php5 5.0.5-2ubuntu1.7 source package in Ubuntu
Changelog
php5 (5.0.5-2ubuntu1.7) breezy-security; urgency=low
* SECURITY UPDATE: Remote code execution.
* Add debian/patches/CVE-2007-0906_session.patch:
- Buffer overflow in the session extension.
- http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.22&r2=1.417.2.8.2.23
* Add debian/patches/CVE-2007-0906_streams.patch:
- Buffer overflows in the stream filters functions.
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.58.2.6.2.12&r2=1.58.2.6.2.13
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.98&r2=1.99
* Add debian/patches/CVE-2007-0906_string.patch:
- Buffer overflow in the string extension.
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.629&r2=1.631
* Add debian/patches/CVE-2007-0907.patch:
- Buffer underflow in sapi_header_op() that can be exploited to crash the
PHP interpreter.
- http://cvs.php.net/viewvc.cgi/php-src/main/SAPI.c?r1=1.202.2.7.2.3&r2=1.202.2.7.2.4
* Add debian/patches/CVE-2007-0908.patch:
- Fix forgotten initialization of key_length and buffer overflow in the
wddx extension that could be exploited to reveal memory that is not
supposed to be accessible (potential information disclosure).
- http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.8&r2=1.119.2.10.2.10
* Add debian/patches/CVE-2007-0909_print.patch:
- Fix format string vulnerability on 64 bit systems in the *print()
functions.
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.82.2.1.2.11&r2=1.82.2.1.2.12
* Add debian/patches/CVE-2007-0910.patch:
- Fix clobbering of superglobal variables during session variable
unserialization.
- http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.458&r2=1.459
- http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.24&r2=1.417.2.8.2.26
- http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.104.2.10.2.3&r2=1.104.2.10.2.4
* Add debian/patches/CVE-2007-0988.patch:
- Fix infinite loop in zend_hash_init() when unserializing untrusted data
on 64 bit systems.
- http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_hash.c?r1=1.121.2.4.2.5&r2=1.121.2.4.2.6
-- Martin Pitt <email address hidden> Wed, 21 Feb 2007 10:17:26 +0000
Upload details
- Uploaded by:
- Martin Pitt
- Uploaded to:
- Breezy
- Original maintainer:
- Debian PHP Maintainers
- Architectures:
- any
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| php5_5.0.5.orig.tar.gz | 5.8 MiB | 9352f178a3ad5cf85820ee9b6e74de96b997ef55958c5f0315b6e8eb1369d552 |
| php5_5.0.5-2ubuntu1.7.diff.gz | 113.3 KiB | edd538902713f76ef6b0a3dc4e814cfa60af840a4b5e233b4621afd2ad19d929 |
| php5_5.0.5-2ubuntu1.7.dsc | 1.7 KiB | 5066dd8e7682d8090d224712822c631bf7d216fc56c8aaf88b999208be5f0f14 |
Binary packages built by this source
- libapache2-mod-php5: No summary available for libapache2-mod-php5 in ubuntu breezy.
No description available for libapache2-mod-php5 in ubuntu breezy.
- php-pear: No summary available for php-pear in ubuntu breezy.
No description available for php-pear in ubuntu breezy.
- php5: No summary available for php5 in ubuntu breezy.
No description available for php5 in ubuntu breezy.
- php5-cgi: No summary available for php5-cgi in ubuntu breezy.
No description available for php5-cgi in ubuntu breezy.
- php5-cli: No summary available for php5-cli in ubuntu breezy.
No description available for php5-cli in ubuntu breezy.
- php5-common: No summary available for php5-common in ubuntu breezy.
No description available for php5-common in ubuntu breezy.
- php5-curl: No summary available for php5-curl in ubuntu breezy.
No description available for php5-curl in ubuntu breezy.
- php5-dev: No summary available for php5-dev in ubuntu breezy.
No description available for php5-dev in ubuntu breezy.
- php5-gd: No summary available for php5-gd in ubuntu breezy.
No description available for php5-gd in ubuntu breezy.
- php5-ldap: No summary available for php5-ldap in ubuntu breezy.
No description available for php5-ldap in ubuntu breezy.
- php5-mhash: No summary available for php5-mhash in ubuntu breezy.
No description available for php5-mhash in ubuntu breezy.
- php5-mysql: No summary available for php5-mysql in ubuntu breezy.
No description available for php5-mysql in ubuntu breezy.
- php5-odbc: No summary available for php5-odbc in ubuntu breezy.
No description available for php5-odbc in ubuntu breezy.
- php5-pgsql: No summary available for php5-pgsql in ubuntu breezy.
No description available for php5-pgsql in ubuntu breezy.
- php5-recode: No summary available for php5-recode in ubuntu breezy.
No description available for php5-recode in ubuntu breezy.
- php5-snmp: No summary available for php5-snmp in ubuntu breezy.
No description available for php5-snmp in ubuntu breezy.
- php5-sqlite: No summary available for php5-sqlite in ubuntu breezy.
No description available for php5-sqlite in ubuntu breezy.
- php5-sybase: No summary available for php5-sybase in ubuntu breezy.
No description available for php5-sybase in ubuntu breezy.
- php5-xmlrpc: No summary available for php5-xmlrpc in ubuntu breezy.
No description available for php5-xmlrpc in ubuntu breezy.
- php5-xsl: No summary available for php5-xsl in ubuntu breezy.
No description available for php5-xsl in ubuntu breezy.
