Accepted php5 5.2.0-8+etch3 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Tue, 24 Apr 2007 00:11:22 +0200
Source: php5
Binary: php5-gd php5-ldap php5 php5-xmlrpc php5-pspell libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-tidy php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mcrypt php5-mysql php5-common php5-imap php5-snmp php5-dev php5-sqlite libapache-mod-php5 php5-interbase
Architecture: source i386 all
Version: 5.2.0-8+etch3
Distribution: stable-security
Urgency: high
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: sean finney <seanius@debian.org>
Description:
libapache-mod-php5 - server-side, HTML-embedded scripting language (apache 1.3 module)
libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2 module)
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (meta-package)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dev - Files for PHP5 module development
php5-gd - GD module for php5
php5-imap - IMAP module for php5
php5-interbase - interbase/firebird module for php5
php5-ldap - LDAP module for php5
php5-mcrypt - MCrypt module for php5
php5-mhash - MHASH module for php5
php5-mysql - MySQL module for php5
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-pspell - pspell module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-tidy - tidy module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Changes:
php5 (5.2.0-8+etch3) stable-security; urgency=high
.
[ sean finney ]
* The following security issues are addressed with this update:
- CVE-2007-0910/MOPB-32 session_decode() Double Free Vulnerability
* note that this is an update to the previous version of the upstream
fix for CVE-2007-0910, which introduced a seperate exploit path.
- CVE-2007-1286/MOPB-04 unserialize() ZVAL Reference Counter Overflow
- CVE-2007-1380/MOPB-10 php_binary Session Deserialization Information Leak
- CVE-2007-1375/MOPB-14 substr_compare() Information Leak Vulnerability
- CVE-2007-1376/MOPB-15 shmop Functions Resource Verification Vulnerability
- CVE-2007-1453/MOPB-18 ext/filter HTML Tag Stripping Bypass Vulnerability
- CVE-2007-1453/MOPB-19 ext/filter Space Trimming Buffer Underflow Vuln.
- CVE-2007-1521/MOPB-22 session_regenerate_id() Double Free Vulnerability
- CVE-2007-1583/MOPB-26 mb_parse_str() register_globals Activation Vuln.
- CVE-2007-1700/MOPB-30 _SESSION unset() Vulnerability
- CVE-2007-1718/MOPB-34 mail() Header Injection
- CVE-2007-1777/MOPB-35 zip_entry_read() Integer Overflow Vulnerability
- CVE-2007-1887-1888/MOPB-41 sqlite_udf_decode_binary() Buffer Overflow
- CVE-2007-1824/MOPB-42 php_stream_filter_create() Off By One Vulnerablity
- CVE-2007-1889/MOPB-44 Memory Manager Signed Comparision Vulnerability
- CVE-2007-1900/MOPB-45 ext/filter Email Validation Vulnerability
* The other security issues resulting from the "Month of PHP bugs" either
did not affect the version of php5 shipped in etch, or did not merit
a security update according to the established security policy for php
in debian. You are encouraged to verify that your configuration is not
affected by any of the other vulnerabilities by visiting:
http://www.php-security.org/
Files:
59310a29eda84d4fe9c67b5c49416d3d 1976 web optional php5_5.2.0-8+etch3.dsc
52d7e8b3d8d7573e75c97340f131f988 8583491 web optional php5_5.2.0.orig.tar.gz
00f9a5309bb1706d9cdb7b8808034539 113858 web optional php5_5.2.0-8+etch3.diff.gz
061401582ec1f55f3da553873d2cadd3 213890 web optional php5-common_5.2.0-8+etch3_i386.deb
88d0e17600b981d18dd1a369c32d3cee 2411998 web optional libapache-mod-php5_5.2.0-8+etch3_i386.deb
5e652ebd7560bf887eb598c1c864d5ef 2412490 web optional libapache2-mod-php5_5.2.0-8+etch3_i386.deb
3149c68dd76e6a29069f8e8353cf498d 4754432 web optional php5-cgi_5.2.0-8+etch3_i386.deb
b50b0d2afe2e1a76d6967c35c4215398 2396502 web optional php5-cli_5.2.0-8+etch3_i386.deb
27d36d65482b379bc95802a824f25b06 342088 devel optional php5-dev_5.2.0-8+etch3_i386.deb
efb0d5c14e6cd21114152578ed6621fb 24470 web optional php5-curl_5.2.0-8+etch3_i386.deb
43c723fe51e86e247c70d6618b033b60 33408 web optional php5-gd_5.2.0-8+etch3_i386.deb
a295151c7c14f915e7c46a0c16c52f00 34494 web optional php5-imap_5.2.0-8+etch3_i386.deb
