[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

testing php5 for Squeeze LTS

Hi everybody,

I uploaded version of php5 to:

Please give it a try and tell me about any problems you met.


php5 ( squeeze-lts; urgency=high
   * Non-maintainer upload by the Squeeze LTS Team.
   * CVE-2015-2305
     Integer overflow in the regcomp implementation in the Henry
     Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on
     32-bit platforms, as used in NetBSD through 6.1.5 and other
     products, might allow context-dependent attackers to execute
     arbitrary code via a large regular expression that leads to
     a heap-based buffer overflow.
   * CVE-2015-2348
     The move_uploaded_file implementation in
     ext/standard/basic_functions.c in PHP before 5.4.39, 5.5.x
     before 5.5.23, and 5.6.x before 5.6.7 truncates a pathname upon
     encountering a \x00 character, which allows remote attackers to
     bypass intended extension restrictions and create files with
     unexpected names via a crafted second argument.
     NOTE: this vulnerability exists because of an incomplete fix for
   * CVE-2016-tmp, Bug #71039
     exec functions ignore length but look for NULL termination
   * CVE-2016-tmp, Bug #71089
     No check to duplicate zend_extension
   * CVE-2016-tmp, Bug #71201
     round() segfault on 64-bit builds
   * CVE-2016-tmp, Bug #71459
     Integer overflow in iptcembed()
   * CVE-2016-tmp, Bug #71354
     Heap corruption in tar/zip/phar parser
   * CVE-2016-tmp, Bug #71391
     NULL Pointer Dereference in phar_tar_setupmetadata()
   * CVE-2016-tmp, Bug #70979
     Crash on bad SOAP request

Reply to: