Format: 1.8 Date: Thu, 26 Nov 2009 08:06:47 -0500 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-gd php5-gmp php5-ldap php5-mhash php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: i386_translations i386 all Version: 5.2.6-2ubuntu4.5 Distribution: intrepid Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Marc Deslauriers Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-ldap - LDAP module for php5 php5-mhash - MHASH module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 239513 446313 446313 Changes: php5 (5.2.6-2ubuntu4.5) intrepid-security; urgency=low . * SECURITY UPDATE: file truncation via key with null byte - debian/patches/CVE-2008-7068.patch: make sure key and value are sane in ext/dba/libinifile/inifile.c. - CVE-2008-7068 * SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313) - debian/patches/CVE-2009-3291.patch: validate certificate's CN length in ext/openssl/openssl.c. - CVE-2009-3291 * SECURITY UPDATE: denial of service via malformed exif images (LP: #446313) - debian/patches/CVE-2009-3292.patch: check length, return codes, and nesting level in ext/exif/exif.c. - CVE-2009-3292 * SECURITY UPDATE: safe_mode bypass via tempam function - debian/patches/CVE-2009-3557.patch: check for safe_mode in ext/standard/file.c. - CVE-2009-3557 * SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo - debian/patches/CVE-2009-3558.patch: check for open_basedir in ext/posix/posix.c. - CVE-2009-3558 * SECURITY UPDATE: denial of service via large number of files in form-data POST request. - debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads" directive and enforce in main/main.c, main/rfc1867.c. - ATTENTION: this update changes previous php5 behaviour by limiting the number of files in a POST request to 50. This may be increased by adding a "max_file_uploads" directive to the php.ini configuration file. - CVE-2009-4017 * SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open() - debian/patches/CVE-2009-4018.patch: add safe_mode check in ext/standard/proc_open.c - CVE-2009-4018 * debian/patches/fix-xmlrpc-datetime.diff - Prevent stack smashing when using xmlrpc and datetime. (LP: #239513) Checksums-Sha1: b6d9cbe347152c683740af0c8ebc55b953bc182a 539 php5_5.2.6-2ubuntu4.5_i386_translations.tar.gz 3039cad08d1269f9eb8edd05c7e259ddd9a96fad 366110 php5-common_5.2.6-2ubuntu4.5_i386.deb bdaf0d678a42854ddbd97acca429a6b50834d542 2482934 libapache2-mod-php5_5.2.6-2ubuntu4.5_i386.deb 45da2fa07d313f9820c10ce96930b2757f74e4eb 2481730 libapache2-mod-php5filter_5.2.6-2ubuntu4.5_i386.deb 49a8622633e09f62df0311a661d016ef35f04e86 4935196 php5-cgi_5.2.6-2ubuntu4.5_i386.deb e035b32d2f9127c59369b47dfbdb04e367323a99 2487886 php5-cli_5.2.6-2ubuntu4.5_i386.deb 94996f996cf245568c8d82d4a72f8897181caa91 362380 php5-dev_5.2.6-2ubuntu4.5_i386.deb a7236ad010fdd2a73da2eb3fd8e7f579e8fa6914 8425422 php5-dbg_5.2.6-2ubuntu4.5_i386.deb fe8387546a2fc07a9614bc7192007f50869b19c0 23922 php5-curl_5.2.6-2ubuntu4.5_i386.deb bec0ca9ef29c1c81b03e3c31c39a7c6525e1b93d 32524 php5-gd_5.2.6-2ubuntu4.5_i386.deb 57c427394893581b92fbc226fd2856621b1a8b8a 14114 php5-gmp_5.2.6-2ubuntu4.5_i386.deb fce02d4cabf308b8ffebb0132cf99e49e71ffe68 18332 php5-ldap_5.2.6-2ubuntu4.5_i386.deb