php5 5.0.5-2ubuntu1.3 source package in Ubuntu
Changelog
php5 (5.0.5-2ubuntu1.3) breezy-security; urgency=low * SECURITY UPDATE: Multiple vulnerabilities. * debian/patches/CVE-2006-0996.patch: - XSS in phpinfo() [CVE-2006-0996] - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261 * debian/patches/CVE-2006-1490.patch: - Memory disclosure in html_entity_decode() [CVE-2006-1490] - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113 * debian/patches/CVE-2006-1494.patch: - Bypassing open_basedir restrictions with tempnam() [CVE-2006-1494, CVE-2006-2660] - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.279.2.70.2.4&r2=1.279.2.70.2.5 * debian/patches/CVE-2006-1608.patch: - Bypassing open_basedir restrictions with copy() via a source argument containing a compress.zlib:// URI [CVE-2006-1494] - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.382.2.10&r2=1.382.2.11 * debian/patches/CVE-2006-1990.patch: - Integer overflow in wordwrap function (usually not triggerable from outside). [CVE-2006-1990] - Zend/zend_alloc.c: Fix variable declaration to work on 64-bit systems to plug this vulnerability on amd64/ia64, too. (not yet fixed upstream) * debian/patches/CVE-2006-1991.patch: - DoS with out-of-bounds offset argument to substr_compare() [CVE-2006-1991] * debian/patches/CVE-2006-2563.patch: - Bypassing safe mode/open_basedir restrictions with curl module [CVE-2006-2563] - Patch taken from Mandriva, not fixed upstream. * debian/patches/CVE-2006-3011.patch: - Bypassing safe mode/open_basedir restrictions with error_log() with 'php://' or other schema in the third argument. [CVE-2006-3011] - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10 * debian/patches/CVE-2006-3017.patch: - Fix zend_hash_del() (previously could delete the wrong element, which prevented a variable from being unset even when the PHP unset function was called, which might cause the variable's value to be used in security-relevant operations). [CVE-2006-3017] - http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?r1=1.87.4.8.2.1&r2=1.87.4.8.2.3 * debian/patches/CVE-2006-3018.patch: - Heap corruption in session extension. [CVE-2006-3018] - http://cvs.php.net/viewcvs.cgi/php-src/ext/session/mod_files.c?r1=1.102&r2=1.103 * Note: This version already has the fix for CVE-2006-3016 (Check session name for invalid characters to prevent CRLF and other malicious injections.) -- Martin Pitt <email address hidden> Tue, 18 Jul 2006 21:32:03 +0000
Upload details
- Uploaded by:
- Martin Pitt
- Uploaded to:
- Breezy
- Original maintainer:
- Debian PHP Maintainers
- Architectures:
- any
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
php5_5.0.5.orig.tar.gz | 5.8 MiB | 9352f178a3ad5cf85820ee9b6e74de96b997ef55958c5f0315b6e8eb1369d552 |
php5_5.0.5-2ubuntu1.3.diff.gz | 104.9 KiB | 1ad9e6087772eafe91e7415572665fde1e5d7b4f00c0da84c3919f244477ca96 |
php5_5.0.5-2ubuntu1.3.dsc | 1.7 KiB | 7613a92555322caedaab960906cce0c14d014de9aa31a8a9c419b38c9df9e98d |
Binary packages built by this source
- libapache2-mod-php5: No summary available for libapache2-mod-php5 in ubuntu breezy.
No description available for libapache2-mod-php5 in ubuntu breezy.
- php-pear: No summary available for php-pear in ubuntu breezy.
No description available for php-pear in ubuntu breezy.
- php5: No summary available for php5 in ubuntu breezy.
No description available for php5 in ubuntu breezy.
- php5-cgi: No summary available for php5-cgi in ubuntu breezy.
No description available for php5-cgi in ubuntu breezy.
- php5-cli: No summary available for php5-cli in ubuntu breezy.
No description available for php5-cli in ubuntu breezy.
- php5-common: No summary available for php5-common in ubuntu breezy.
No description available for php5-common in ubuntu breezy.
- php5-curl: No summary available for php5-curl in ubuntu breezy.
No description available for php5-curl in ubuntu breezy.
- php5-dev: No summary available for php5-dev in ubuntu breezy.
No description available for php5-dev in ubuntu breezy.
- php5-gd: No summary available for php5-gd in ubuntu breezy.
No description available for php5-gd in ubuntu breezy.
- php5-ldap: No summary available for php5-ldap in ubuntu breezy.
No description available for php5-ldap in ubuntu breezy.
- php5-mhash: No summary available for php5-mhash in ubuntu breezy.
No description available for php5-mhash in ubuntu breezy.
- php5-mysql: No summary available for php5-mysql in ubuntu breezy.
No description available for php5-mysql in ubuntu breezy.
- php5-odbc: No summary available for php5-odbc in ubuntu breezy.
No description available for php5-odbc in ubuntu breezy.
- php5-pgsql: No summary available for php5-pgsql in ubuntu breezy.
No description available for php5-pgsql in ubuntu breezy.
- php5-recode: No summary available for php5-recode in ubuntu breezy.
No description available for php5-recode in ubuntu breezy.
- php5-snmp: No summary available for php5-snmp in ubuntu breezy.
No description available for php5-snmp in ubuntu breezy.
- php5-sqlite: No summary available for php5-sqlite in ubuntu breezy.
No description available for php5-sqlite in ubuntu breezy.
- php5-sybase: No summary available for php5-sybase in ubuntu breezy.
No description available for php5-sybase in ubuntu breezy.
- php5-xmlrpc: No summary available for php5-xmlrpc in ubuntu breezy.
No description available for php5-xmlrpc in ubuntu breezy.
- php5-xsl: No summary available for php5-xsl in ubuntu breezy.
No description available for php5-xsl in ubuntu breezy.