Format: 1.7 Date: Thu, 28 Apr 2011 10:17:34 -0700 Source: php5 Binary: php5-mysqli php5-gd php5-ldap php5 php5-xmlrpc libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mysql php5-common php5-dev php5-snmp php5-sqlite Architecture: all i386 Version: 5.1.2-1ubuntu3.22 Distribution: dapper Urgency: low Maintainer: Ubuntu/i386 Build Daemon Changed-By: Steve Beattie Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2.0 module) php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (meta-package) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dev - Files for PHP5 module development php5-gd - GD module for php5 php5-ldap - LDAP module for php5 php5-mhash - MHASH module for php5 php5-mysql - MySQL module for php5 php5-mysqli - MySQL Improved module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.1.2-1ubuntu3.22) dapper-security; urgency=low . * SECURITY UPDATE: arbitrary files removal via cronjob - debian/php5-common.php5.cron.d: take greater care when removing session files. - http://git.debian.org/?p=pkg-php%2Fphp.git;a=commitdiff_plain;h=d09fd04ed7bfcf7f008360c6a42025108925df09 - CVE-2011-0441 * SECURITY UPDATE: symlink tmp races in pear install - debian/patches/php5-pear-CVE-2011-1072.patch: improved tempfile handling. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1072 * SECURITY UPDATE: more symlink races in pear install - debian/patches/php5-pear-CVE-2011-1144.patch: add TOCTOU save file handler. - debian/rules: apply patch manually after unpacking PEAR phar archive. - CVE-2011-1144 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2010-4697.patch: retain reference to object until getter/setter are done. - CVE-2010-4697 * SECURITY UPDATE: denial of service through application crash with invalid images - debian/patches/php5-CVE-2010-4698.patch: verify anti-aliasing steps are either 4 or 16. - CVE-2010-4698 * SECURITY UPDATE: denial of service through application crash when handling images with invalid exif tags - debian/patches/php5-CVE-2011-0708.patch: stricter exif checking - CVE-2011-0708 * SECURITY UPDATE: denial of service and possible data disclosure through integer overflow - debian/patches/php5-CVE-2011-1092.patch: better boundary condition checks in shmop_read() - CVE-2011-1092 * SECURITY UPDATE: use-after-free vulnerability - debian/patches/php5-CVE-2011-1148.patch: improve reference counting - CVE-2011-1148 * SECURITY UPDATE: denial of service through buffer overflow crash (code execution mitigated by compilation with Fortify Source) - debian/patches/php5-CVE-2011-1464.patch: limit amount of precision to ensure fitting within MAX_BUF_SIZE - CVE-2011-1464 * SECURITY UPDATE: denial of service through application crash via integer overflow. - debian/patches/php5-CVE-2011-1466.patch: improve boundary condition checking in SdnToJulian() - CVE-2011-1466 * SECURITY UPDATE: denial of service through application crash when using HTTP proxy with the FTP wrapper - debian/patches/php5-CVE-2011-1469.patch: improve pointer handling - CVE-2011-1469 Files: c2ffb1e8581f308e56eef00db5e8c50e 138754 web optional php5-common_5.1.2-1ubuntu3.22_i386.deb 84b6c7920fdee092f60549f3f5821cbd 2267266 web optional libapache2-mod-php5_5.1.2-1ubuntu3.22_i386.deb 07b50161887de8baf5eb9a7f6acfcbea 4483802 web optional php5-cgi_5.1.2-1ubuntu3.22_i386.deb 27ff11e5b2c0a1713706b0468afdbbb1 2251712 web optional php5-cli_5.1.2-1ubuntu3.22_i386.deb dbeb7488321354146eccc3dcbf964de0 312954 devel optional php5-dev_5.1.2-1ubuntu3.22_i386.deb 14d9f308a8cf5c9bc2a517b6a83646f1 22856 web optional php5-curl_5.1.2-1ubuntu3.22_i386.deb 413fd0be9f369bf01a0d58444ce699a4 32916 web optional php5-gd_5.1.2-1ubuntu3.22_i386.deb 5ad8809e65edad74380a38973d66d08c 19798 web optional php5-ldap_5.1.2-1ubuntu3.22_i386.deb 03b0249337553af493be20e090153116 8384 web optional php5-mhash_5.1.2-1ubuntu3.22_i386.deb 615c8b6745a7112d41fd83e8206fa4d2 22008 web optional php5-mysql_5.1.2-1ubuntu3.22_i386.deb fa64a6b4970357496637a376d5d526d6 37366 web optional php5-mysqli_5.1.2-1ubuntu3.22_i386.deb df4356f1d34918e88c1549aa99ac0e21 27046 web optional php5-odbc_5.1.2-1ubuntu3.22_i386.deb 964a79439e7ee33c4ee1e0eddae62692 39794 web optional php5-pgsql_5.1.2-1ubuntu3.22_i386.deb bc061382a439664983fab41141475566 8068 web optional php5-recode_5.1.2-1ubuntu3.22_i386.deb 4468e7ecb61b6ebff76e0ffaf170206c 14174 web optional php5-snmp_5.1.2-1ubuntu3.22_i386.deb 68f370e6051c0f3a7a3a9356e173c311 25636 web optional php5-sqlite_5.1.2-1ubuntu3.22_i386.deb 8b693b904addcf994fd06f92db5f3727 20566 web optional php5-sybase_5.1.2-1ubuntu3.22_i386.deb eccd23b4277f9c0acd08038b998fea70 37888 web optional php5-xmlrpc_5.1.2-1ubuntu3.22_i386.deb 637f9d0198f87ec9bb0fd904534b5918 15146 web optional php5-xsl_5.1.2-1ubuntu3.22_i386.deb 93881fef8fefa1762f651c9dcee8a14c 1040 web optional php5_5.1.2-1ubuntu3.22_all.deb a0e34b21acbda8f8051d2172f6a28c54 302620 web optional php-pear_5.1.2-1ubuntu3.22_all.deb