f70ecdd0d2c37902ad0ff51074efba5e7eb19a98 5332 php5-mhash_5.2.6-2ubuntu4.5_i386.deb d3f2d5511bdd6470fc2419426977868158bffc83 65936 php5-mysql_5.2.6-2ubuntu4.5_i386.deb 255bd3655c7b07d154995c1ea01ef25feecec637 34860 php5-odbc_5.2.6-2ubuntu4.5_i386.deb 62898f19e008c86f393b349d0f5b684148aab35c 52822 php5-pgsql_5.2.6-2ubuntu4.5_i386.deb 4e64a7785605bab994de8d68ed51568d91fb24c5 8624 php5-pspell_5.2.6-2ubuntu4.5_i386.deb c38fa7358d7e271236ccb371a53b632557f64fd7 4896 php5-recode_5.2.6-2ubuntu4.5_i386.deb fa0601e09e315949b9198c34ae4ff0ffdbeaa3bc 11842 php5-snmp_5.2.6-2ubuntu4.5_i386.deb df1486a59aba1b1c07e63f9b332729bd1dd53c33 34780 php5-sqlite_5.2.6-2ubuntu4.5_i386.deb bfb9b6061b89ac9f8ccebd6be621b5e9c44c5611 26254 php5-sybase_5.2.6-2ubuntu4.5_i386.deb d68df30d05f2e1d68b99782cf32fe57efaab23db 16534 php5-tidy_5.2.6-2ubuntu4.5_i386.deb 0381aab8a41ac62bacd0a5b7143621cf91ab0570 36484 php5-xmlrpc_5.2.6-2ubuntu4.5_i386.deb c6fefc380d81daf9a26ddc4e40f462e14102ca5f 12814 php5-xsl_5.2.6-2ubuntu4.5_i386.deb 3db9af5718446deb625195f67b773e45fdd09127 1112 php5_5.2.6-2ubuntu4.5_all.deb e48536e95fa7c252845edd92d2161d6c5b75cb32 332006 php-pear_5.2.6-2ubuntu4.5_all.deb Checksums-Sha256: a969fc825b05cc7faebe54c33352629754e36c76904d9e7233cfe27af7a0acf2 539 php5_5.2.6-2ubuntu4.5_i386_translations.tar.gz dd9c73efcff2a839aed731cbb7e5351e8d3526845c35a821a356e9cee56e06a8 366110 php5-common_5.2.6-2ubuntu4.5_i386.deb 7588148696d38d041fb461728a809d2a3462ce6cc51d86d20085b980c4f81bce 2482934 libapache2-mod-php5_5.2.6-2ubuntu4.5_i386.deb 1aa260a779c5f20f45dced6e7bdf31a425f300ac19f78298c902d6c63c18714c 2481730 libapache2-mod-php5filter_5.2.6-2ubuntu4.5_i386.deb 355bb91a021bb37e24eb4a91662b4504a42d02f5f33d238e5573610ad183d001 4935196 php5-cgi_5.2.6-2ubuntu4.5_i386.deb 97494fc029c5e17350538fc34f81ff997c24e3490d8375ec7837ab7e98a67501 2487886 php5-cli_5.2.6-2ubuntu4.5_i386.deb 29acd551c2bd1cc54b88349a78451a9c3c6ae680e9505a7276346779531e2d7f 362380 php5-dev_5.2.6-2ubuntu4.5_i386.deb 3a55e1b2ff7790cc73c98ef59ff1a17504ffd4097be7ff7d138364d0a51e9e58 8425422 php5-dbg_5.2.6-2ubuntu4.5_i386.deb 85e5ed53d5b18419d8e252d800f16496b59735ad4f6462b08eeb00f6a556dd30 23922 php5-curl_5.2.6-2ubuntu4.5_i386.deb e27d0316ebaf6fe116d00518835929fed9b12d5a7af0c9a0157d5765bd6258c4 32524 php5-gd_5.2.6-2ubuntu4.5_i386.deb c7b9da8b681337521348c7f6429f29ddcd882badec572e40233fb22c8692a0fc 14114 php5-gmp_5.2.6-2ubuntu4.5_i386.deb 1360a97a22250eeae38f1c890de78b3e61b33145a57913e4f058b73f29ba8747 18332 php5-ldap_5.2.6-2ubuntu4.5_i386.deb 8fb17ea9248ea496bb4c421114edfd094fe3cbe7f9e86f47abcc34eddf7ab852 5332 php5-mhash_5.2.6-2ubuntu4.5_i386.deb 118966c6a10d2fb04fde2351a8f3e729d143cf4fd72cc94c1fc4d42e325ab872 65936 php5-mysql_5.2.6-2ubuntu4.5_i386.deb c4ea504d87248479c8dbf53115ae7a3502bfcbd8f5bad68854525d4c446a8418 34860 php5-odbc_5.2.6-2ubuntu4.5_i386.deb c0d8b7b18337a2f8da78d4ac1f9b2187f800f8b8654890ac520b41f0665f5dbf 52822 php5-pgsql_5.2.6-2ubuntu4.5_i386.deb 2313da13da47688f6b2c88f691eb6c4b8a15cf53199d4c7105d995b887ea8147 8624 php5-pspell_5.2.6-2ubuntu4.5_i386.deb 720b16695a463b0a4ac26ad3e771e5820aac5fdf9d94bbfafdd32901c3542bb0 4896 php5-recode_5.2.6-2ubuntu4.5_i386.deb 98fcb1e35397b3e14e45b044fc328ad8c918c3a8758ec7d1424156fb3b397a1a 