This bug was fixed in the package php5 - 5.2.1-0ubuntu1.6
--------------- php5 (5.2.1-0ubuntu1.6) feisty-security; urgency=low
* debian/patches/209-CVE-2008-2050.patch: possible stack overflow and sending of unitialized paddings * debian/patches/210-CVE-2008-2051.patch: properly address incomplete multibyte chars inside escapeshellcmd() * debian/patches/211-CVE-2007-4850.patch: fixed a safe_mode bypass in cURL * debian/patches/212-CVE-2008-2829.patch: unsafe usage of deprecated imap functions (patch from Debian) * debian/patches/213-CVE-2008-1384.patch: integer overflow in printf() (patch from Debian) * debian/patches/214-CVE-2008-2107+2108.patch: weak random number seed * debian/patches/215-CVE-2007-4782.patch: DoS via long string in the fnmatch functions * debian/patches/216-pcre-compile.patch: avoid stack overflow (fix from pcre 7.6) * Update debian/patches/207-htmlentity-utf8-fix.patch: fail on improperly finished UTF sequence * References CVE-2008-2050 CVE-2008-2051 CVE-2007-4850 CVE-2008-2829 CVE-2008-1384 CVE-2008-2107 CVE-2008-2108 CVE-2007-4782 CVE-2007-5898 LP: #227464
-- Jamie Strandboge <email address hidden> Wed, 16 Jul 2008 15:45:20 -0400
This bug was fixed in the package php5 - 5.2.1-0ubuntu1.6
---------------
php5 (5.2.1-0ubuntu1.6) feisty-security; urgency=low
* debian/ patches/ 209-CVE- 2008-2050. patch: possible stack overflow and patches/ 210-CVE- 2008-2051. patch: properly address incomplete patches/ 211-CVE- 2007-4850. patch: fixed a safe_mode bypass in cURL patches/ 212-CVE- 2008-2829. patch: unsafe usage of deprecated imap patches/ 213-CVE- 2008-1384. patch: integer overflow in printf() patches/ 214-CVE- 2008-2107+ 2108.patch: weak random number seed patches/ 215-CVE- 2007-4782. patch: DoS via long string in the fnmatch patches/ 216-pcre- compile. patch: avoid stack overflow (fix from patches/ 207-htmlentity- utf8-fix. patch: fail on improperly
sending of unitialized paddings
* debian/
multibyte chars inside escapeshellcmd()
* debian/
* debian/
functions (patch from Debian)
* debian/
(patch from Debian)
* debian/
* debian/
functions
* debian/
pcre 7.6)
* Update debian/
finished UTF sequence
* References
CVE-2008-2050
CVE-2008-2051
CVE-2007-4850
CVE-2008-2829
CVE-2008-1384
CVE-2008-2107
CVE-2008-2108
CVE-2007-4782
CVE-2007-5898
LP: #227464
-- Jamie Strandboge <email address hidden> Wed, 16 Jul 2008 15:45:20 -0400