This bug was fixed in the package php5 - 5.2.3-1ubuntu6.4
--------------- php5 (5.2.3-1ubuntu6.4) gutsy-security; urgency=low
* debian/patches/SECURITY_CVE-2008-2050.patch: possible stack overflow and sending of unitialized paddings * debian/patches/SECURITY_CVE-2008-2051.patch: properly address incomplete multibyte chars inside escapeshellcmd() * debian/patches/SECURITY_CVE-2008-0599.patch: properly consider operator precedence when calculating length of PATH_TRANSLATED * debian/patches/SECURITY_CVE-2007-4850.patch: fixed a safe_mode bypass in cURL * Add debian/patches/SECURITY_CVE-2008-2829.patch: unsafe usage of deprecated imap functions (patch from Debian) * Add debian/patches/SECURITY_CVE-2008-1384.patch: integer overflow in printf() (patch from Debian) * Add debian/patches/SECURITY_CVE-2008-2107+2108.patch: weak random number seed. * Add debian/patches/SECURITY_CVE-2007-4782.patch: DoS via long string in the fnmatch functions * debian/patches/SECURITY_526-pcre_compile.patch: avoid stack overflow (fix from pcre 7.6) * Update debian/patches/207-htmlentity-utf8-fix.patch: fail on improperly finished UTF sequence * Add debian/patches/SECURITY_CVE-2008-2371.patch: buffer overflow. Backported upstream patches. * References CVE-2008-2050 CVE-2008-2051 CVE-2008-0599 CVE-2007-4850 CVE-2008-2829 CVE-2008-1384 CVE-2008-2107 CVE-2008-2108 CVE-2007-4782 CVE-2007-5898 CVE-2008-2371 LP: #227464
-- Jamie Strandboge <email address hidden> Tue, 22 Jul 2008 16:32:16 -0400
This bug was fixed in the package php5 - 5.2.3-1ubuntu6.4
---------------
php5 (5.2.3-1ubuntu6.4) gutsy-security; urgency=low
* debian/ patches/ SECURITY_ CVE-2008- 2050.patch: possible stack overflow and patches/ SECURITY_ CVE-2008- 2051.patch: properly address incomplete patches/ SECURITY_ CVE-2008- 0599.patch: properly consider operator patches/ SECURITY_ CVE-2007- 4850.patch: fixed a safe_mode bypass in patches/ SECURITY_ CVE-2008- 2829.patch: unsafe usage of patches/ SECURITY_ CVE-2008- 1384.patch: integer overflow in patches/ SECURITY_ CVE-2008- 2107+2108. patch: weak random number patches/ SECURITY_ CVE-2007- 4782.patch: DoS via long string in patches/ SECURITY_ 526-pcre_ compile. patch: avoid stack overflow (fix patches/ 207-htmlentity- utf8-fix. patch: fail on improperly patches/ SECURITY_ CVE-2008- 2371.patch: buffer overflow.
sending of unitialized paddings
* debian/
multibyte chars inside escapeshellcmd()
* debian/
precedence when calculating length of PATH_TRANSLATED
* debian/
cURL
* Add debian/
deprecated imap functions (patch from Debian)
* Add debian/
printf() (patch from Debian)
* Add debian/
seed.
* Add debian/
the fnmatch functions
* debian/
from pcre 7.6)
* Update debian/
finished UTF sequence
* Add debian/
Backported upstream patches.
* References
CVE-2008-2050
CVE-2008-2051
CVE-2008-0599
CVE-2007-4850
CVE-2008-2829
CVE-2008-1384
CVE-2008-2107
CVE-2008-2108
CVE-2007-4782
CVE-2007-5898
CVE-2008-2371
LP: #227464
-- Jamie Strandboge <email address hidden> Tue, 22 Jul 2008 16:32:16 -0400