-
php5 (5.6.4+dfsg-4ubuntu6.4) vivid-security; urgency=medium
* SECURITY UPDATE: null pointer dereference in phar_get_fp_offset()
- debian/patches/CVE-2015-7803.patch: check link in ext/phar/util.c.
- CVE-2015-7803
* SECURITY UPDATE: uninitialized pointer in phar_make_dirstream()
- debian/patches/CVE-2015-7804.patch: check filename length in
ext/phar/util.c, ext/phar/zip.c.
- CVE-2015-7804
-- Marc Deslauriers <email address hidden> Tue, 27 Oct 2015 16:52:47 -0400
-
php5 (5.6.4+dfsg-4ubuntu6.3) vivid-security; urgency=medium
* SECURITY UPDATE: phar segfault on invalid file
- debian/patches/CVE-2015-5589-1.patch: check stream before closing in
ext/phar/phar_object.c.
- debian/patches/CVE-2015-5589-2.patch: add better checks in
ext/phar/phar_object.c.
- CVE-2015-5589
* SECURITY UPDATE: phar buffer overflow in phar_fix_filepath
- debian/patches/CVE-2015-5590.patch: properly handle path in
ext/phar/phar.c.
- CVE-2015-5590
* SECURITY UPDATE: multiple use-after-free issues in unserialize()
- debian/patches/CVE-2015-6831-1.patch: fix SPLArrayObject in
ext/spl/spl_array.c, added test to ext/spl/tests/bug70166.phpt.
- debian/patches/CVE-2015-6831-2.patch: fix SplObjectStorage in
ext/spl/spl_observer.c, added test to ext/spl/tests/bug70168.phpt.
- debian/patches/CVE-2015-6831-3.patch: fix SplDoublyLinkedList in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70169.phpt.
- CVE-2015-6831
* SECURITY UPDATE: dangling pointer in the unserialization of ArrayObject
items
- debian/patches/CVE-2015-6832.patch: fix dangling pointer in
ext/spl/spl_array.c, added test to ext/spl/tests/bug70068.phpt.
- CVE-2015-6832
* SECURITY UPDATE: phar files extracted outside of destination dir
- debian/patches/CVE-2015-6833-1.patch: limit extracted files to given
directory in ext/phar/phar_object.c.
- debian/patches/CVE-2015-6833-2.patch: use emalloc in
ext/phar/phar_object.c.
- CVE-2015-6833
* SECURITY UPDATE: multiple vulnerabilities in unserialize()
- debian/patches/CVE-2015-6834-1.patch: fix use-after-free in
ext/standard/var.c, ext/standard/var_unserializer.*.
- debian/patches/CVE-2015-6834-2.patch: fix use-after-free in
ext/spl/spl_observer.c, added test to ext/spl/tests/bug70365.phpt.
- debian/patches/CVE-2015-6834-3.patch: fix use-after-free in
ext/spl/spl_dllist.c, added test to ext/spl/tests/bug70366.phpt.
- CVE-2015-6834
* SECURITY UPDATE: use after free in session deserializer
- debian/patches/CVE-2015-6835-1.patch: fix use after free in
ext/session/session.c, ext/standard/var_unserializer.*
fixed tests in ext/session/tests/session_decode_error2.phpt,
ext/session/tests/session_decode_variation3.phpt.
- debian/patches/CVE-2015-6835-2.patch: add more fixes to
ext/session/session.c.
- CVE-2015-6835
* SECURITY UPDATE: SOAP serialize_function_call() type confusion
- debian/patches/CVE-2015-6836.patch: check type in ext/soap/soap.c,
added test to ext/soap/tests/bug70388.phpt.
- CVE-2015-6836
* SECURITY UPDATE: NULL pointer dereference in XSLTProcessor class
- debian/patches/CVE-2015-6837-6838.patch: fix logic in
ext/xsl/xsltprocessor.c.
