8a97c850b01fdf13f8be0953b44d57 1758990 php5-common_5.3.10-1ubuntu3.24_armhf.deb cb01a27a227e001b298682774db9bc63bfa27fef481ab0991ebac1266e6ed6f9 2801394 libapache2-mod-php5_5.3.10-1ubuntu3.24_armhf.deb 7c6a05343d085e019cce866e37fbdfbb68fb7647e51ffec144ca9aa4bc33fd5c 2800612 libapache2-mod-php5filter_5.3.10-1ubuntu3.24_armhf.deb 182185e96d155b7777b6d3d16e6af12cc1516c8e8b6d04b1cc7925e58407ce5f 5578596 php5-cgi_5.3.10-1ubuntu3.24_armhf.deb 37ad85bed871e9d089ce06596e4ad8266cc5f52c6f05a4a2bd96fde93a91a8b8 2786732 php5-cli_5.3.10-1ubuntu3.24_armhf.deb 6659571c6faf067436bee16b1b64a29a904dcee3e55d58f2f1b7803f8ce63f40 2827482 php5-fpm_5.3.10-1ubuntu3.24_armhf.deb 94536a331f7f7a8f363f130ce040285d73c5ef10103d3dd5ac7a5552fce78778 422750 php5-dev_5.3.10-1ubuntu3.24_armhf.deb 65adc95142ff481ddd6b9d9a030844ee93cf412d68c73cf92a364711f3fdbff5 14044396 php5-dbg_5.3.10-1ubuntu3.24_armhf.deb 2ddeb148d3529a4b577dc659d1fc409e62380ffedd2f41f2d0495c7477641e1c 24332 php5-curl_5.3.10-1ubuntu3.24_armhf.deb b2f190b84721010a85dcd7d33a8689d1fc2cf754308ceb15d1edf14fc9e4675c 7246 php5-enchant_5.3.10-1ubuntu3.24_armhf.deb 2c72fecf23da47eb6daa69b9a20f1ece8ad17efa71d8b86c24f3c5a951d3187f 31596 php5-gd_5.3.10-1ubuntu3.24_armhf.deb 95532036eee4bfc73abc46d528c1391ea22961cbe4f4c0bf391af2b20f7a5ce4 13310 php5-gmp_5.3.10-1ubuntu3.24_armhf.deb bba509406b263dfe1d4343cbe8550aed76fe024a8d2a821faa555d9ddf41d59e 49410 php5-intl_5.3.10-1ubuntu3.24_armhf.deb 2d7d75de010ec509f6de153602395be815c5adbbff901c0b8c37758662e9473a 15742 php5-ldap_5.3.10-1ubuntu3.24_armhf.deb 926d0c92cb724b3918b7d406a86528299d9219ea1597174c49dcff14467862ef 61866 php5-mysql_5.3.10-1ubuntu3.24_armhf.deb 1369d7984277af17bb98482539afeea42a3df4f2f75acc16cc929587d2e6acf0 118566 php5-mysqlnd_5.3.10-1ubuntu3.24_armhf.deb e843115e3deba508d634fee4e6f47f9f5814509bae32dac3df0b92fba53ae80c 28428 php5-odbc_5.3.10-1ubuntu3.24_armhf.deb 208be1b4005a54557596e35305899418c52e88a634afa9d3a476ace89db80d26 49468 php5-pgsql_5.3.10-1ubuntu3.24_armhf.deb 01904edd5f2ae450b5f3a24e9e6537b1bbb212c608d0c684d1861fef4c413feb 6798 php5-pspell_5.3.10-1ubuntu3.24_armhf.deb d2a42cbaf7ba75fb3222cb1d74682664bf58bf27cdd22958c259b007dc7df238 3778 php5-recode_5.3.10-1ubuntu3.24_armhf.deb c4a1b963feaff9ac5bc453c921ab25e57cb04260594b69236e01f8d4c9133232 8914 php5-snmp_5.3.10-1ubuntu3.24_armhf.deb 47baa3e871ff3c36f53ce8ee9d06105669f526a7aa6a7d20f14175908e4925fd 19808 php5-sqlite_5.3.10-1ubuntu3.24_armhf.deb 098865cb8f6f14734b785d1c8e633334a6f8fe74fe17f00367cebf6d61b397e7 20482 php5-sybase_5.3.10-1ubuntu3.24_armhf.deb 702cf5ce7c173cabb9d6eb920b025d614c6dacea99ae1bd0b5c59d5397bb4e61 14626 php5-tidy_5.3.10-1ubuntu3.24_armhf.deb 98976d5a5b74c4ac0de1064ffed3853a07dae7c066c741d5a557ca1c7bbfcc4b 27324 php5-xmlrpc_5.3.10-1ubuntu3.24_armhf.deb 6d25d9c2bf8f6bb30619e748d8916e95320865f3748692073bfcd8e7e1baa6ef 11328 php5-xsl_5.3.10-1ubuntu3.24_armhf.deb 970afeaad03f45661cde5cdc35e21e3c126e0e7fecb9d1559faed55df3d7ecd9 86178 php5-intl-dbgsym_5.3.10-1ubuntu3.24_armhf.ddeb 46058c63d3564d50d5794713f06fe2323c4a8a315c042a53231401a66de40040 816 php5_5.3.10-1ubuntu3.24_armhf_translations.tar.gz Files: b117487f5557a2007180199cf7ab60b4 1758990 php optional php5-common_5.3.10-1ubuntu3.24_armhf.deb 035c437f2ecdfc7403c9fdf934231deb 2801394 httpd optional libapache2-mod-php5_5.3.10-1ubuntu3.24_armhf.deb be3ce83acd16641d371a65fdeeeca5f0 2800612 httpd extra libapache2-mod-php5filter_5.3.10-1ubuntu3.24_armhf.deb 3271ded54b790e206f0ddbbabb0f98fb 5578596 php optional php5-cgi_5.3.10-1ubuntu3.24_armhf.deb 8cfdf2aad3b38ea2adbb5afe75443dcc 2786732 php optional php5-cli_5.3.10-1ubuntu3.24_armhf.deb cc76151903fdb45b4a3d07e617cf6c01 2827482 php optional php5-fpm_5.3.10-1ubuntu3.24_armhf.deb f3adce6ee35322a3cee8bce4a5fc1ea9 422750 php optional php5-dev_5.3.10-1ubuntu3.24_armhf.deb 2494cbbe76a2c5574238bb3ee5ed8a27 14044396 debug extra php5-dbg_5.3.10-1ubuntu3.24_armhf.deb 60cef8817b87fce586a6a0c7403a9aec 24332 php optional php5-curl_5.3.10-1ubuntu3.24_armhf.deb a997d6ea7fbfcc512e2f65cb71ccac57 7246 php optional php5-enchant_5.3.10-1ubuntu3.24_armhf.deb 2d05c0e470afaa12f389bca94a8d1030 31596 php optional php5-gd_5.3.10-1ubuntu3.24_armhf.deb 1d05583efcf0c5888684b28463915442 13310 php optional php5-gmp_5.3.10-1ubuntu3.24_armhf.deb 4f5e0ef3509d2581faa5e557e4592d9f 49410 php optional php5-intl_5.3.10-1ubuntu3.24_armhf.deb 3106c75b1ffe88beadaaf7c0ea0e3ce0 15742 php optional php5-ldap_5.3.10-1ubuntu3.24_armhf.deb 4fdec4978601eb1cb1d24fe841f5027e 61866 php optional php5-mysql_5.3.10-1ubuntu3.24_armhf.deb 0d141e547a60a984ee7384f4e1bdf7aa 118566 php optional php5-mysqlnd_5.3.10-1ubuntu3.24_armhf.deb f0874571f6e1bf2134c97fd3037b01db 28428 php optional php5-odbc_5.3.10-1ubuntu3.24_armhf.deb e0199dc415c2dda4aeb44048a8823495 49468 php optional php5-pgsql_5.3.10-1ubuntu3.24_armhf.deb fabe820212bcaa4f80293a5ffddffa35 6798 php optional php5-pspell_5.3.10-1ubuntu3.24_armhf.deb a6d58412ef5fa50b0b8a41caf78e56e6 3778 php optional php5-recode_5.3.10-1ubuntu3.24_armhf.deb 06ffd3399c5fc7558b10f765276362b5 8914 php optional php5-snmp_5.3.10-1ubuntu3.24_armhf.deb f9ba361350a91e34debd670e0d952acd 19808 php optional php5-sqlite_5.3.10-1ubuntu3.24_armhf.deb df4f19fd089d223535aed0e200466117 20482 php optional php5-sybase_5.3.10-1ubuntu3.24_armhf.deb 9e647e69d6664d77f3abe1f3f1255194 14626 php optional php5-tidy_5.3.10-1ubuntu3.24_armhf.deb 078977b148f503c4b5cf67815bd53ac7 27324 php optional php5-xmlrpc_5.3.10-1ubuntu3.24_armhf.deb 7d5dada1730bbb2b5ec2ee38f3c983b9 11328 php optional php5-xsl_5.3.10-1ubuntu3.24_armhf.deb aceff0378a78adacc4f45967321aa8df 86178 php extra php5-intl-dbgsym_5.3.10-1ubuntu3.24_armhf.ddeb e6c77f597d06c7533aea982ca50917e1 816 raw-translations - php5_5.3.10-1ubuntu3.24_armhf_translations.tar.gz Original-Maintainer: Debian PHP Maintainers