Format: 1.8 Date: Mon, 01 Aug 2016 13:27:52 -0400 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: i386 i386_translations all Version: 5.3.10-1ubuntu3.24 Distribution: precise Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary) php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mysql - MySQL module for php5 php5-mysqlnd - MySQL module for php5 (Native Driver) php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 1594041 Changes: php5 (5.3.10-1ubuntu3.24) precise-security; urgency=medium . * SECURITY UPDATE: segfault in SplMinHeap::compare - debian/patches/CVE-2015-4116.patch: properly handle count in ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt. - CVE-2015-4116 * SECURITY UPDATE: denial of service via recursive method calls - debian/patches/CVE-2015-8873.patch: add limit to Zend/zend_exceptions.c, add tests to ext/standard/tests/serialize/bug69152.phpt, ext/standard/tests/serialize/bug69793.phpt, sapi/cli/tests/005.phpt. - CVE-2015-8873 * SECURITY UPDATE: denial of service or code execution via crafted serialized data - debian/patches/CVE-2015-8876.patch: fix logic in Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt. - CVE-2015-8876 * SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041) - debian/patches/CVE-2015-8935.patch: update header handling to RFC 7230 in main/SAPI.c, added tests to ext/standard/tests/general_functions/bug60227_*.phpt. - CVE-2015-8935 * SECURITY UPDATE: get_icu_value_internal out-of-bounds read - debian/patches/CVE-2016-5093.patch: add enough space in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72241.phpt. - CVE-2016-5093 * SECURITY UPDATE: integer overflow in php_html_entities() - debian/patches/CVE-2016-5094.patch: don't create strings with lengths outside int range in ext/standard/html.c. - CVE-2016-5094 * SECURITY UPDATE: string overflows in string add operations - debian/patches/CVE-2016-5095.patch: check for size overflow in Zend/zend_operators.c. - CVE-2016-5095 * SECURITY UPDATE: int/size_t confusion in fread - debian/patches/CVE-2016-5096.patch: check string length in ext/standard/file.c, added test to ext/standard/tests/file/bug72114.phpt. - CVE-2016-5096 * SECURITY UPDATE: memory leak and buffer overflow in FPM - debian/patches/CVE-2016-5114.patch: check buffer length in sapi/fpm/fpm/fpm_log.c. - CVE-2016-5114 * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the local environment in ext/standard/basic_functions.c, main/SAPI.c, main/php_variables.c. - CVE-2016-5385 * SECURITY UPDATE: inadequate error handling in bzread() - debian/patches/CVE-2016-5399.patch: do not allow reading past error read in ext/bz2/bz2.c. - CVE-2016-5399 * SECURITY UPDATE: integer overflows in mcrypt - debian/patches/CVE-2016-5769.patch: check for overflow in ext/mcrypt/mcrypt.c. - CVE-2016-5769 * SECURITY UPDATE: double free corruption in wddx_deserialize - debian/patches/CVE-2016-5772.patch: prevent double-free in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt. - CVE-2016-5772 * SECURITY UPDATE: buffer overflow in php_url_parse_ex() - debian/patches/CVE-2016-6288.patch: handle length in ext/standard/url.c. - CVE-2016-6288 * SECURITY UPDATE: integer overflow in the virtual_file_ex function - debian/patches/CVE-2016-6289.patch: properly check path_length