php5 5.2.4-2ubuntu5.5 source package in Ubuntu
Changelog
php5 (5.2.4-2ubuntu5.5) hardy-security; urgency=low * SECURITY UPDATE: php_admin_value and php_admin_flag restrictions bypass via ini_set. (LP: #228095) - debian/patches/120_SECURITY_CVE-2007-5900.patch: add new zend_alter_ini_entry_ex() function that extends zend_alter_ini_entry() by making sure the entry can be modified in Zend/zend_ini.{c,h}, Zend/zend_vm_def.h, and Zend/zend_vm_execute.h. - CVE-2007-5900 * SECURITY UPDATE: denial of service and possible arbitrary code execution via crafted font file. (LP: #286851) - debian/patches/121_SECURITY_CVE-2008-3658.patch: make sure font->nchars, font->h, and font->w don't cause overflows in ext/gd/gd.c. Also, add test script ext/gd/tests/imageloadfont_invalid.phpt. - CVE-2008-3658 * SECURITY UPDATE: denial of service and possible arbitrary code execution via the delimiter argument to the explode function. (LP: #286851) - debian/patches/122_SECURITY_CVE-2008-3659.patch: make sure needle_length is sane in ext/standard/tests/strings/explode_bug.phpt. Also, add test script ext/standard/tests/strings/explode_bug.phpt. - CVE-2008-3659 * SECURITY UPDATE: denial of service via a request with multiple dots preceding the extension. (ex: foo..php) (LP: #286851) - debian/patches/123_SECURITY_CVE-2008-3660.patch: improve .. cleaning with a new is_valid_path() function in sapi/cgi/cgi_main.c. - CVE-2008-3660 * SECURITY UPDATE: mbstring extension arbitrary code execution via crafted string containing HTML entity. (LP: #317672) - debian/patches/124_SECURITY_CVE-2008-5557.patch: improve mbfl_filt_conv_html_dec_flush() error handling in ext/mbstring/libmbfl/filters/mbfilter_htmlent.c. - CVE-2008-5557 * SECURITY UPDATE: safe_mode restriction bypass via unrestricted variable settings. - debian/patches/125_SECURITY_CVE-2008-5624.patch: make sure the page_uid and page_gid get initialized properly in ext/standard/basic_functions.c. Also, init server_context before processing config variables in sapi/apache/mod_php5.c. - CVE-2008-5624 * SECURITY UPDATE: arbitrary file write by placing a "php_value error_log" entry in a .htaccess file. - debian/patches/126_SECURITY_CVE-2008-5625.patch: enforce restrictions when merging in dir entry in sapi/apache/mod_php5.c and sapi/apache2handler/apache_config.c. - CVE-2008-5625 * SECURITY UPDATE: arbitrary file overwrite from directory traversal via zip file with dot-dot filenames. - debian/patches/127_SECURITY_CVE-2008-5658.patch: clean up filename paths in ext/zip/php_zip.c with new php_zip_realpath_r(), php_zip_virtual_file_ex() and php_zip_make_relative_path() functions. - CVE-2008-5658 -- Marc Deslauriers <email address hidden> Tue, 27 Jan 2009 14:22:51 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Hardy
- Original maintainer:
- Ubuntu Development Team
- Architectures:
- any
- Section:
- web
- Urgency:
- Low Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
php5_5.2.4.orig.tar.gz | 9.3 MiB | 66cf9b0d0946aeeb7ebdccb95af39a5d4d8ffe4fec2c3e03a5a3935242546350 |
php5_5.2.4-2ubuntu5.5.diff.gz | 143.0 KiB | 76cf710982a72b62e189216b33174402f05b56d8400d438f25dd119d4a8f0632 |
php5_5.2.4-2ubuntu5.5.dsc | 1.9 KiB | 65e5184f96b1445ac6e10c21625cfad194368c3dcf138d29780d6e237f85fb9d |
Available diffs
Binary packages built by this source
- libapache2-mod-php5: No summary available for libapache2-mod-php5 in ubuntu hardy.
No description available for libapache2-mod-php5 in ubuntu hardy.
- php-pear: No summary available for php-pear in ubuntu hardy.
No description available for php-pear in ubuntu hardy.
- php5: No summary available for php5 in ubuntu hardy.
No description available for php5 in ubuntu hardy.
- php5-cgi: No summary available for php5-cgi in ubuntu hardy.
No description available for php5-cgi in ubuntu hardy.
- php5-cli: No summary available for php5-cli in ubuntu hardy.
No description available for php5-cli in ubuntu hardy.
- php5-common: No summary available for php5-common in ubuntu hardy.
No description available for php5-common in ubuntu hardy.
- php5-curl: No summary available for php5-curl in ubuntu hardy.
No description available for php5-curl in ubuntu hardy.
- php5-dev: No summary available for php5-dev in ubuntu hardy.
No description available for php5-dev in ubuntu hardy.
- php5-gd: No summary available for php5-gd in ubuntu hardy.
No description available for php5-gd in ubuntu hardy.
- php5-gmp: No summary available for php5-gmp in ubuntu hardy.
No description available for php5-gmp in ubuntu hardy.
- php5-ldap: No summary available for php5-ldap in ubuntu hardy.
No description available for php5-ldap in ubuntu hardy.
- php5-mhash: No summary available for php5-mhash in ubuntu hardy.
No description available for php5-mhash in ubuntu hardy.
- php5-mysql: No summary available for php5-mysql in ubuntu hardy.
No description available for php5-mysql in ubuntu hardy.
- php5-odbc: No summary available for php5-odbc in ubuntu hardy.
No description available for php5-odbc in ubuntu hardy.
- php5-pgsql: No summary available for php5-pgsql in ubuntu hardy.
No description available for php5-pgsql in ubuntu hardy.
- php5-pspell: No summary available for php5-pspell in ubuntu hardy.
No description available for php5-pspell in ubuntu hardy.
- php5-recode: No summary available for php5-recode in ubuntu hardy.
No description available for php5-recode in ubuntu hardy.
- php5-snmp: No summary available for php5-snmp in ubuntu hardy.
No description available for php5-snmp in ubuntu hardy.
- php5-sqlite: No summary available for php5-sqlite in ubuntu hardy.
No description available for php5-sqlite in ubuntu hardy.
- php5-sybase: No summary available for php5-sybase in ubuntu hardy.
No description available for php5-sybase in ubuntu hardy.
- php5-tidy: No summary available for php5-tidy in ubuntu hardy.
No description available for php5-tidy in ubuntu hardy.
- php5-xmlrpc: No summary available for php5-xmlrpc in ubuntu hardy.
No description available for php5-xmlrpc in ubuntu hardy.
- php5-xsl: No summary available for php5-xsl in ubuntu hardy.
No description available for php5-xsl in ubuntu hardy.