[ Steve Beattie ]
* SECURITY UPDATE: DoS in zip handling due to addGlob() crashing
on invalid flags
- debian/patches/php5-CVE-2011-1657.patch: check for valid flags
- CVE-2011-1657
* SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit
(non-ascii) passwords leading to a smaller collision space
- debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish
to 1.2 to correct handling of passwords containing 8-bit
(non-ascii) characters.
CVE-2011-2483
* SECURITY UPDATE: DoS due to failure to check for memory allocation errors
- debian/patches/php5-CVE-2011-3182.patch: check the return values
of the malloc, calloc, and realloc functions
- CVE-2011-3182
* SECURITY UPDATE: DoS in errorlog() when passed NULL
- debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in
errorlog()
- CVE-2011-3267
-- Steve Beattie <email address hidden> Thu, 13 Oct 2011 13:56:23 -0700
This bug was fixed in the package php5 - 5.3.3-1ubuntu9.6
---------------
php5 (5.3.3-1ubuntu9.6) maverick-security; urgency=low
[ Angel Abad ] patches/ php5-CVE- 2011-2202. patch: patches/ php5-CVE- 2011-1938. patch:
* SECURITY UPDATE: File path injection vulnerability in RFC1867 File
upload filename (LP: #813115)
- debian/
- CVE-2011-2202
* SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
(LP: #813110)
- debian/
- CVE-2011-1938
[ Steve Beattie ] patches/ php5-CVE- 2011-1657. patch: check for valid flags patches/ php5-CVE- 2011-2483. patch: update crypt_blowfish patches/ php5-CVE- 2011-3182. patch: check the return values patches/ php5-CVE- 2011-3267. patch: fix NULL pointer crash in
* SECURITY UPDATE: DoS in zip handling due to addGlob() crashing
on invalid flags
- debian/
- CVE-2011-1657
* SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit
(non-ascii) passwords leading to a smaller collision space
- debian/
to 1.2 to correct handling of passwords containing 8-bit
(non-ascii) characters.
CVE-2011-2483
* SECURITY UPDATE: DoS due to failure to check for memory allocation errors
- debian/
of the malloc, calloc, and realloc functions
- CVE-2011-3182
* SECURITY UPDATE: DoS in errorlog() when passed NULL
- debian/
errorlog()
- CVE-2011-3267
-- Steve Beattie <email address hidden> Thu, 13 Oct 2011 13:56:23 -0700