- CVE-2015-6837
- CVE-2015-6838
-- Marc Deslauriers <email address hidden> Mon, 28 Sep 2015 15:51:34 -0400
-
php5 (5.6.4+dfsg-4ubuntu6.2) vivid-security; urgency=medium
* SECURITY UPDATE: missing file path null byte checks
- debian/patches/CVE-2015-3411.patch: add missing checks to
ext/dom/document.c, ext/fileinfo/fileinfo.c, ext/gd/gd.c,
ext/hash/hash.c, ext/pgsql/pgsql.c, ext/standard/link.c,
ext/standard/streamsfuncs.c, ext/xmlwriter/php_xmlwriter.c,
ext/zlib/zlib.c, add tests to
ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
ext/fileinfo/tests/finfo_file_basic.phpt,
ext/hash/tests/hash_hmac_file_error.phpt
- CVE-2015-3411
- CVE-2015-3412
* SECURITY UPDATE: denial of service via crafted tar archive
- debian/patches/CVE-2015-4021.patch: handle empty strings in
ext/phar/tar.c.
- CVE-2015-4021
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4022.patch: fix overflow in ext/ftp/ftp.c.
- CVE-2015-4022
* SECURITY UPDATE: denial of service via crafted form data
- debian/patches/CVE-2015-4024.patch: use smart_str to assemble strings
in main/rfc1867.c.
- CVE-2015-4024
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4025.patch: add missing checks to
ext/pcntl/pcntl.c, ext/standard/basic_functions.c,
ext/standard/dir.c, ext/standard/file.c.
- CVE-2015-4025
- CVE-2015-4026
* SECURITY UPDATE: arbitrary code execution via crafted serialized data
with unexpected data type
- debian/patches/CVE-2015-4147.patch: check variable types in
ext/soap/php_encoding.c, ext/soap/php_http.c, ext/soap/soap.c.
- CVE-2015-4147
- CVE-2015-4148
- CVE-2015-4600
- CVE-2015-4601
* SECURITY UPDATE: more missing file path null byte checks
- debian/patches/CVE-2015-4598.patch: add missing checks to
ext/dom/document.c, ext/gd/gd.c, fix tests in
ext/dom/tests/DOMDocument_loadHTMLfile_error2.phpt,
ext/gd/tests/imageloadfont_error1.phpt,
ext/zlib/tests/gzopen_variation1.phpt,
ext/zlib/tests/readgzfile_variation1.phpt,
ext/zlib/tests/readgzfile_variation6.phpt,
ext/standard/tests/dir/dir_variation1.phpt,
ext/standard/tests/dir/opendir_variation1.phpt,
ext/standard/tests/file/mkdir_rmdir_variation2.phpt,
ext/standard/tests/file/readlink_variation1.phpt,
ext/standard/tests/file/tempnam_variation3-win32.phpt,
ext/standard/tests/file/tempnam_variation3.phpt,
ext/standard/tests/general_functions/include_path.phpt.
- CVE-2015-4598
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4599.patch: use proper types in
ext/soap/soap.c.
- CVE-2015-4599
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4602.patch: check for proper type in
ext/standard/incomplete_class.c.
- CVE-2015-4602
* SECURITY UPDATE: denial of service or information leak via type
confusion with crafted serialized data
- debian/patches/CVE-2015-4603.patch: check type in
Zend/zend_exceptions.c, add test to
ext/standard/tests/serialize/bug69152.phpt.
- CVE-2015-4603
* SECURITY UPDATE: denial of service in Fileinfo with crafted file
- debian/patches/CVE-2015-4604.patch: handle large offset in
ext/fileinfo/libmagic/softmagic.c, add test to
ext/fileinfo/tests/bug68819_001.phpt,
ext/fileinfo/tests/bug68819_002.phpt.
- CVE-2015-4604
- CVE-2015-4605
* SECURITY UPDATE: arbitrary code execution via ftp server long reply to
a LIST command
- debian/patches/CVE-2015-4643.patch: prevent overflow check bypass in
ext/ftp/ftp.c.
- CVE-2015-4643
* SECURITY UPDATE: denial of service via php_pgsql_meta_data
- debian/patches/CVE-2015-4644.patch: check return value in
ext/pgsql/pgsql.c, add test to ext/pgsql/pg_insert_002.phpt.
- CVE-2015-4644
* debian/patches/CVE-2015-2783-memleak.patch: fix memory leak introduced
by CVE-2015-2783 security update.
-- Marc Deslauriers <email address hidden> Thu, 02 Jul 2015 08:45:58 -0400
-
php5 (5.6.4+dfsg-4ubuntu6) vivid; urgency=medium
* SECURITY UPDATE: potential remote code execution vulnerability when
used with the Apache 2.4 apache2handler
- debian/patches/bug69218.patch: perform proper cleanup in
sapi/apache2handler/sapi_apache2.c.
