Format: 1.8 Date: Mon, 01 Aug 2016 13:27:52 -0400 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-intl php5-ldap php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: powerpc powerpc_translations Version: 5.3.10-1ubuntu3.24 Distribution: precise Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: Marc Deslauriers Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary) php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mysql - MySQL module for php5 php5-mysqlnd - MySQL module for php5 (Native Driver) php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Launchpad-Bugs-Fixed: 1594041 Changes: php5 (5.3.10-1ubuntu3.24) precise-security; urgency=medium . * SECURITY UPDATE: segfault in SplMinHeap::compare - debian/patches/CVE-2015-4116.patch: properly handle count in ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt. - CVE-2015-4116 * SECURITY UPDATE: denial of service via recursive method calls - debian/patches/CVE-2015-8873.patch: add limit to Zend/zend_exceptions.c, add tests to ext/standard/tests/serialize/bug69152.phpt, ext/standard/tests/serialize/bug69793.phpt, sapi/cli/tests/005.phpt. - CVE-2015-8873 * SECURITY UPDATE: denial of service or code execution via crafted serialized data - debian/patches/CVE-2015-8876.patch: fix logic in Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt. - CVE-2015-8876 * SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041) - debian/patches/CVE-2015-8935.patch: update header handling to RFC 7230 in main/SAPI.c, added tests to ext/standard/tests/general_functions/bug60227_*.phpt. - CVE-2015-8935 * SECURITY UPDATE: get_icu_value_internal out-of-bounds read - debian/patches/CVE-2016-5093.patch: add enough space in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72241.phpt. - CVE-2016-5093 * SECURITY UPDATE: integer overflow in php_html_entities() - debian/patches/CVE-2016-5094.patch: don't create strings with lengths outside int range in ext/standard/html.c. - CVE-2016-5094 * SECURITY UPDATE: string overflows in string add operations - debian/patches/CVE-2016-5095.patch: check for size overflow in Zend/zend_operators.c. - CVE-2016-5095 * SECURITY UPDATE: int/size_t confusion in fread - debian/patches/CVE-2016-5096.patch: check string length in ext/standard/file.c, added test to ext/standard/tests/file/bug72114.phpt. - CVE-2016-5096 * SECURITY UPDATE: memory leak and buffer overflow in FPM - debian/patches/CVE-2016-5114.patch: check buffer length in sapi/fpm/fpm/fpm_log.c. - CVE-2016-5114 * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the local environment in ext/standard/basic_functions.c, main/SAPI.c, main/php_variables.c. - CVE-2016-5385 * SECURITY UPDATE: inadequate error handling in bzread() - debian/patches/CVE-2016-5399.patch: do not allow reading past error read in ext/bz2/bz2.c. - CVE-2016-5399 * SECURITY UPDATE: integer overflows in mcrypt - debian/patches/CVE-2016-5769.patch: check for overflow in ext/mcrypt/mcrypt.c. - CVE-2016-5769 * SECURITY UPDATE: double free corruption in wddx_deserialize - debian/patches/CVE-2016-5772.patch: prevent double-free in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt. - CVE-2016-5772 * SECURITY UPDATE: buffer overflow in php_url_parse_ex() - debian/patches/CVE-2016-6288.patch: