Format: 1.8 Date: Thu, 26 Nov 2009 08:06:47 -0500 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-gd php5-gmp php5-ldap php5-mhash php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: sparc_translations sparc Version: 5.2.6-2ubuntu4.5 Distribution: intrepid Urgency: low Maintainer: Ubuntu/sparc Build Daemon Changed-By: Marc Deslauriers Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-ldap - LDAP module for php5 php5-mhash - MHASH module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 239513 446313 446313 Changes: php5 (5.2.6-2ubuntu4.5) intrepid-security; urgency=low . * SECURITY UPDATE: file truncation via key with null byte - debian/patches/CVE-2008-7068.patch: make sure key and value are sane in ext/dba/libinifile/inifile.c. - CVE-2008-7068 * SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313) - debian/patches/CVE-2009-3291.patch: validate certificate's CN length in ext/openssl/openssl.c. - CVE-2009-3291 * SECURITY UPDATE: denial of service via malformed exif images (LP: #446313) - debian/patches/CVE-2009-3292.patch: check length, return codes, and nesting level in ext/exif/exif.c. - CVE-2009-3292 * SECURITY UPDATE: safe_mode bypass via tempam function - debian/patches/CVE-2009-3557.patch: check for safe_mode in ext/standard/file.c. - CVE-2009-3557 * SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo - debian/patches/CVE-2009-3558.patch: check for open_basedir in ext/posix/posix.c. - CVE-2009-3558 * SECURITY UPDATE: denial of service via large number of files in form-data POST request. - debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads" directive and enforce in main/main.c, main/rfc1867.c. - ATTENTION: this update changes previous php5 behaviour by limiting the number of files in a POST request to 50. This may be increased by adding a "max_file_uploads" directive to the php.ini configuration file. - CVE-2009-4017 * SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open() - debian/patches/CVE-2009-4018.patch: add safe_mode check in ext/standard/proc_open.c - CVE-2009-4018 * debian/patches/fix-xmlrpc-datetime.diff - Prevent stack smashing when using xmlrpc and datetime. (LP: #239513) Checksums-Sha1: 356f3d92f1a11829db150dbe5b37202165375c93 540 php5_5.2.6-2ubuntu4.5_sparc_translations.tar.gz b3e3ca62eee362668b25b7d2a33ed339d9a37b2e 366288 php5-common_5.2.6-2ubuntu4.5_sparc.deb 18a2aecc88da00a8a5d09710a26fd0a9a315e221 2471910 libapache2-mod-php5_5.2.6-2ubuntu4.5_sparc.deb c4b800b77f703394f861549b64f4aa0521efb0be 2470348 libapache2-mod-php5filter_5.2.6-2ubuntu4.5_sparc.deb 1b7401f710e0358a7932572ecc9bb277aeb2dd59 4839496 php5-cgi_5.2.6-2ubuntu4.5_sparc.deb a48f702c2ddc48e29d7e5f67feb68bfb8547b4a3 2439310 php5-cli_5.2.6-2ubuntu4.5_sparc.deb 089554972805875953ce36f7d68c875ce5ff7f54 362382 php5-dev_5.2.6-2ubuntu4.5_sparc.deb 4bb991e8e7b893bddd10d084d38194fa549b1aad 8318046 php5-dbg_5.2.6-2ubuntu4.5_sparc.deb 50449ea93026a949bdecfbe07f402ac7314ca54a 24402 php5-curl_5.2.6-2ubuntu4.5_sparc.deb 6cdce7d0ff68889e3fc3ba45b9d9627d6c517293 33128 php5-gd_5.2.6-2ubuntu4.5_sparc.deb 4f1e156d279e6ecdaa7c98f0323c43f277e937a3 13336 php5-gmp_5.2.6-2ubuntu4.5_sparc.deb ec456519c120f8c833bf6c12cb6f553172c4eccf 17608 php5-ldap_5.2.6-2ubuntu4.5_sparc.deb f49d47708c73b920701c2db0485beef730befb91 5170 php5-mhash_5.2.6-2ubuntu4.5_sparc.deb ce47b3705444c557cc4cd051ff5210f42e6c8efb 63610 php5-mysql_5.2.6-2ubuntu4.5_sparc.deb b8bb4067d901b53a656625065364c9911673671c 32978 php5-odbc_5.2.6-2ubuntu4.5_sparc.deb c00e0ba9c04df478599ee4ab2e1bf744a5ea94a7 50020 php5-pgsql_5.2.6-2ubuntu4.5_sparc.deb 7b0998a7907755fa8730b5ae4fc2839e009f6b1d 8400 php5-pspell_5.2.6-2ubuntu4.5_sparc.deb 0e61cf8ca4ea75d45a96971cc21afdfa1ac4b1d9 4854 php5-recode_5.2.6-2ubuntu4.5_sparc.deb 1959422055256cbc4bc37e37631513f054e074ad 11710 php5-snmp_5.2.6-2ubuntu4.5_sparc.deb b0df6ef9f9cea21147e6963a32de5ae6127002aa 32744 php5-sqlite_5.2.6-2ubuntu4.5_sparc.deb e9ede34bc32148399a18c0d84a1ba70638466002 24976 php5-sybase_5.2.6-2ubuntu4.5_sparc.deb 6f1c88ceda70e341631cedfb95773cf86fe55a80 16524 php5-tidy_5.2.6-2ubuntu4.5_sparc.deb 12c02ad56315524ccaacaf46766f05148d2a8aa5 35172 php5-xmlrpc_5.2.6-2ubuntu4.5_sparc.deb bf207625db4745da3be68155dc3676125123bda2 12326 php5-xsl_5.2.6-2ubuntu4.5_sparc.deb Checksums-Sha256: 993e4e3253b362f449dfb0acc5d793d012098110412cba86778e8f0a8a1dacf3 540 php5_5.2.6-2ubuntu4.5_sparc_translations.tar.gz 1ea0ededa60c17d5dd712884e7366aae4c0b472773be23831fc09d35ca70082e 366288 php5-common_5.2.6-2ubuntu4.5_sparc.deb 2d72769ae49e238075aaf59bf3dd07181878c8bc867c352db784c6d1c831472e 2471910 libapache2-mod-php5_5.2.6-2ubuntu4.5_sparc.deb aa4961a4e1f769d6f25b015c1464e46139f2e23d475a74f6a73097511ac4df49 2470348 libapache2-mod-php5filter_5.2.6-2ubuntu4.5_sparc.deb 85e1e2d47b9a1b5d7a866631cc8df095050c63400238e632b5b2d838fe31ca13 4839496 php5-cgi_5.2.6-2ubuntu4.5_sparc.deb f4e379f2dee0e9ae26bc44433358c357f52c064efe67f4051bb948c09e37b351 2439310 php5-cli_5.2.6-2ubuntu4.5_sparc.deb e6f2562189a809096543f485eea8027630d559272e9a869c11f9bf17ec71cf54 362382 php5-dev_5.2.6-2ubuntu4.5_sparc.deb b9319859f4e1a8748f5e631d6a05da0317d7452ec45df50bd49f80d36c75f6b0 8318046 php5-dbg_5.2.6-2ubuntu4.5_sparc.deb 6396b718024687e0c1fb9b82e9bd259d262d20a0c38c3cec915dd0c46c8cf20d 24402 php5-curl_5.2.6-2ubuntu4.5_sparc.deb c66392527e9112666d66c906a893c7dcb92fef0db6fb792984f71ef7a9eccf9f 33128 php5-gd_5.2.6-2ubuntu4.5_sparc.deb 37a63323dc1a3a62c1aee83d626eab1bf556663d46d36e7ef058f6e8b8869e15 13336 php5-gmp_5.2.6-2ubuntu4.5_sparc.deb ae7dce7d084caca45405ebb7662f16f24c7f0b0d6e88486baeb3012213989d98 17608 php5-ldap_5.2.6-2ubuntu4.5_sparc.deb 592b543738ccfad867d878553739fed2c0dcd2d6ea087b36f6b5da3cfeaf41a3 5170 php5-mhash_5.2.6-2ubuntu4.5_sparc.deb 125e6d468413072e8e69b1b76363782d0e76357d8365d7cf9335443fc1136579 63610 php5-mysql_5.2.6-2ubuntu4.5_sparc.deb 554f0c4b5d91ddac721d329b5e7395dcaa2b6ae2d7da3d5985e247f2bc269567 32978 php5-odbc_5.2.6-2ubuntu4.5_sparc.deb feb465d1a37f2a9f4c6c118afe261192989b0e005a207db8618cfa6807983db5 50020 php5-pgsql_5.2.6-2ubuntu4.5_sparc.deb eb8ce1a6a6ca3abf68266c14b2ceb91c9a142301479ee75e84f141e6bee3d733 