testing php5 for Squeeze LTS

To: debian-lts@lists.debian.org
Subject: testing php5 for Squeeze LTS
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 29 Oct 2015 22:19:23 +0100 (CET)
Message-id: <[🔎] alpine.DEB.2.02.1510292218050.27772@jupiter.server.alteholz.net>

Hi,

I uploaded version 5.3.3.1-7+squeeze28 of php5 to:
 https://people.debian.org/~alteholz/packages/squeeze-lts/php5/amd64/
 https://people.debian.org/~alteholz/packages/squeeze-lts/php5/i386/

Please give it a try and tell me about any problems you met.

Thanks!
 Thorsten



Changes:
 php5 (5.3.3.1-7+squeeze28) squeeze-lts; urgency=high
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * CVE-2015-6831
     Use after free vulnerability was found in unserialize() function.
     We can create ZVAL and free it via Serializable::unserialize.
     However the unserialize() will still allow to use R: or r: to set
     references to that already freed memory. It is possible to
     use-after-free attack and execute arbitrary code remotely.
   * CVE-2015-6832
     Dangling pointer in the unserialization of ArrayObject items.
   * CVE-2015-6833
     Files extracted from archive may be placed outside of destination
     directory
   * CVE-2015-6834
     Use after free vulnerability was found in unserialize() function.
     We can create ZVAL and free it via Serializable::unserialize.
     However the unserialize() will still allow to use R: or r: to set
     references to that already freed memory. It is possible to
     use-after-free attack and execute arbitrary code remotely.
   * CVE-2015-6836
     A type confusion occurs within SOAP serialize_function_call due
     to an insufficient validation of the headers field.
     In the SoapClient's __call method, the verify_soap_headers_array
     check is applied only to headers retrieved from
     zend_parse_parameters; problem is that a few lines later,
     soap_headers could be updated or even replaced with values from
     the __default_headers object fields.
   * CVE-2015-6837
     The XSLTProcessor class misses a few checks on the input from the
     libxslt library. The valuePop() function call is able to return
     NULL pointer and php does not check that.
   * CVE-2015-6838
     The XSLTProcessor class misses a few checks on the input from the
     libxslt library. The valuePop() function call is able to return
     NULL pointer and php does not check that.
   * CVE-2015-7803
     A NULL pointer dereference flaw was found in the way PHP's Phar
     extension parsed Phar archives. A specially crafted archive could
     cause PHP to crash.
   * CVE-2015-7804
     An uninitialized pointer use flaw was found in the
     phar_make_dirstream() function of PHP's Phar extension.
     A specially crafted phar file in the ZIP format with a directory
     entry with a file name "/ZIP" could cause a PHP application
     function to crash.

Reply to:

Follow-Ups:
- Re: testing php5 for Squeeze LTS
  - From: Santiago Ruano Rincón <santiagorr@riseup.net>

Prev by Date: Re: ntp security update
Next by Date: Re: testing php5 for Squeeze LTS
Previous by thread: Re: ci-triggerfile contains unknown instruction "activate-nowaitt" (Re: Accepted libxml2 2.7.8.dfsg-2+squeeze13 (source i386 all) into squeeze-lts
Next by thread: Re: testing php5 for Squeeze LTS
Index(es):
- Date
- Thread