This bug was fixed in the package php5 - 5.3.10-1ubuntu3.12
--------------- php5 (5.3.10-1ubuntu3.12) precise-security; urgency=medium
* SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027) - debian/patches/CVE-2014-0185.patch: default to 0660 in sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in. - CVE-2014-0185 * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info - debian/patches/CVE-2014-0237.patch: remove file_printf calls in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0237 * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info - debian/patches/CVE-2014-0238.patch: fix infinite loop in ext/fileinfo/libmagic/cdf.c. - CVE-2014-0238 * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record parsing - debian/patches/CVE-2014-4049.patch: check length in ext/standard/dns.c. - CVE-2014-4049 -- Marc Deslauriers <email address hidden> Thu, 19 Jun 2014 13:44:17 -0400
This bug was fixed in the package php5 - 5.3.10-1ubuntu3.12
--------------- 1ubuntu3. 12) precise-security; urgency=medium
php5 (5.3.10-
* SECURITY UPDATE: incorrect FastCGI socket permissions (LP: #1307027) patches/ CVE-2014- 0185.patch: default to 0660 in fpm/fpm/ fpm_unix. c, sapi/fpm/ php-fpm. conf.in. summary_ info patches/ CVE-2014- 0237.patch: remove file_printf calls in fileinfo/ libmagic/ cdf.c. property_ info patches/ CVE-2014- 0238.patch: fix infinite loop in fileinfo/ libmagic/ cdf.c. patches/ CVE-2014- 4049.patch: check length in standard/ dns.c.
- debian/
sapi/
- CVE-2014-0185
* SECURITY UPDATE: denial of service in FileInfo cdf_unpack_
- debian/
ext/
- CVE-2014-0237
* SECURITY UPDATE: denial of service in FileInfo cdf_read_
- debian/
ext/
- CVE-2014-0238
* SECURITY UPDATE: code execution via buffer overflow in DNS TXT record
parsing
- debian/
ext/
- CVE-2014-4049
-- Marc Deslauriers <email address hidden> Thu, 19 Jun 2014 13:44:17 -0400