handle length in ext/standard/url.c. - CVE-2016-6288 * SECURITY UPDATE: integer overflow in the virtual_file_ex function - debian/patches/CVE-2016-6289.patch: properly check path_length in Zend/zend_virtual_cwd.c. - CVE-2016-6289 * SECURITY UPDATE: use after free in unserialize() with unexpected session deserialization - debian/patches/CVE-2016-6290.patch: destroy var_hash properly in ext/session/session.c, added test to ext/session/tests/bug72562.phpt. - CVE-2016-6290 * SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE - debian/patches/CVE-2016-6291.patch: add more bounds checks to ext/exif/exif.c. - CVE-2016-6291 * SECURITY UPDATE: locale_accept_from_http out-of-bounds access - debian/patches/CVE-2016-6294.patch: check length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72533.phpt. - CVE-2016-6294 * SECURITY UPDATE: heap buffer overflow in simplestring_addn - debian/patches/CVE-2016-6296.patch: prevent overflows in ext/xmlrpc/libxmlrpc/simplestring.*. - CVE-2016-6296 * SECURITY UPDATE: integer overflow in php_stream_zip_opener - debian/patches/CVE-2016-6297.patch: use size_t in ext/zip/zip_stream.c. - CVE-2016-6297 * debian/patches/fix_exif_tests.patch: fix exif test results after security changes. Checksums-Sha1: c6ea021bd084a9b46f602d79d656d692d0416341 1755618 php5-common_5.3.10-1ubuntu3.24_powerpc.deb 02278ec5f9e78048285bd063a646af62b1dc7c25 3076768 libapache2-mod-php5_5.3.10-1ubuntu3.24_powerpc.deb 1967f8aae8c13d950cc7f471bd47e74a5ab575d4 3076306 libapache2-mod-php5filter_5.3.10-1ubuntu3.24_powerpc.deb efae82d405c205e224b5d5c98deeca191f472527 5968950 php5-cgi_5.3.10-1ubuntu3.24_powerpc.deb 9ad4c4852045eb92d791f80c648fb99f9dea1654 2983040 php5-cli_5.3.10-1ubuntu3.24_powerpc.deb 02f64d51389c8c58bea354c82a091cef9ba8bd07 3024330 php5-fpm_5.3.10-1ubuntu3.24_powerpc.deb 667fe1801dbe5560133081d42a444379edb6f6ba 421530 php5-dev_5.3.10-1ubuntu3.24_powerpc.deb 0235253820ecda30f89af10ad5ee8c111cdb2201 14656494 php5-dbg_5.3.10-1ubuntu3.24_powerpc.deb 9e8a78a2927433fefe5572ad2f8945124b6f2801 28724 php5-curl_5.3.10-1ubuntu3.24_powerpc.deb d20312a9cec1ee77ffe8932b9af395043351b00c 8056 php5-enchant_5.3.10-1ubuntu3.24_powerpc.deb 9a9fb26c46ace00274d953774b9361996735fb68 38566 php5-gd_5.3.10-1ubuntu3.24_powerpc.deb 7f6d0bc37f0b7fb023aa8e731f6edd2e692c5212 13888 php5-gmp_5.3.10-1ubuntu3.24_powerpc.deb 595b6bc01e3f3785a191148b0d7a8d0d16bf7834 59700 php5-intl_5.3.10-1ubuntu3.24_powerpc.deb 2c65d03016ee07c992244d84300e97cc36106192 18318 php5-ldap_5.3.10-1ubuntu3.24_powerpc.deb 869c4c45fcf7ca5176cb8ae3be186b90bc00a424 71118 php5-mysql_5.3.10-1ubuntu3.24_powerpc.deb 83d707460d57abf13b4a78f0b4204842280e4475 133268 php5-mysqlnd_5.3.10-1ubuntu3.24_powerpc.deb d0b2c3777b337105d4de3cde408f83a427d75e06 32334 php5-odbc_5.3.10-1ubuntu3.24_powerpc.deb 80d61ef02e6b8129543b4b1b1789d8394e543d4e 55366 php5-pgsql_5.3.10-1ubuntu3.24_powerpc.deb 423914a0af45e433914bb19e7746a8ea6cd0e558 7524 php5-pspell_5.3.10-1ubuntu3.24_powerpc.deb 94579b53ee11fc5a3b8f62a2743cb0f1a19aa818 4198 php5-recode_5.3.10-1ubuntu3.24_powerpc.deb c78bbbc14aaca6ca4e156e8102669dd6218c67ee 10188 php5-snmp_5.3.10-1ubuntu3.24_powerpc.deb 42ea0755efa27f36d706a789ff43d8053a52f548 24318 php5-sqlite_5.3.10-1ubuntu3.24_powerpc.deb 1c773311b2247f5caee1ec14a051e60d3149e540 24316 php5-sybase_5.3.10-1ubuntu3.24_powerpc.deb deac2a37be17d74f8ce2bfbf2ad9e4ab0969b9ca 17294 php5-tidy_5.3.10-1ubuntu3.24_powerpc.deb 7fec78e1a73303b178d779c032d320bcfd35e755 32876 php5-xmlrpc_5.3.10-1ubuntu3.24_powerpc.deb e627b427915df498b95078c87079f33d3f384c2f 13454 php5-xsl_5.3.10-1ubuntu3.24_powerpc.deb ed368dca909672868c2aa9e549d657ba7b120c4a 86180 php5-intl-dbgsym_5.3.10-1ubuntu3.24_powerpc.ddeb 14e6e7801eb863d6974a941ee27dedc1a2024bbe 820 php5_5.3.10-1ubuntu3.24_powerpc_translations.tar.gz Checksums-Sha256: 36073c9fa6a61ba8a0bb54698c3c13e38675c819218a1e988a7a4bf8bb9de175 1755618 php5-common_5.3.10-1ubuntu3.24_powerpc.deb 21e41772a86d447319a6918bf2780f404e216ce799bf121c6b1f821e241eefc6 3076768 libapache2-mod-php5_5.3.10-1ubuntu3.24_powerpc.deb c7c35474cc2165f0d8ec11cd8ca86c92fad17a6de8fbacdd2228bd4adb194319 3076306 libapache2-mod-php5filter_5.3.10-1ubuntu3.24_powerpc.deb bbf57f8bc63a20d739ed9d0830c5ead668ca35b0e95eaa0ebd5edc0587d67d61 5968950 php5-cgi_5.3.10-1ubuntu3.24_powerpc.deb dab37423fcfa65ff5888fa6e37cd867b1a4d9a965e97bec038f7981eb969c3e2 2983040 php5-cli_5.3.10-1ubuntu3.24_powerpc.deb 026c05db53f686db171e88e693f2f207e79d29a539bc64f326b8271497c58197 3024330 php5-fpm_5.3.10-1ubuntu3.24_powerpc.deb 1f6f770f1086ad837350d6d66ee91987b39408c5d6b744d175e1168fc44b2b0b 421530 php5-dev_5.3.10-1ubuntu3.24_powerpc.deb b66844b564409ab12cf78e5a78bdc9c4319a69b5fba1987725a2b2262a3fe737 14656494 php5-dbg_5.3.10-1ubuntu3.24_powerpc.deb cbcc55deeed7fc7143a2840e289de5ad5e544570fd50f9827397d22a9b31a975 28724 php5-curl_5.3.10-1ubuntu3.24_powerpc.deb 1f7b9b87477310c26a1edd60f8069530f5e15501b3ae81b9067cddde19d41d7b 8056 php5-enchant_5.3.10-1ubuntu3.24_powerpc.deb 70834c80c81b8fea228dd4caa2d90d93142680404abb0a4b91d64df35988cdb3 38566 php5-gd_5.3.10-1ubuntu3.24_powerpc.deb d6614b5a4b671be22c646810482f9f08f0b9fd4552300c360043b37d055cc7d4 13888 php5-gmp_5.3.10-1ubuntu3.24_powerpc.deb 83dc16df2a118bedc16677a3d2c79717aa8dd76c74f6abfb981ebc21437b9cea 59700 php5-intl_5.3.10-1ubuntu3.24_powerpc.deb 0d1ca49c84ebc0ad5cf035e435b6f75bca790646ea5992852dd6a650c9ff214d 18318 php5-ldap_5.3.10-1ubuntu3.24_powerpc.deb b3dfe538b65d3300d8b6d049479937f5d36b039c9c5a5eab191fd585552fd4a1 71118 php5-mysql_5.3.10-1ubuntu3.24_powerpc.deb 98662c4f77b8a1f81621b7dc2f1f8cab3f14f21ed6aa1c8ea0171a0995889c28 133268 php5-mysqlnd_5.3.10-1ubuntu3.24_powerpc.deb 0837e0d201ed19cea3b76215622f24bded143335f14ef5a3bea8747f5e43f480 32334 php5-odbc_5.3.10-1ubuntu3.24_powerpc.deb cc0f15d8e226868088ed5f29ce42e3f175887524e02ccd180500061972680ecb 55366 php5-pgsql_5.3.10-1ubuntu3.24_powerpc.deb 9ce32df4707179ae7ba2df3be350ac3dc1763988914624aa22b88b606bf3f620 7524 php5-pspell_5.3.10-1ubuntu3.24_powerpc.deb 0a7f60b00067aa1e55b5f7435812ed3bab250d532a3e54482c3e84926bc2ce05 4198 php5-recode_5.3.10-1ubuntu3.24_powerpc.deb a58ec17d657b9120af35ba28e747b3bbd9abbfca327d2b16060e38379d42ebe2 10188 php5-snmp_5.3.10-1ubuntu3.24_powerpc.deb 8776d1919bf1dedef3278e633e9a397c5698a2d3092d5d27871c7685f03caec5 24318 php5-sqlite_5.3.10-1ubuntu3.24_powerpc.deb 76fbbd21324e8cc6af991af589bc1aa2e279bb352cfdd78075a0f56674fb6d8c 24316 php5-sybase_5.3.10-1ubuntu3.24_powerpc.deb 1829c655cd34d9df0709e3f931845403ae66dc29fb19a33baca8d1b2c8be00ee 