8400 php5-pspell_5.2.6-2ubuntu4.5_sparc.deb d27333da8c6d23e6e43b3c6ca2b54c11db0574ff1b32be8189ed084291e847d3 4854 php5-recode_5.2.6-2ubuntu4.5_sparc.deb c8ae250708b7e0f61570d3d96952e2bff293922c9395f541e684ea13e10b8a82 11710 php5-snmp_5.2.6-2ubuntu4.5_sparc.deb c089a238f9bc5b4b59cad5048d63e52c25897eb26f9d1e74c56d60bb54c055a6 32744 php5-sqlite_5.2.6-2ubuntu4.5_sparc.deb b9b1f69bc9ab7b9f1395705af17710c69d74455f8e7632fa349c325941af5633 24976 php5-sybase_5.2.6-2ubuntu4.5_sparc.deb 0b059a166e27d63f0e980e92959e704c2b60ff3cfa926b760805a7ed3114e37b 16524 php5-tidy_5.2.6-2ubuntu4.5_sparc.deb 9f3bc5a6d548a8e74f6a76c45bc9cf552575bef8ac3fbc84fc9abd607998c1c9 35172 php5-xmlrpc_5.2.6-2ubuntu4.5_sparc.deb e404d8edd321c2032da96a9ec9ecd26c16be5f8001653b50e9fc48af8119bb46 12326 php5-xsl_5.2.6-2ubuntu4.5_sparc.deb Files: dc51f78a7081f902f180b3ba0cb0c2b8 540 raw-translations - php5_5.2.6-2ubuntu4.5_sparc_translations.tar.gz 12f51429d066b8159b1273a72eb8293c 366288 web optional php5-common_5.2.6-2ubuntu4.5_sparc.deb ab4910e49942405cde21e3e7fc4c94fa 2471910 web optional libapache2-mod-php5_5.2.6-2ubuntu4.5_sparc.deb a7206e168594aad5c900dfd0b1a00214 2470348 web optional libapache2-mod-php5filter_5.2.6-2ubuntu4.5_sparc.deb 85e28193d29058f3ac9c4630dfb93378 4839496 web optional php5-cgi_5.2.6-2ubuntu4.5_sparc.deb 8e159a03342a5094dd3c2640a53ff27b 2439310 web optional php5-cli_5.2.6-2ubuntu4.5_sparc.deb 2efc45102d5f28b12aff1f9576ccaf49 362382 devel optional php5-dev_5.2.6-2ubuntu4.5_sparc.deb 193d39148bef0634f30d5939ba859909 8318046 devel extra php5-dbg_5.2.6-2ubuntu4.5_sparc.deb e55bab1d3f99da024ec52f76cbd75e9a 24402 web optional php5-curl_5.2.6-2ubuntu4.5_sparc.deb fcac6afce10734450195ee1be604cde9 33128 web optional php5-gd_5.2.6-2ubuntu4.5_sparc.deb 37b0631e9621bc53f30ee77569092d2c 13336 web optional php5-gmp_5.2.6-2ubuntu4.5_sparc.deb 9735f94b646cdb0ffbe181c8a59ad8e1 17608 web optional php5-ldap_5.2.6-2ubuntu4.5_sparc.deb 0ac0cff299b3719734c6ede30e32a836 5170 web optional php5-mhash_5.2.6-2ubuntu4.5_sparc.deb d7b6fde199d62715f4bc9cf204c76d2f 63610 web optional php5-mysql_5.2.6-2ubuntu4.5_sparc.deb c6bde5c23faa21c762a63a93dec6cee6 32978 web optional php5-odbc_5.2.6-2ubuntu4.5_sparc.deb 8ac18c3e79bb6be479645a1783d3f7cd 50020 web optional php5-pgsql_5.2.6-2ubuntu4.5_sparc.deb 1d435d76fd18faefdd9e195c848d5db9 8400 web optional php5-pspell_5.2.6-2ubuntu4.5_sparc.deb 301bab57615679526332fdac603a64af 4854 web optional php5-recode_5.2.6-2ubuntu4.5_sparc.deb e92413aeb7cd9df09730915fa1e2a245 11710 web optional php5-snmp_5.2.6-2ubuntu4.5_sparc.deb eb933635b9c7f4a8c0f3e861132148ad 32744 web optional php5-sqlite_5.2.6-2ubuntu4.5_sparc.deb 5bd559adaccbbd48adfe9846c3010842 24976 web optional php5-sybase_5.2.6-2ubuntu4.5_sparc.deb f53a222cbb646e3a8697cb74f7210647 16524 web optional php5-tidy_5.2.6-2ubuntu4.5_sparc.deb 7ee6eb4dd14faa3ec57d023f7b9e83d7 35172 web optional php5-xmlrpc_5.2.6-2ubuntu4.5_sparc.deb 68426786c9f0e82acd5ac6f26dabf417 12326 web optional php5-xsl_5.2.6-2ubuntu4.5_sparc.deb Original-Maintainer: Debian PHP Maintainers