Comment 32 for bug 227464

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php5 - 5.2.3-1ubuntu6.4

---------------
php5 (5.2.3-1ubuntu6.4) gutsy-security; urgency=low

  * debian/patches/SECURITY_CVE-2008-2050.patch: possible stack overflow and
    sending of unitialized paddings
  * debian/patches/SECURITY_CVE-2008-2051.patch: properly address incomplete
    multibyte chars inside escapeshellcmd()
  * debian/patches/SECURITY_CVE-2008-0599.patch: properly consider operator
    precedence when calculating length of PATH_TRANSLATED
  * debian/patches/SECURITY_CVE-2007-4850.patch: fixed a safe_mode bypass in
    cURL
  * Add debian/patches/SECURITY_CVE-2008-2829.patch: unsafe usage of
    deprecated imap functions (patch from Debian)
  * Add debian/patches/SECURITY_CVE-2008-1384.patch: integer overflow in
    printf() (patch from Debian)
  * Add debian/patches/SECURITY_CVE-2008-2107+2108.patch: weak random number
    seed.
  * Add debian/patches/SECURITY_CVE-2007-4782.patch: DoS via long string in
    the fnmatch functions
  * debian/patches/SECURITY_526-pcre_compile.patch: avoid stack overflow (fix
    from pcre 7.6)
  * Update debian/patches/207-htmlentity-utf8-fix.patch: fail on improperly
    finished UTF sequence
  * Add debian/patches/SECURITY_CVE-2008-2371.patch: buffer overflow.
    Backported upstream patches.
  * References
    CVE-2008-2050
    CVE-2008-2051
    CVE-2008-0599
    CVE-2007-4850
    CVE-2008-2829
    CVE-2008-1384
    CVE-2008-2107
    CVE-2008-2108
    CVE-2007-4782
    CVE-2007-5898
    CVE-2008-2371
    LP: #227464

 -- Jamie Strandboge <email address hidden> Tue, 22 Jul 2008 16:32:16 -0400