17294 php5-tidy_5.3.10-1ubuntu3.24_powerpc.deb 3ca8f9a93d6aeed07c35e5ffc1962089422f27b7982fa4e0acbadd3c541097f1 32876 php5-xmlrpc_5.3.10-1ubuntu3.24_powerpc.deb f4d8889881ccf83d649b235a74067c3638dd5578325cfabd5bb82ef4570a7ec7 13454 php5-xsl_5.3.10-1ubuntu3.24_powerpc.deb fc64645beaedb66ccc037109df6bc4bde7fda59e23ca30ebb627169acd9cdc09 86180 php5-intl-dbgsym_5.3.10-1ubuntu3.24_powerpc.ddeb dc5d270494fd364e5031dcdfbb7f2384fcb083ccdd1b7a6a7793b0dad2f561f2 820 php5_5.3.10-1ubuntu3.24_powerpc_translations.tar.gz Files: 3b651c66362cd3ff84fccd0032aeddb5 1755618 php optional php5-common_5.3.10-1ubuntu3.24_powerpc.deb 4214a5f2bf4e8f50bd46360ccc2b0d74 3076768 httpd optional libapache2-mod-php5_5.3.10-1ubuntu3.24_powerpc.deb 4e53d331b4a24b3244913a210970edad 3076306 httpd extra libapache2-mod-php5filter_5.3.10-1ubuntu3.24_powerpc.deb fc3487debd14a769bb4d1dee766fd4bc 5968950 php optional php5-cgi_5.3.10-1ubuntu3.24_powerpc.deb d73aa909e44decf9f94adcf51866e8d4 2983040 php optional php5-cli_5.3.10-1ubuntu3.24_powerpc.deb 7f6227f24af5d24e49b0a928ef2b9fba 3024330 php optional php5-fpm_5.3.10-1ubuntu3.24_powerpc.deb 4bd7b8e5b6e1bec2a3891dd02e573ea4 421530 php optional php5-dev_5.3.10-1ubuntu3.24_powerpc.deb 3224abedc3eb6af62c5cda2e22e7bf64 14656494 debug extra php5-dbg_5.3.10-1ubuntu3.24_powerpc.deb ecba7a32315c740fc4ace2e8475030c1 28724 php optional php5-curl_5.3.10-1ubuntu3.24_powerpc.deb 4bb43065a26ff08ccaeb17bc379dd9aa 8056 php optional php5-enchant_5.3.10-1ubuntu3.24_powerpc.deb ea41a7cdb9d3866323804f12035693a0 38566 php optional php5-gd_5.3.10-1ubuntu3.24_powerpc.deb df576fc9fd9d833c4a86803565b661ac 13888 php optional php5-gmp_5.3.10-1ubuntu3.24_powerpc.deb fdf350ae46c23e41acc304f69731fb36 59700 php optional php5-intl_5.3.10-1ubuntu3.24_powerpc.deb 6b564db65a0938a7f7155a48c6a5dbd3 18318 php optional php5-ldap_5.3.10-1ubuntu3.24_powerpc.deb bb35cde571a66cd9aeb94c1558e945a7 71118 php optional php5-mysql_5.3.10-1ubuntu3.24_powerpc.deb 8f278c9eaa5c600fc51327c637b042f9 133268 php optional php5-mysqlnd_5.3.10-1ubuntu3.24_powerpc.deb 4260a3f16f15c78bbf06431c9750d2c4 32334 php optional php5-odbc_5.3.10-1ubuntu3.24_powerpc.deb 701ef672c25834008c0306b2a6a00909 55366 php optional php5-pgsql_5.3.10-1ubuntu3.24_powerpc.deb 7910eef6112715a8931470cf56f29fef 7524 php optional php5-pspell_5.3.10-1ubuntu3.24_powerpc.deb 6793e6836b1b873077ac2f5c7937bbb0 4198 php optional php5-recode_5.3.10-1ubuntu3.24_powerpc.deb 740acf4737773cd437daca1c326f9a10 10188 php optional php5-snmp_5.3.10-1ubuntu3.24_powerpc.deb 05ec4e4590fdd5b04f41898eff248c34 24318 php optional php5-sqlite_5.3.10-1ubuntu3.24_powerpc.deb c329590440fbb2195d0d67ff5a7bfff1 24316 php optional php5-sybase_5.3.10-1ubuntu3.24_powerpc.deb adfe107c562de194f183c36b0a4a02e2 17294 php optional php5-tidy_5.3.10-1ubuntu3.24_powerpc.deb e697a137ff6831f67f315b5b67884604 32876 php optional php5-xmlrpc_5.3.10-1ubuntu3.24_powerpc.deb fa1aa620860f8eb90697290c84b7e919 13454 php optional php5-xsl_5.3.10-1ubuntu3.24_powerpc.deb d8cb851f768ce6286ddc29ed1b586e0b 86180 php extra php5-intl-dbgsym_5.3.10-1ubuntu3.24_powerpc.ddeb ffee5a1842bcc7b9c191a0014ae20f8b 820 raw-translations - php5_5.3.10-1ubuntu3.24_powerpc_translations.tar.gz Original-Maintainer: Debian PHP Maintainers