Comment 33 for bug 227464

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package php5 - 5.2.1-0ubuntu1.6

php5 (5.2.1-0ubuntu1.6) feisty-security; urgency=low

  * debian/patches/209-CVE-2008-2050.patch: possible stack overflow and
    sending of unitialized paddings
  * debian/patches/210-CVE-2008-2051.patch: properly address incomplete
    multibyte chars inside escapeshellcmd()
  * debian/patches/211-CVE-2007-4850.patch: fixed a safe_mode bypass in cURL
  * debian/patches/212-CVE-2008-2829.patch: unsafe usage of deprecated imap
    functions (patch from Debian)
  * debian/patches/213-CVE-2008-1384.patch: integer overflow in printf()
    (patch from Debian)
  * debian/patches/214-CVE-2008-2107+2108.patch: weak random number seed
  * debian/patches/215-CVE-2007-4782.patch: DoS via long string in the fnmatch
  * debian/patches/216-pcre-compile.patch: avoid stack overflow (fix from
    pcre 7.6)
  * Update debian/patches/207-htmlentity-utf8-fix.patch: fail on improperly
    finished UTF sequence
  * References
    LP: #227464

 -- Jamie Strandboge <email address hidden> Wed, 16 Jul 2008 15:45:20 -0400