in Zend/zend_virtual_cwd.c. - CVE-2016-6289 * SECURITY UPDATE: use after free in unserialize() with unexpected session deserialization - debian/patches/CVE-2016-6290.patch: destroy var_hash properly in ext/session/session.c, added test to ext/session/tests/bug72562.phpt. - CVE-2016-6290 * SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE - debian/patches/CVE-2016-6291.patch: add more bounds checks to ext/exif/exif.c. - CVE-2016-6291 * SECURITY UPDATE: locale_accept_from_http out-of-bounds access - debian/patches/CVE-2016-6294.patch: check length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72533.phpt. - CVE-2016-6294 * SECURITY UPDATE: heap buffer overflow in simplestring_addn - debian/patches/CVE-2016-6296.patch: prevent overflows in ext/xmlrpc/libxmlrpc/simplestring.*. - CVE-2016-6296 * SECURITY UPDATE: integer overflow in php_stream_zip_opener - debian/patches/CVE-2016-6297.patch: use size_t in ext/zip/zip_stream.c. - CVE-2016-6297 * debian/patches/fix_exif_tests.patch: fix exif test results after security changes. Checksums-Sha1: e6e97c960a90e61056e207df8a04e4db491bbe2e 164878 php5-common_5.3.10-1ubuntu3.24_i386.deb b57b1c5343ebaff5af0ceccdd76c29ce8554c3f7 3110858 libapache2-mod-php5_5.3.10-1ubuntu3.24_i386.deb 766c76e264509d85dea484767e61c5b751cc6424 3110746 libapache2-mod-php5filter_5.3.10-1ubuntu3.24_i386.deb d534d66f282135edde57ad36986d1dd146376e6d 6183364 php5-cgi_5.3.10-1ubuntu3.24_i386.deb a80714da9b61c7497a22faa8019d1d1368131a77 3087238 php5-cli_5.3.10-1ubuntu3.24_i386.deb 746ca5a5ab1ff965b874d67497f2a400269b7d03 3136776 php5-fpm_5.3.10-1ubuntu3.24_i386.deb e20d6d2219a67cd6541e7da0ca2e8306567635e6 422538 php5-dev_5.3.10-1ubuntu3.24_i386.deb a5c1bc24955a0dd73347fec90c89e030400b9400 13793186 php5-dbg_5.3.10-1ubuntu3.24_i386.deb 15403634b6f1a71a0ea6fda71817cbbb4e48aeb9 28032 php5-curl_5.3.10-1ubuntu3.24_i386.deb 47da021c2d07df9b34d0753d7e423b5030b8ce9f 8602 php5-enchant_5.3.10-1ubuntu3.24_i386.deb 1e110b9fd2696cc2c9858a6e307ceb302a5ef7dd 37554 php5-gd_5.3.10-1ubuntu3.24_i386.deb 5003b18f408e9ac8ef44bfcc324b3aa81a66eaf1 15232 php5-gmp_5.3.10-1ubuntu3.24_i386.deb 552c8cc63090326505ac1dbd22312cf0738a5099 60050 php5-intl_5.3.10-1ubuntu3.24_i386.deb 4206a47ccdb2960d27a4485dc1f69936106610a5 18470 php5-ldap_5.3.10-1ubuntu3.24_i386.deb a5f94d3ab7350a7b51f7915c746966d40795ac72 73558 php5-mysql_5.3.10-1ubuntu3.24_i386.deb 8d6a770df6bd7a0645cbbad47c674b64568b0224 141462 php5-mysqlnd_5.3.10-1ubuntu3.24_i386.deb 3020aeab8ce1b186d901ad79ac842f3450ae0140 34122 php5-odbc_5.3.10-1ubuntu3.24_i386.deb f5666d5e7c2905463f4bccf323e4d5e1ad37acbf 57676 php5-pgsql_5.3.10-1ubuntu3.24_i386.deb 736536e65ca483c282ecb91c1ff6f5c045721508 8084 php5-pspell_5.3.10-1ubuntu3.24_i386.deb fd7a2533d52a23f611b0d012cf9fbf5aa1f94ed6 4296 php5-recode_5.3.10-1ubuntu3.24_i386.deb 28147f95cfe1b74aeec969f64880b0f05c798955 10480 php5-snmp_5.3.10-1ubuntu3.24_i386.deb 423de68f91964d7aadaaeba23ed758132b500f37 26486 php5-sqlite_5.3.10-1ubuntu3.24_i386.deb 8ec3014b8e6693288d54b44d1904cd2073ae5267 25034 php5-sybase_5.3.10-1ubuntu3.24_i386.deb 4987f2d357b33ad2e6f1a7ebb9c245f68a908d0e 17896 php5-tidy_5.3.10-1ubuntu3.24_i386.deb ab7428fc3f7b563b0412a6d7f499164f940fb27a 35876 php5-xmlrpc_5.3.10-1ubuntu3.24_i386.deb 53efcf0208bb13db07909c7d7a98d71e2781a83a 