Bug#749497: Update pu to match security release (php5/5.4.4-14+deb7u11 -> php5/5.4.4-14+deb7u12)
Control: retitle -1 pu: package php5/5.4.4-14+deb7u12
Hi release team,
yet another CVE update was pushed through stable-security, so I am
updating the title of the bug.
Again no changes in the debdiff, just rebased on top of security update.
Updated changelog:
php5 (5.4.4-14+deb7u12) stable; urgency=medium
[ William Dauchy ]
* upstream fix: $env can be destructively changed.
* upstream fix: copy() arginfo incorrect since 5.4
* upstream fix: Out of memory on command stream_get_contents
* upstream fix: stream_socket_server() creates wrong Abstract
Namespace UNIX sockets
* upstream fix: exit in stream filter produces segfault
* upstream fix: fpassthru broken
* upstream fix: Incorrect object comparison with inheritance
* upstream fix: openssl_seal() memory leak
* upstream fix: Segfault in mysqli_stmt::bind_result() when link
closed
* upstream fix: Segmentation fault after memory_limit
-- Ondřej Surý <ondrej@debian.org> Tue, 27 May 2014 13:44:18 +0200
php5 (5.4.4-14+deb7u11) stable-security; urgency=high
* [CVE-2014-4049]: Fix potential segfault in dns_get_record()
-- Ondřej Surý <ondrej@debian.org> Fri, 13 Jun 2014 15:43:03 +0200
php5 (5.4.4-14+deb7u10) stable-security; urgency=high
* upstream fix: numerous file_printf calls resulting in performance
degradation (CVE-2014-0237)
* upstream fix: CDF infinite loop in nelements DoS (CVE-2014-0238)
* upstream fix: out-of-bounds memory access in fileinfo
(CVE-2014-2270)
* upstream fix: sapi/fpm: possible privilege escalation due to
insecure
default configuration) (CVE-2014-0185)
* Set default listen.{owner,group} to www-data:www-data
-- Ondřej Surý <ondrej@debian.org> Fri, 30 May 2014 09:08:14 +0200
Ondrej
--
Ondřej Surý <ondrej@sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server
Reply to: