php5 5.1.6-1ubuntu2.2 source package in Ubuntu
Changelog
php5 (5.1.6-1ubuntu2.2) edgy-security; urgency=low
* SECURITY UPDATE: Remote code execution.
* Add debian/patches/CVE-2007-0906_imap.patch:
- Buffer overflows in the imap extension.
- http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.11&r2=1.208.2.7.2.12
- http://cvs.php.net/viewvc.cgi/php-src/ext/imap/php_imap.c?r1=1.208.2.7.2.15&r2=1.208.2.7.2.16
* Add debian/patches/CVE-2007-0906_session.patch:
- Buffer overflow in the session extension.
- http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.22&r2=1.417.2.8.2.23
* Add debian/patches/CVE-2007-0906_streams.patch:
- Buffer overflows in the stream filters functions.
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.58.2.6.2.12&r2=1.58.2.6.2.13
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/streamsfuncs.c?r1=1.98&r2=1.99
* Add debian/patches/CVE-2007-0906_string.patch:
- Buffer overflow in the string extension.
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.629&r2=1.631
* Add debian/patches/CVE-2007-0907.patch:
- Buffer underflow in sapi_header_op() that can be exploited to crash the
PHP interpreter.
- http://cvs.php.net/viewvc.cgi/php-src/main/SAPI.c?r1=1.202.2.7.2.3&r2=1.202.2.7.2.4
* Add debian/patches/CVE-2007-0908.patch:
- Fix forgotten initialization of key_length and buffer overflow in the
wddx extension that could be exploited to reveal memory that is not
supposed to be accessible (potential information disclosure).
- http://cvs.php.net/viewvc.cgi/php-src/ext/wddx/wddx.c?r1=1.119.2.10.2.8&r2=1.119.2.10.2.10
* Add debian/patches/CVE-2007-0909_print.patch:
- Fix format string vulnerability on 64 bit systems in the *print()
functions.
- http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.82.2.1.2.11&r2=1.82.2.1.2.12
* Add debian/patches/CVE-2007-0909_odbc.patch:
- Fix format string vulnerability on 64 bit systems in odbc_result_all().
- http://cvs.php.net/viewvc.cgi/php-src/ext/odbc/php_odbc.c?r1=1.189.2.4.2.1&r2=1.189.2.4.2.2
- http://cvs.php.net/viewvc.cgi/php-src/ext/odbc/php_odbc.c?r1=1.189.2.4.2.3&r2=1.189.2.4.2.4
* Add debian/patches/CVE-2007-0910.patch:
- Fix clobbering of superglobal variables during session variable
unserialization.
- http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.458&r2=1.459
- http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.24&r2=1.417.2.8.2.26
- http://cvs.php.net/viewvc.cgi/php-src/main/php_variables.c?r1=1.104.2.10.2.3&r2=1.104.2.10.2.4
* Add debian/patches/CVE-2007-0988.patch:
- Fix infinite loop in zend_hash_init() when unserializing untrusted data
on 64 bit systems.
- http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_hash.c?r1=1.121.2.4.2.5&r2=1.121.2.4.2.6
-- Martin Pitt <email address hidden> Wed, 21 Feb 2007 09:22:55 +0100
Upload details
- Uploaded by:
- Martin Pitt
- Uploaded to:
- Edgy
- Original maintainer:
- Debian PHP Maintainers
- Architectures:
- any
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| php5_5.1.6.orig.tar.gz | 7.8 MiB | 5c7963ff5915c15b10ab9cfab48976c55fa45955161519a61bc885ef89a335a5 |
| php5_5.1.6-1ubuntu2.2.diff.gz | 104.4 KiB | 028f00d0d4d2b107a6101a29bb1270a4c7ca86229a5c4dea2b41132c3f88b78c |
| php5_5.1.6-1ubuntu2.2.dsc | 1.7 KiB | 96bd600d5efd61a3add0682e16e1854c2433420d75b8dfd6880a0d1404ee32dd |
Binary packages built by this source
- libapache2-mod-php5: No summary available for libapache2-mod-php5 in ubuntu edgy.
No description available for libapache2-mod-php5 in ubuntu edgy.
- php-pear: No summary available for php-pear in ubuntu edgy.
No description available for php-pear in ubuntu edgy.
- php5: No summary available for php5 in ubuntu edgy.
No description available for php5 in ubuntu edgy.
- php5-cgi: No summary available for php5-cgi in ubuntu edgy.
No description available for php5-cgi in ubuntu edgy.
- php5-cli: No summary available for php5-cli in ubuntu edgy.
No description available for php5-cli in ubuntu edgy.
- php5-common: No summary available for php5-common in ubuntu edgy.
No description available for php5-common in ubuntu edgy.
- php5-curl: No summary available for php5-curl in ubuntu edgy.
No description available for php5-curl in ubuntu edgy.
- php5-dev: No summary available for php5-dev in ubuntu edgy.
No description available for php5-dev in ubuntu edgy.
- php5-gd: No summary available for php5-gd in ubuntu edgy.
No description available for php5-gd in ubuntu edgy.
- php5-ldap: No summary available for php5-ldap in ubuntu edgy.
No description available for php5-ldap in ubuntu edgy.
- php5-mhash: No summary available for php5-mhash in ubuntu edgy.
No description available for php5-mhash in ubuntu edgy.
- php5-mysql: No summary available for php5-mysql in ubuntu edgy.
No description available for php5-mysql in ubuntu edgy.
- php5-mysqli: No summary available for php5-mysqli in ubuntu edgy.
No description available for php5-mysqli in ubuntu edgy.
- php5-odbc: No summary available for php5-odbc in ubuntu edgy.
No description available for php5-odbc in ubuntu edgy.
- php5-pgsql: No summary available for php5-pgsql in ubuntu edgy.
No description available for php5-pgsql in ubuntu edgy.
- php5-recode: No summary available for php5-recode in ubuntu edgy.
No description available for php5-recode in ubuntu edgy.
- php5-snmp: No summary available for php5-snmp in ubuntu edgy.
No description available for php5-snmp in ubuntu edgy.
- php5-sqlite: No summary available for php5-sqlite in ubuntu edgy.
No description available for php5-sqlite in ubuntu edgy.
- php5-sybase: No summary available for php5-sybase in ubuntu edgy.
No description available for php5-sybase in ubuntu edgy.
- php5-xmlrpc: No summary available for php5-xmlrpc in ubuntu edgy.
No description available for php5-xmlrpc in ubuntu edgy.
- php5-xsl: No summary available for php5-xsl in ubuntu edgy.
No description available for php5-xsl in ubuntu edgy.