13586 php5-xsl_5.3.10-1ubuntu3.24_i386.deb db1339b153c192266024c7d83017164b6f5fa79f 85428 php5-intl-dbgsym_5.3.10-1ubuntu3.24_i386.ddeb 90b16196d8c13042c617c3a86619ebbb8b2cd7a1 813 php5_5.3.10-1ubuntu3.24_i386_translations.tar.gz 8be14c6e3d0a17ac5c9bea11ce896d66ac138892 1078 php5_5.3.10-1ubuntu3.24_all.deb 615e977f175cc7a7aabcd489fcbf6cfc42413e1c 368282 php-pear_5.3.10-1ubuntu3.24_all.deb Checksums-Sha256: 29d154c92a9b7083e86bcdd0de58f91eeae9166153b62ddcb6ec91a5f102a0e0 164878 php5-common_5.3.10-1ubuntu3.24_i386.deb 7c2e1f881e24bc5052bb86e895bb929c6a05b4c4142e58b96438f21dad564e4f 3110858 libapache2-mod-php5_5.3.10-1ubuntu3.24_i386.deb 23b801127667215e2c372c2665cc1b67222bd90757bc123afe1f329b13a71903 3110746 libapache2-mod-php5filter_5.3.10-1ubuntu3.24_i386.deb 26b1831bb21313e0af2b8c3aad92e1fd7480622a86a2328832c667d86cfb0006 6183364 php5-cgi_5.3.10-1ubuntu3.24_i386.deb dd13cdbd8dca4a76648bbd3b6ac97e34195fe7de1ddc4d6638df55e5c0278783 3087238 php5-cli_5.3.10-1ubuntu3.24_i386.deb 4882c158f9e79740b90dca65000599e54862d7f16bbe7407a704fa658957d4b3 3136776 php5-fpm_5.3.10-1ubuntu3.24_i386.deb 80f95f3e31071ac987342797d310a5b8fbb8807d7b13e42caf865dffc08ddb83 422538 php5-dev_5.3.10-1ubuntu3.24_i386.deb dfce0e09c5407cbba967367e43c4493725b376359a2fa9006c5760bc27f0618a 13793186 php5-dbg_5.3.10-1ubuntu3.24_i386.deb 35ca009a492daac00242076151b3cf3469ed1c7b9a2e8f43c47497a148728c9c 28032 php5-curl_5.3.10-1ubuntu3.24_i386.deb ace39b3f29bfd7709042172c001e6320f08e71646cdfb1bbfd0a17147d607874 8602 php5-enchant_5.3.10-1ubuntu3.24_i386.deb cf8f21b10f0c9331654a40958b72210ada6abc739f543f84e0a50f6bd9c81076 37554 php5-gd_5.3.10-1ubuntu3.24_i386.deb 1c1af26c9613bfdebf36e4e22e34644ec8f35e1fd179e19d1be6b2df8420b085 15232 php5-gmp_5.3.10-1ubuntu3.24_i386.deb 73ffd67e3d053f0c9f03e7fc0e73fe6d2499d4de891330f18f92fc6c6b57e0c7 60050 php5-intl_5.3.10-1ubuntu3.24_i386.deb d9a6627cbd83249e43921e8f0e41cd8827d682d0712b3edaa613db11fac22768 18470 php5-ldap_5.3.10-1ubuntu3.24_i386.deb 2ba991c061956264c434255f1f508cd05944181a5f774a1418c847bb83bda04d 73558 php5-mysql_5.3.10-1ubuntu3.24_i386.deb 827403c4b4fce6508dc62aa8cacfa91c47a71dd677e34c1d5f4aabb9845b6cb0 141462 php5-mysqlnd_5.3.10-1ubuntu3.24_i386.deb 0747d87955a222d07d52fa9476611a1eef349b41e9cc0e552c783d957fcd0dd3 34122 php5-odbc_5.3.10-1ubuntu3.24_i386.deb c0f303f86e5f9e3b4da7d5732909282ad0d2486269ec1e21ac17793a1047ad03 57676 php5-pgsql_5.3.10-1ubuntu3.24_i386.deb 59257ef41e72658c9a7dc0cbc731daa82d161e0bbe5362bd2a4b7453a83eab1b 8084 php5-pspell_5.3.10-1ubuntu3.24_i386.deb 2b4be350ffd1dc1d2f12309b8f60c2853a31c604d7c1820525ee0759bbb7fabb 4296 php5-recode_5.3.10-1ubuntu3.24_i386.deb 85c33010e2a6aa0d2149ab21c082da49454832e56add8ea3990dc382452aeba9 10480 php5-snmp_5.3.10-1ubuntu3.24_i386.deb b416cf45af643d985c22272c9ef759ab969d65a27aa0183d76379670c5ce0b51 26486 php5-sqlite_5.3.10-1ubuntu3.24_i386.deb 94101e16694fc7cd75c72d1a574406d939de28e6b41001063ddc6a2d35dbe6b1 25034 php5-sybase_5.3.10-1ubuntu3.24_i386.deb 61e7b5445909da21180998e318fca54d44c532dfe44adda1e23389eda8c92f3c 17896 php5-tidy_5.3.10-1ubuntu3.24_i386.deb b1d3ff2c8c27fd55f1a6963a93cddc3b4101b1ed7ceb5bf064c13c83a17dd730 35876 php5-xmlrpc_5.3.10-1ubuntu3.24_i386.deb 652a45e90a91d69410a776dcb6809ea2960f1901042ff5b4d9e4b644ddfe3433 13586 