* SECURITY UPDATE: buffer over-read while unserializing untrusted data
- debian/patches/CVE-2017-12933.patch: add check to
ext/standard/var_unserializer.*, add test to
ext/standard/tests/serialize/bug74111.phpt, adjust test in
ext/standard/tests/serialize/bug25378.phpt.
- CVE-2017-12933
* SECURITY UPDATE: information leak in php_parse_date function
- debian/patches/CVE-2017-16642.patch: fix backof/frontof in
ext/date/lib/parse_date.*, fix test in
ext/date/tests/bug53437_var3.phpt, added test to
ext/wddx/tests/bug75055.*.
- CVE-2017-16642
* SECURITY UPDATE: XSS in PHAR error page
- debian/patches/CVE-2018-5712.patch: remove file name from output to
avoid XSS in ext/phar/shortarc.php, ext/phar/stub.h, fix tests in
ext/phar/tests/*.
- CVE-2018-5712
* SECURITY REGRESSION: exif_read_data broken (LP: #1633031)
- debian/patches/CVE-2016-6291-regression.patch: add DJI signatures to
the MAKERNOTE and its supported tags in ext/exif/exif.c.
-- Marc Deslauriers <email address hidden> Thu, 08 Feb 2018 08:24:11 -0500
This bug was fixed in the package php5 - 5.5.9+dfsg- 1ubuntu4. 23
--------------- dfsg-1ubuntu4. 23) trusty-security; urgency=medium
php5 (5.5.9+
* SECURITY UPDATE: buffer over-read while unserializing untrusted data patches/ CVE-2017- 12933.patch: add check to standard/ var_unserialize r.*, add test to standard/ tests/serialize /bug74111.phpt, adjust test in standard/ tests/serialize /bug25378.phpt. patches/ CVE-2017- 16642.patch: fix backof/frontof in date/lib/ parse_date. *, fix test in date/tests/bug53437_var3.phpt, added test to wddx/tests/bug75055.*. patches/ CVE-2018- 5712.patch: remove file name from output to shortarc. php, ext/phar/stub.h, fix tests in phar/tests/ *. patches/ CVE-2016- 6291-regression .patch: add DJI signatures to
- debian/
ext/
ext/
ext/
- CVE-2017-12933
* SECURITY UPDATE: information leak in php_parse_date function
- debian/
ext/
ext/
ext/
- CVE-2017-16642
* SECURITY UPDATE: XSS in PHAR error page
- debian/
avoid XSS in ext/phar/
ext/
- CVE-2018-5712
* SECURITY REGRESSION: exif_read_data broken (LP: #1633031)
- debian/
the MAKERNOTE and its supported tags in ext/exif/exif.c.
-- Marc Deslauriers <email address hidden> Thu, 08 Feb 2018 08:24:11 -0500