- CVE number pending
* SECURITY UPDATE: buffer overflow when parsing tar/zip/phar
- debian/patches/bug69441.patch: check lengths in
ext/phar/phar_internal.h.
- CVE number pending
* SECURITY UPDATE: buffer overflow in unserialize when parsing Phar
- debian/patches/CVE-2015-2783.patch: properly check lengths in
ext/phar/phar.c, ext/phar/phar_internal.h.
- CVE-2015-2783
-- Marc Deslauriers <email address hidden> Fri, 17 Apr 2015 05:15:49 -0400
-
php5 (5.6.4+dfsg-4ubuntu5) vivid; urgency=medium
* SECURITY UPDATE: move_uploaded_file filename restriction bypass
- debian/patches/CVE-2015-2348.patch: handle nulls in
ext/standard/basic_functions.c.
- CVE-2015-2348
* SECURITY UPDATE: arbitrary code exection via process_nested_data
use-after-free
- debian/patches/CVE-2015-2787.patch: fix logic in
ext/standard/var_unserializer.*.
- CVE-2015-2787
-- Marc Deslauriers <email address hidden> Thu, 02 Apr 2015 08:06:41 -0400
-
php5 (5.6.4+dfsg-4ubuntu4) vivid; urgency=medium
* SECURITY UPDATE: heap overflow in regexp library
- debian/patches/CVE-2015-2305.patch: check for overflow in
ext/ereg/regex/regcomp.c.
- CVE-2015-2305
* SECURITY UPDATE: integer overflow in zip module
- debian/patches/CVE-2015-2331.patch: check for overflow in
ext/zip/lib/zip_dirent.c.
- CVE-2015-2331
-- Marc Deslauriers <email address hidden> Tue, 24 Mar 2015 15:12:32 -0400
-
php5 (5.6.4+dfsg-4ubuntu3) vivid; urgency=medium
* SECURITY UPDATE: denial of service or possible code execution in
enchant
- debian/patches/CVE-2014-9705.patch: handle position better in
ext/enchant/enchant.c.
- CVE-2014-9705
* SECURITY UPDATE: arbitrary code execution via use after free in
unserialize() with DateTimeZone and DateTime
- debian/patches/CVE-2015-0273.patch: fix use after free in
ext/date/php_date.c, added tests to ext/date/tests/bug68942.phpt,
ext/date/tests/bug68942_2.phpt.
- CVE-2015-0273
* SECURITY UPDATE: denial of service or possible code execution in phar
- debian/patches/CVE-2015-2301.patch: fix use after free in
ext/phar/phar_object.c.
- CVE-2015-2301
-- Marc Deslauriers <email address hidden> Mon, 16 Mar 2015 13:21:17 -0400
-
php5 (5.6.4+dfsg-4ubuntu2) vivid; urgency=medium
* SECURITY UPDATE: out of bounds read via invalid php file
- debian/patches/CVE-2014-9427.patch: fix bounds in
sapi/cgi/cgi_main.c.
- CVE-2014-9427
* SECURITY UPDATE: out of bounds read in fileinfo
- debian/patches/CVE-2014-9652.patch: properly check length in
ext/fileinfo/libmagic/softmagic.c.
- CVE-2014-9652
* SECURITY UPDATE: arbitrary code execution via improper handling of
duplicate keys in unserializer, additional fix
- debian/patches/CVE-2015-0231.patch: fix use after free in
ext/standard/var_unserializer.*, added test to
ext/standard/tests/strings/bug68710.phpt.
- CVE-2015-0231
* SECURITY UPDATE: arbitrary code execution or denial of service via
crafted EXIF data
- debian/patches/CVE-2015-0232.patch: fix uninitialized pointer free in
ext/exif/exif.c.
- CVE-2015-0232
* SECURITY UPDATE: use after free in opcache component
- debian/patches/CVE-2015-1351.patch: fix use after free in
ext/opcache/zend_shared_alloc.c.
- CVE-2015-1351
* SECURITY UPDATE: null pointer dereference in pgsql
- debian/patches/CVE-2015-1352.patch: properly set valid token in
ext/pgsql/pgsql.c.
- CVE-2015-1352
* debian/patches/remove_readelf.patch: remove readelf.c from fileinfo as
it isn't used, and is a source of confusion when doing security
updates.