php5-xsl_5.3.10-1ubuntu3.24_i386.deb 90e78bdf28c7eb0140ca7539dcfdcaffd3494f4f1b7d418c3c23e7282241cf37 85428 php5-intl-dbgsym_5.3.10-1ubuntu3.24_i386.ddeb b234038758077ae9e830f12bdc0cc5a7efec41269288cfae739404b4a3a41190 813 php5_5.3.10-1ubuntu3.24_i386_translations.tar.gz df69fb56a7030275996d9209c4279aa4f7511e3b073ddb70b77fdb54ffe39a96 1078 php5_5.3.10-1ubuntu3.24_all.deb 14edc03a3ec39f0674df27ca3c8258e8f9641be60849f50b6326d284c6780ccc 368282 php-pear_5.3.10-1ubuntu3.24_all.deb Files: 1e93e156ae5e836238e62c2760543827 164878 php optional php5-common_5.3.10-1ubuntu3.24_i386.deb 2b9c36b6cc8aa5b537be3d58675a5998 3110858 httpd optional libapache2-mod-php5_5.3.10-1ubuntu3.24_i386.deb f11c9dd5d5d57d4e60ce25faf4362f54 3110746 httpd extra libapache2-mod-php5filter_5.3.10-1ubuntu3.24_i386.deb cd3949d0ffd96603d879b33c6279f1e4 6183364 php optional php5-cgi_5.3.10-1ubuntu3.24_i386.deb 58f2332ec1ff3527d6ee7918047f2aa4 3087238 php optional php5-cli_5.3.10-1ubuntu3.24_i386.deb a4e576f5cca74a225ce27342057710e8 3136776 php optional php5-fpm_5.3.10-1ubuntu3.24_i386.deb 1611ff8fc62d1fbae93f6eedaed4e10d 422538 php optional php5-dev_5.3.10-1ubuntu3.24_i386.deb d1a04a9089ccb2bd449447ae231a9216 13793186 debug extra php5-dbg_5.3.10-1ubuntu3.24_i386.deb b772d968a2499a0e446035dae9d028a2 28032 php optional php5-curl_5.3.10-1ubuntu3.24_i386.deb 54bdf2758eab9f3cfea0e9d4094081dd 8602 php optional php5-enchant_5.3.10-1ubuntu3.24_i386.deb 09cce3632052e426eec4e983aeb75c09 37554 php optional php5-gd_5.3.10-1ubuntu3.24_i386.deb da9f912f6549aa721dfb275bff9a1c5c 15232 php optional php5-gmp_5.3.10-1ubuntu3.24_i386.deb eec79484622fb6e5dc237cf946ed2b3d 60050 php optional php5-intl_5.3.10-1ubuntu3.24_i386.deb 0e641b12a9b7f6626f06776ea5e58f2f 18470 php optional php5-ldap_5.3.10-1ubuntu3.24_i386.deb 980e6b96c920d328e8027a98b28d316b 73558 php optional php5-mysql_5.3.10-1ubuntu3.24_i386.deb 63a65f72fd576c072d828cc44f7b523c 141462 php optional php5-mysqlnd_5.3.10-1ubuntu3.24_i386.deb 7caaf7e296902b492d09d933ba3a9ae5 34122 php optional php5-odbc_5.3.10-1ubuntu3.24_i386.deb 306323a882e5a52d8456f2768b5b23bc 57676 php optional php5-pgsql_5.3.10-1ubuntu3.24_i386.deb 9e89beaf9b57a3809f2dbdf1652cb443 8084 php optional php5-pspell_5.3.10-1ubuntu3.24_i386.deb cb654ba65ca11a96ff5242afcfaf98bf 4296 php optional php5-recode_5.3.10-1ubuntu3.24_i386.deb 63bedf97e979d1250492668ca7175e6c 10480 php optional php5-snmp_5.3.10-1ubuntu3.24_i386.deb 38de878a3ec80f3f3420cad6100db698 26486 php optional php5-sqlite_5.3.10-1ubuntu3.24_i386.deb 9e335e852af5eceec6b37b8894452394 25034 php optional php5-sybase_5.3.10-1ubuntu3.24_i386.deb b252539101dce7ff52fd721803f74043 17896 php optional php5-tidy_5.3.10-1ubuntu3.24_i386.deb 671ba7a25497800c9ac3aa5df6e5bea2 35876 php optional php5-xmlrpc_5.3.10-1ubuntu3.24_i386.deb 1d17d593a5c89c9f45b7b39574243622 13586 php optional php5-xsl_5.3.10-1ubuntu3.24_i386.deb c4222c09bb58e835d9e01d3b3801d12b 85428 php extra php5-intl-dbgsym_5.3.10-1ubuntu3.24_i386.ddeb 7ae9a2ce431c2910cb20e7f3fe2e3489 813 raw-translations - php5_5.3.10-1ubuntu3.24_i386_translations.tar.gz 0d7c6720e7a02d6ebafcd86f43d35b78 1078 php optional php5_5.3.10-1ubuntu3.24_all.deb 3d308d5e8bdd1419eea78e127a36896a 368282 php optional php-pear_5.3.10-1ubuntu3.24_all.deb Original-Maintainer: Debian PHP Maintainers