Comment 31 for bug 227464

This bug was fixed in the package php5 - 5.2.4-2ubuntu5.3

---------------
php5 (5.2.4-2ubuntu5.3) hardy-security; urgency=low

  [ Tormod Volden ]
  * Backport security fixes from 5.2.6: (LP: #227464)
    - debian/patches/SECURITY_CVE-2008-2050.patch
      + Fixed possible stack buffer overflow in FastCGI SAPI
      + Fixed sending of uninitialized paddings which may contain some
        information
    - debian/patches/SECURITY_CVE-2008-0599.patch
      + Fixed security issue detailed in CVE-2008-0599
    - debian/patches/SECURITY_CVE-2007-4850.patch
      + Fixed a safe_mode bypass in cURL identified by Maksymilian
        Arciemowicz
    - debian/patches/security526-pcre_compile.patch:
      + avoid stack overflow (fix from pcre 7.6)

  [ Jamie Strandboge ]
  * debian/patches/SECURITY_CVE-2008-2051.patch: properly address incomplete
    multibyte chars inside escapeshellcmd() (thanks Tormod Volden)
  * Add debian/patches/SECURITY_CVE-2007-5898.patch: don't accept partial utf8
    sequences. Backported upstream fixes.
  * Add debian/patches/SECURITY_CVE-2007-5899.patch: don't send session id to
    remote forms. Backported upstream fixes.
  * Add debian/patches/SECURITY_CVE-2008-2829.patch: unsafe usage of
    deprecated imap functions (patch from Debian)
  * Add debian/patches/SECURITY_CVE-2008-1384.patch: integer overflow in
    printf() (patch from Debian)
  * Add debian/patches/SECURITY_CVE-2008-2107+2108.patch: weak random number
    seed. Backported upstream patches.
  * Add debian/patches/SECURITY_CVE-2007-4782.patch: DoS via long string in
    the fnmatch functions
  * Add debian/patches/SECURITY_CVE-2008-2371.patch: buffer overflow.
    Backported upstream patches.
  * References
    CVE-2008-2050
    CVE-2008-2051
    CVE-2008-0599
    CVE-2007-4850
    CVE-2007-5898
    CVE-2007-5899
    CVE-2008-2829
    CVE-2008-1384
    CVE-2008-2107
    CVE-2008-2108
    CVE-2007-4782
    CVE-2008-2371

 -- Jamie Strandboge <email address hidden> Fri, 18 Jul 2008 11:50:38 -0400