[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

testing php5 for Wheezy LTS


it is this time of the month again, so I uploaded version 5.4.45-0+deb7u4 of php5 to:

Please give it a try and tell me about any problems you met.


   * CVE-2016-5093.patch
     Absence of null character causes unexpected zend_string length and
     leaks heap memory. The test script uses locale_get_primary_language
     to reach get_icu_value_internal but there are some other functions
     that also trigger this issue:
       locale_canonicalize, locale_filter_matches,
       locale_lookup, locale_parse
   * CVE-2016-5094.patch
     don't create strings with lengths outside int range
   * CVE-2016-5095.patch
     similar to CVE-2016-5094
     don't create strings with lengths outside int range
   * CVE-2016-5096.patch
     int/size_t confusion in fread
   * CVE-TEMP-bug-70661.patch
     bug70661: Use After Free Vulnerability in WDDX Packet Deserialization
   * CVE-TEMP-bug-70728.patch
     bug70728: Type Confusion Vulnerability in PHP_to_XMLRPC_worker()
   * CVE-TEMP-bug-70741.patch
     bug70741: Session WDDX Packet Deserialization Type Confusion
   * CVE-TEMP-bug-70480-raw.patch
     bug70480: php_url_parse_ex() buffer overflow read

Reply to: