Re: testing php5 for Wheezy LTS

To: Thorsten Alteholz <debian@alteholz.de>
Cc: debian-lts@lists.debian.org
Subject: Re: testing php5 for Wheezy LTS
From: Stefan <bd@bc-bd.org>
Date: Sun, 26 Jun 2016 11:21:15 +0200
Message-id: <[🔎] 20160626092115.GY29995@bc-bd.org>
In-reply-to: <[🔎] alpine.DEB.2.02.1606251546420.2641@jupiter.server.alteholz.net>
References: <[🔎] alpine.DEB.2.02.1606251546420.2641@jupiter.server.alteholz.net>

Hi,

I installed some packages [1] and smoke tested with owncloud, no problems so
far.

I used the webclient, davdroid on android and a windows owncloud client to test.

HTH

	Stefan

[1] libapache2-mod-php5_5.4.45-0+deb7u4_i386.deb
    php-pear_5.4.45-0+deb7u4_all.deb
    php5_5.4.45-0+deb7u4_all.deb
    php5-cgi_5.4.45-0+deb7u4_i386.deb
    php5-cli_5.4.45-0+deb7u4_i386.deb
    php5-common_5.4.45-0+deb7u4_i386.deb
    php5-curl_5.4.45-0+deb7u4_i386.deb
    php5-gd_5.4.45-0+deb7u4_i386.deb
    php5-intl_5.4.45-0+deb7u4_i386.deb
    php5-ldap_5.4.45-0+deb7u4_i386.deb
    php5-mcrypt_5.4.45-0+deb7u4_i386.deb
    php5-mysql_5.4.45-0+deb7u4_i386.deb
    php5-pgsql_5.4.45-0+deb7u4_i386.deb
    php5-sqlite_5.4.45-0+deb7u4_i386.deb

On Sat, Jun 25, 2016 at 03:49:13PM +0200, Thorsten Alteholz wrote:
> Hi,
> 
> it is this time of the month again, so I uploaded version
> 5.4.45-0+deb7u4 of php5 to:
>  https://people.debian.org/~alteholz/packages/wheezy-lts/php5/amd64/
>  https://people.debian.org/~alteholz/packages/wheezy-lts/php5/i386/
> 
> Please give it a try and tell me about any problems you met.
> 
> Thanks!
>  Thorsten
> 
> 
> 
>    * CVE-2016-5093.patch
>      Absence of null character causes unexpected zend_string length and
>      leaks heap memory. The test script uses locale_get_primary_language
>      to reach get_icu_value_internal but there are some other functions
>      that also trigger this issue:
>        locale_canonicalize, locale_filter_matches,
>        locale_lookup, locale_parse
>    * CVE-2016-5094.patch
>      don't create strings with lengths outside int range
>    * CVE-2016-5095.patch
>      similar to CVE-2016-5094
>      don't create strings with lengths outside int range
>    * CVE-2016-5096.patch
>      int/size_t confusion in fread
>    * CVE-TEMP-bug-70661.patch
>      bug70661: Use After Free Vulnerability in WDDX Packet Deserialization
>    * CVE-TEMP-bug-70728.patch
>      bug70728: Type Confusion Vulnerability in PHP_to_XMLRPC_worker()
>    * CVE-TEMP-bug-70741.patch
>      bug70741: Session WDDX Packet Deserialization Type Confusion
>                Vulnerability
>    * CVE-TEMP-bug-70480-raw.patch
>      bug70480: php_url_parse_ex() buffer overflow read
> 
> 

-- 
BOFH excuse #382:

Someone was smoking in the computer room and set off the halon systems.

Reply to:

References:
- testing php5 for Wheezy LTS
  - From: Thorsten Alteholz <debian@alteholz.de>

Prev by Date: Re: cacti LTS
Next by Date: Re: cacti LTS
Previous by thread: testing php5 for Wheezy LTS
Next by thread: Re: cacti LTS
Index(es):
- Date
- Thread