-- Marc Deslauriers <email address hidden> Tue, 17 Feb 2015 15:47:51 -0500
-
php5 (5.6.4+dfsg-4ubuntu1) vivid; urgency=medium
* Merge from Debian testing (LP: #1411811). Remaining changes:
- d/control: drop Build-Depends that are in universe: firebird-dev,
libc-client-dev, libmcrypt-dev, libonig-dev, libqdbm-dev.
- d/rules: drop configuration of packages that are in universe: qdgm, onig.
- d/rules: drop CONFIGURE_APACHE_ARGS settings since now we don't build
interbase or firebird.
- d/control: drop binary packages php5-imap, php5-interbase and php5-mcrypt
since we have separate versions in universe.
- d/modulelist: drop imap, interbase and mcrypt since we have separate
versions in universe.
- d/rules: drop configuration of imap and mcrypt since we have separate
versions in universe.
- d/source_php5.py, d/rules: add apport hook.
- d/control: switch Build-Depends of netcat-traditional to netcat-openbsd
as only the latter is in main.
* Drop changes:
- Reported fixed in upstream release of 5.6.0: quilt patches for
CVE-2014-0237, CVE-2014-0238, CVE-2014-4049, CVE-2014-0207,
CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487,
CVE-2014-3515, CVE-2014-4670, CVE-2014-4698, CVE-2014-4721,
CVE-2014-3587 and CVE-2014-3597, and d/p/fix_systemd_ftbfs.patch.
- Reported fixed in upstream release of 5.6.2: quilt patches for
CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670, and
d/p/curl_embedded_null.patch.
- Reported fixed in upstream release of 5.6.3: quilt patch for
CVE-2014-3710.
- Applied in Debian:
+ d/rules: stop mysql instance on clean just in case we failed in
tests.
+ d/tests/{cgi,cli,mod-php}: dep8 tests for common use cases.
+ d/rules: export DEB_HOST_MULTIARCH properly.
+ d/rules: load dpkg-buildflags earlier, so that CFLAGS changes are not
overridden.
-- Robie Basak <email address hidden> Tue, 27 Jan 2015 12:09:42 +0000
-
php5 (5.5.12+dfsg-2ubuntu5) vivid; urgency=medium
* SECURITY UPDATE: denial of service via buffer overflow in mkgmtime()
- debian/patches/CVE-2014-3668.patch: properly handle sizes in
ext/xmlrpc/libxmlrpc/xmlrpc.c, added test to
ext/xmlrpc/tests/bug68027.phpt.
- CVE-2014-3668
* SECURITY UPDATE: integer overflow in unserialize()
- debian/patches/CVE-2014-3669.patch: fix overflow in
ext/standard/var_unserializer.{c,re}, added test to
ext/standard/tests/serialize/bug68044.phpt.
- CVE-2014-3669
* SECURITY UPDATE: Heap corruption in exif_thumbnail()
- debian/patches/CVE-2014-3670.patch: fix sizes in ext/exif/exif.c.
- CVE-2014-3670
* SECURITY UPDATE: out of bounds read in elf note headers in fileinfo()
- debian/patches/CVE-2014-3710.patch: validate note headers in
ext/fileinfo/libmagic/readelf.c.
- CVE-2014-3710
* SECURITY UPDATE: local file disclosure via curl NULL byte injection
- debian/patches/curl_embedded_null.patch: don't accept curl options
with embedded NULLs in ext/curl/interface.c, added test to
ext/curl/tests/bug68089.phpt.
- No CVE number
* Fix FTBFS with systemd version in vivid
- debian/patches/fix_systemd_ftbfs.patch: improve detection logic in
sapi/fpm/config.m4.
-- Marc Deslauriers <email address hidden> Wed, 29 Oct 2014 11:56:11 -0400
-
php5 (5.5.12+dfsg-2ubuntu4) utopic; urgency=medium
* SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
- debian/patches/CVE-2014-3587.patch: check for array under-runs as well
as over-runs in ext/fileinfo/libmagic/cdf.c
- CVE-2014-3587
* SECURITY UPDATE: denial of service in dns_get_record
- debian/patches/CVE-2014-3597.patch: check for DNS overflows in
ext/standard/dns.c
- CVE-2014-3587
-- Seth Arnold <email address hidden> Wed, 03 Sep 2014 23:27:47 -0700