11842 php5-snmp_5.2.6-2ubuntu4.5_i386.deb b6ba0c82a25ef566351a74b5706b0f69e5217fa8e084648a7cfe516f994db2b9 34780 php5-sqlite_5.2.6-2ubuntu4.5_i386.deb a5c043ee0724cc3438222dbf0ea93a8a81cdb00d7c3ddff4b95f06f41a5f4764 26254 php5-sybase_5.2.6-2ubuntu4.5_i386.deb 9047a396a029419329e8026dd7422e3100256abf871f8ad445052f7a2d3ec4c1 16534 php5-tidy_5.2.6-2ubuntu4.5_i386.deb 3541eb86d81e35e5b3ffad9c95d0ae84a3528369a87c15c57402b775aeeaf730 36484 php5-xmlrpc_5.2.6-2ubuntu4.5_i386.deb 71b2615658fa885d4b36c2690d89704bea355a05e794f860f892699fedfab4eb 12814 php5-xsl_5.2.6-2ubuntu4.5_i386.deb 23062867849cbd236b42c8a1f4403091f2eec9a2e973010f95b8878dd2a34972 1112 php5_5.2.6-2ubuntu4.5_all.deb cc7a7bca14069570ac62cc927a54a66f488f9a4ea82ffa4688ac1254ff869e5b 332006 php-pear_5.2.6-2ubuntu4.5_all.deb Files: 1479ab356cd1c6a07baba62cc456787b 539 raw-translations - php5_5.2.6-2ubuntu4.5_i386_translations.tar.gz ab11c6e9cbda130b5648c5897af495cb 366110 web optional php5-common_5.2.6-2ubuntu4.5_i386.deb 3d72c1449d8cfadb6fa4fe926a96f3cb 2482934 web optional libapache2-mod-php5_5.2.6-2ubuntu4.5_i386.deb a7786c5f73aa3b7f81184bc22d69083d 2481730 web optional libapache2-mod-php5filter_5.2.6-2ubuntu4.5_i386.deb ac908368aff5723c7a20a018fb4d21cb 4935196 web optional php5-cgi_5.2.6-2ubuntu4.5_i386.deb a48cb454eb748dfa0bc6dcb543980127 2487886 web optional php5-cli_5.2.6-2ubuntu4.5_i386.deb 74da80a9a7ca1f11729e5f9b94e7a130 362380 devel optional php5-dev_5.2.6-2ubuntu4.5_i386.deb 741a58a4ef65543224775d6a24120926 8425422 devel extra php5-dbg_5.2.6-2ubuntu4.5_i386.deb 42f9991a687a3cedf32205a1572a4882 23922 web optional php5-curl_5.2.6-2ubuntu4.5_i386.deb bfb13dde349e8bec51a7fd16d57a1088 32524 web optional php5-gd_5.2.6-2ubuntu4.5_i386.deb 687acae0c76e2eb6357d165fdce9e342 14114 web optional php5-gmp_5.2.6-2ubuntu4.5_i386.deb 34473dd23d20053e4fe66f5c7434b2b0 18332 web optional php5-ldap_5.2.6-2ubuntu4.5_i386.deb b3e55001af5b1443966193e7bf512c80 5332 web optional php5-mhash_5.2.6-2ubuntu4.5_i386.deb 316cbfe0ea51ed87d360f60075e790d5 65936 web optional php5-mysql_5.2.6-2ubuntu4.5_i386.deb 764e8dee8165a2716375fc8a5a986223 34860 web optional php5-odbc_5.2.6-2ubuntu4.5_i386.deb 9478c44ad91e09b74ec8d54dfd6adea0 52822 web optional php5-pgsql_5.2.6-2ubuntu4.5_i386.deb 2efe3cc4fc316f48137d7b746bf15ff3 8624 web optional php5-pspell_5.2.6-2ubuntu4.5_i386.deb 863d73b80b7ecf34bdd7ab44b6293cd5 4896 web optional php5-recode_5.2.6-2ubuntu4.5_i386.deb 150193d27d57780687993ac50d072026 11842 web optional php5-snmp_5.2.6-2ubuntu4.5_i386.deb 76aeec83c824505491d3e7fbc912c03a 34780 web optional php5-sqlite_5.2.6-2ubuntu4.5_i386.deb 8016f6101dd38a7185f3ffcf64dc74c1 26254 web optional php5-sybase_5.2.6-2ubuntu4.5_i386.deb 5811cef7bcfcaf58ad18b7596ad60655 16534 web optional php5-tidy_5.2.6-2ubuntu4.5_i386.deb c8095e67a3df71f9aa6a920a150e625c 36484 web optional php5-xmlrpc_5.2.6-2ubuntu4.5_i386.deb 1f99d479309250b6a8677b71ed71331b 12814 web optional php5-xsl_5.2.6-2ubuntu4.5_i386.deb 9ab5550ea2720556628f3aafcb172b46 1112 web optional php5_5.2.6-2ubuntu4.5_all.deb 68ea83521306cbcd76002c524484e258 332006 web optional php-pear_5.2.6-2ubuntu4.5_all.deb Original-Maintainer: Debian PHP Maintainers