7e7f255f27b75e05b64f5cd40a61be91 44140 web optional php5-interbase_5.2.0-8+etch3_i386.deb
11cedf81f680dc610985ca2a0995de09 17244 web optional php5-ldap_5.2.0-8+etch3_i386.deb
ebe341eb39463dadf92787a1c230125d 12834 web optional php5-mcrypt_5.2.0-8+etch3_i386.deb
e443beec10f363208eac83eafe65c5d8 5052 web optional php5-mhash_5.2.0-8+etch3_i386.deb
e00897589b88c8a65d2b1e7db048ab35 64908 web optional php5-mysql_5.2.0-8+etch3_i386.deb
e5e35d32cdfa00a44e91473f6da94d57 34050 web optional php5-odbc_5.2.0-8+etch3_i386.deb
60dc59d9647fc8708e3472d3d4ffcc54 50618 web optional php5-pgsql_5.2.0-8+etch3_i386.deb
47aa04a7cb429fb6a8aed372a7f0e9e4 8628 web optional php5-pspell_5.2.0-8+etch3_i386.deb
f1023cbf011af72d43e7cb26893978dc 4760 web optional php5-recode_5.2.0-8+etch3_i386.deb
7c7bd9997bd905d7d115ea663e383975 11308 web optional php5-snmp_5.2.0-8+etch3_i386.deb
4d297f08a5b8ec01229e134db496ce2d 34472 web optional php5-sqlite_5.2.0-8+etch3_i386.deb
67038c1ea0c926878ca73562b75880da 18396 web optional php5-sybase_5.2.0-8+etch3_i386.deb
8e4f19c09fcf2288b821c3a59ea3b62e 16472 web optional php5-tidy_5.2.0-8+etch3_i386.deb
736b1ada980988e0016637252e6eb05f 36448 web optional php5-xmlrpc_5.2.0-8+etch3_i386.deb
4d561eabc5a83f917dbdce0a8149d1e5 12258 web optional php5-xsl_5.2.0-8+etch3_i386.deb
2dd49121488c5cff5889cac2b14345ea 1042 web optional php5_5.2.0-8+etch3_all.deb
b19f47a82ef5c2e68a5f4018a19321e5 306940 web optional php-pear_5.2.0-8+etch3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGNHgIXm3vHE4uyloRAiTkAKCMkIW4Tgj298cVITTJGuoXnEXROACaAkAX
krDnzj6CbN7pUnGe9Opb6Ww=
=px4/
-----END PGP SIGNATURE-----
Accepted:
libapache-mod-php5_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/libapache-mod-php5_5.2.0-8+etch3_i386.deb
libapache2-mod-php5_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/libapache2-mod-php5_5.2.0-8+etch3_i386.deb
php-pear_5.2.0-8+etch3_all.deb
to pool/main/p/php5/php-pear_5.2.0-8+etch3_all.deb
php5-cgi_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-cgi_5.2.0-8+etch3_i386.deb
php5-cli_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-cli_5.2.0-8+etch3_i386.deb
php5-common_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-common_5.2.0-8+etch3_i386.deb
php5-curl_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-curl_5.2.0-8+etch3_i386.deb
php5-dev_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-dev_5.2.0-8+etch3_i386.deb
php5-gd_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-gd_5.2.0-8+etch3_i386.deb
php5-imap_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-imap_5.2.0-8+etch3_i386.deb
php5-interbase_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-interbase_5.2.0-8+etch3_i386.deb
php5-ldap_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-ldap_5.2.0-8+etch3_i386.deb
php5-mcrypt_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-mcrypt_5.2.0-8+etch3_i386.deb
php5-mhash_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-mhash_5.2.0-8+etch3_i386.deb
php5-mysql_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-mysql_5.2.0-8+etch3_i386.deb
php5-odbc_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-odbc_5.2.0-8+etch3_i386.deb
php5-pgsql_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-pgsql_5.2.0-8+etch3_i386.deb
php5-pspell_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-pspell_5.2.0-8+etch3_i386.deb
php5-recode_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-recode_5.2.0-8+etch3_i386.deb
php5-snmp_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-snmp_5.2.0-8+etch3_i386.deb
php5-sqlite_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-sqlite_5.2.0-8+etch3_i386.deb
php5-sybase_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-sybase_5.2.0-8+etch3_i386.deb
php5-tidy_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-tidy_5.2.0-8+etch3_i386.deb
php5-xmlrpc_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-xmlrpc_5.2.0-8+etch3_i386.deb
php5-xsl_5.2.0-8+etch3_i386.deb
to pool/main/p/php5/php5-xsl_5.2.0-8+etch3_i386.deb
php5_5.2.0-8+etch3.diff.gz
to pool/main/p/php5/php5_5.2.0-8+etch3.diff.gz
php5_5.2.0-8+etch3.dsc
to pool/main/p/php5/php5_5.2.0-8+etch3.dsc
php5_5.2.0-8+etch3_all.deb
to pool/main/p/php5/php5_5.2.0-8+etch3_all.deb
Reply to: