Format: 1.8
Date: Wed, 07 Jul 2021 12:02:29 -0300
Source: php7.0
Binary: libapache2-mod-php7.0 libphp7.0-embed php7.0 php7.0-cgi php7.0-cli php7.0-dev php7.0-fpm php7.0-phpdbg php7.0-xsl php7.0-odbc php7.0-readline php7.0-recode php7.0-common php7.0-sqlite3 php7.0-xml php7.0-sybase php7.0-zip php7.0-gd php7.0-mcrypt php7.0-ldap php7.0-interbase php7.0-intl php7.0-snmp php7.0-json php7.0-pgsql php7.0-mbstring php7.0-enchant php7.0-opcache php7.0-imap php7.0-bz2 php7.0-gmp php7.0-mysql php7.0-tidy php7.0-soap php7.0-dba php7.0-xmlrpc php7.0-pspell php7.0-bcmath php7.0-curl
Architecture: source
Version: 7.0.33-0ubuntu0.16.04.16+test7
Distribution: xenial-security
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
Changed-By: Leonidas Da Silva Barbosa <leo.barbosa@canonical.com>
Description:
 libapache2-mod-php7.0 - server-side, HTML-embedded scripting language (Apache 2 module)
 libphp7.0-embed - HTML-embedded scripting language (Embedded SAPI library)
 php7.0     - server-side, HTML-embedded scripting language (metapackage)
 php7.0-bcmath - Bcmath module for PHP
 php7.0-bz2 - bzip2 module for PHP
 php7.0-cgi - server-side, HTML-embedded scripting language (CGI binary)
 php7.0-cli - command-line interpreter for the PHP scripting language
 php7.0-common - documentation, examples and common module for PHP
 php7.0-curl - CURL module for PHP
 php7.0-dba - DBA module for PHP
 php7.0-dev - Files for PHP7.0 module development
 php7.0-enchant - Enchant module for PHP
 php7.0-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary)
 php7.0-gd  - GD module for PHP
 php7.0-gmp - GMP module for PHP
 php7.0-imap - IMAP module for PHP
 php7.0-interbase - Interbase module for PHP
 php7.0-intl - Internationalisation module for PHP
 php7.0-json - JSON module for PHP
 php7.0-ldap - LDAP module for PHP
 php7.0-mbstring - MBSTRING module for PHP
 php7.0-mcrypt - libmcrypt module for PHP
 php7.0-mysql - MySQL module for PHP
 php7.0-odbc - ODBC module for PHP
 php7.0-opcache - Zend OpCache module for PHP
 php7.0-pgsql - PostgreSQL module for PHP
 php7.0-phpdbg - server-side, HTML-embedded scripting language (PHPDBG binary)
 php7.0-pspell - pspell module for PHP
 php7.0-readline - readline module for PHP
 php7.0-recode - recode module for PHP
 php7.0-snmp - SNMP module for PHP
 php7.0-soap - SOAP module for PHP
 php7.0-sqlite3 - SQLite3 module for PHP
 php7.0-sybase - Sybase module for PHP
 php7.0-tidy - tidy module for PHP
 php7.0-xml - DOM, SimpleXML, WDDX, XML, and XSL module for PHP
 php7.0-xmlrpc - XMLRPC-EPI module for PHP
 php7.0-xsl - XSL module for PHP (dummy)
 php7.0-zip - Zip module for PHP
Changes:
 php7.0 (7.0.33-0ubuntu0.16.04.16+test7) xenial-security; urgency=medium
 .
   [ Marc Deslauriers ]
   * SECURITY UPDATE: crash or info disclosure via PHAR zip file
     - debian/patches/0134-CVE-2020-7068.patch: fix use after free in
       ext/phar/zip.c.
     - CVE-2020-7068
   * SECURITY UPDATE: incorrect URL validation
     - debian/patches/CVE-2020-7071-1.patch: make sure userinfo is valid
       according to RFC 3986 in ext/filter/tests/bug77423.phpt,
       ext/standard/url.c.
     - debian/patches/CVE-2020-7071-2.patch: revert previous fix and use a
       better one in ext/filter/logical_filters.c,
       ext/filter/tests/bug77423.phpt, ext/standard/url.c.
     - debian/patches/CVE-2020-7071-3.patch: remove unneeded function in
       ext/standard/url.c.
     - CVE-2020-7071
   * SECURITY UPDATE: crash via malformed XML data in SOAP extension
     - debian/patches/CVE-2021-21702-1.patch: check strings in
       ext/soap/php_sdl.c, ext/soap/php_xml.c, ext/soap/tests/bug80672.phpt,
       ext/soap/tests/bug80672.xml.
     - debian/patches/CVE-2021-21702-2.patch: fix compiler warning in
       ext/soap/php_sdl.c.
     - CVE-2021-21702
   * SECURITY UPDATE: multiple issues in the pdo_firebase module
     - debian/patches/CVE-2021-21704-1.patch: prevent overflow in
       ext/pdo_firebird/firebird_statement.c.
     - debian/patches/CVE-2021-21704-2.patch: verify result_size in
       ext/pdo_firebird/firebird_statement.c.
     - debian/patches/CVE-2021-21704-3.patch: verify result_size in
       ext/pdo_firebird/firebird_driver.c.
     - debian/patches/CVE-2021-21704-4.patch: don't overflow stack in
       ext/pdo_firebird/firebird_driver.c.
     - CVE-2021-21704
   * SECURITY UPDATE: SSRF bypass
     - debian/patches/CVE-2021-21705.patch: check password in
       ext/filter/logical_filters.c, ext/filter/tests/bug81122.phpt.
     - debian/patches/CVE-2021-21705-2.patch: fix compiler warning in
       ext/filter/logical_filters.c.
     - CVE-2021-21705
Checksums-Sha1:
 925f38faa7ab8986b808cdb22a5a673143484b48 5629 php7.0_7.0.33-0ubuntu0.16.04.16+test7.dsc
 89b50cc53d707c55f58741855217d567ebb489de 117360 php7.0_7.0.33-0ubuntu0.16.04.16+test7.debian.tar.xz
Checksums-Sha256:
 67769c9f5b8ec25ad42c3fc7e48a961fc8ecee74a9cc174228bfcda10fbacae0 5629 php7.0_7.0.33-0ubuntu0.16.04.16+test7.dsc
 ccf147b7a3a959a2bd56bac0518add5e124b4b47d8d7cd7cfbfee9d500510b79 117360 php7.0_7.0.33-0ubuntu0.16.04.16+test7.debian.tar.xz
Files:
 ba2eb782272ed7f61ce97fbbeb39c9f7 5629 php optional php7.0_7.0.33-0ubuntu0.16.04.16+test7.dsc
 b72edbea824e9d9545696dc0b0ec93a3 117360 php optional php7.0_7.0.33-0ubuntu0.16.04.16+test7.debian.tar.xz
Original-Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>