Accepted php5 5.2.0-10+lenny1 (source i386 all)

To: debian-testing-changes@lists.debian.org
Subject: Accepted php5 5.2.0-10+lenny1 (source i386 all)
From: Stefan Fritsch <sf@debian.org>
Date: Mon, 28 May 2007 17:02:12 +0000
Message-id: <[🔎] E1Hsibk-00006K-GG@ries.debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 26 May 2007 08:02:03 +0200
Source: php5
Binary: php5-gd php5-ldap php5 php5-xmlrpc php5-pspell libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-tidy php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mcrypt php5-mysql php5-common php5-imap php5-snmp php5-dev php5-sqlite libapache-mod-php5 php5-interbase
Architecture: source i386 all
Version: 5.2.0-10+lenny1
Distribution: testing-security
Urgency: high
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: Stefan Fritsch <sf@debian.org>
Description: 
 libapache-mod-php5 - server-side, HTML-embedded scripting language (apache 1.3 module)
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2 module)
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (meta-package)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dev   - Files for PHP5 module development
 php5-gd    - GD module for php5
 php5-imap  - IMAP module for php5
 php5-interbase - interbase/firebird module for php5
 php5-ldap  - LDAP module for php5
 php5-mcrypt - MCrypt module for php5
 php5-mhash - MHASH module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Changes: 
 php5 (5.2.0-10+lenny1) testing-security; urgency=high
 .
   [ Stefan Fritsch ]
   * Non-maintainer upload by the security team
   * Port fixes from 5.2.0-8+etch4 to lenny
   * Include fix for regression in single quote escaping, found in #422567.
 .
   [ sean finney ]
   * The following security issues are addressed with this update:
     - CVE-2007-0910/MOPB-32 session_decode() Double Free Vulnerability
       * note that this is an update to the previous version of the upstream
         fix for CVE-2007-0910, which introduced a seperate exploit path.
     - CVE-2007-1286/MOPB-04 unserialize() ZVAL Reference Counter Overflow
     - CVE-2007-1380/MOPB-10 php_binary Session Deserialization Information Leak
     - CVE-2007-1375/MOPB-14 substr_compare() Information Leak Vulnerability
     - CVE-2007-1376/MOPB-15 shmop Functions Resource Verification Vulnerability
     - CVE-2007-1453/MOPB-18 ext/filter HTML Tag Stripping Bypass Vulnerability
     - CVE-2007-1453/MOPB-19 ext/filter Space Trimming Buffer Underflow Vuln.
     - CVE-2007-1521/MOPB-22 session_regenerate_id() Double Free Vulnerability
     - CVE-2007-1583/MOPB-26 mb_parse_str() register_globals Activation Vuln.
     - CVE-2007-1700/MOPB-30 _SESSION unset() Vulnerability
     - CVE-2007-1718/MOPB-34 mail() Header Injection
     - CVE-2007-1777/MOPB-35 zip_entry_read() Integer Overflow Vulnerability
     - CVE-2007-1887-1888/MOPB-41 sqlite_udf_decode_binary() Buffer Overflow
     - CVE-2007-1824/MOPB-42 php_stream_filter_create() Off By One Vulnerablity
     - CVE-2007-1889/MOPB-44 Memory Manager Signed Comparision Vulnerability
     - CVE-2007-1900/MOPB-45 ext/filter Email Validation Vulnerability
     - CVE-2007-2509: CRLF injection in the ftp module
     - CVE-2007-2510: Buffer overflow in the make_http_soap_request function
     - CVE-2007-2511: Buffer overflow in the user_filter_factory_create function
   * The other security issues resulting from the "Month of PHP bugs" either
     did not affect the version of php5 shipped in lenny, or did not merit
     a security update according to the established security policy for php
     in debian.  You are encouraged to verify that your configuration is not
     affected by any of the other vulnerabilities by visiting:
         http://www.php-security.org/
Files: 
 3990eee8032656a54f7eb2fb8b68a67d 1980 web optional php5_5.2.0-10+lenny1.dsc
 588d285820162217be3e38470fc16351 116074 web optional php5_5.2.0-10+lenny1.diff.gz
 efee03990d2230cd086cc24172a39c26 216122 web optional php5-common_5.2.0-10+lenny1_i386.deb
 8ee3886595cbab4ce9dbd30f5265b6d2 2412188 web optional libapache-mod-php5_5.2.0-10+lenny1_i386.deb
 d9ca11e2c5930fd29f34107465823403 2412568 web optional libapache2-mod-php5_5.2.0-10+lenny1_i386.deb
 034ea142f7366fbebb1a9193a3006373 4755232 web optional php5-cgi_5.2.0-10+lenny1_i386.deb
 30adcbac7ebd660aeb0faa3aed9f3d28 2396856 web optional php5-cli_5.2.0-10+lenny1_i386.deb
 95fa87b7be41fbc0c9579ea38d0ec92a 345416 devel optional php5-dev_5.2.0-10+lenny1_i386.deb
 10eeb1a29ab5873af4beb6840d646c2e 24456 web optional php5-curl_5.2.0-10+lenny1_i386.deb
 d1074605717af49e1c5c991c271ea729 33420 web optional php5-gd_5.2.0-10+lenny1_i386.deb
 f38c1d097cf4f479b9ff66991cffeec6 34494 web optional php5-imap_5.2.0-10+lenny1_i386.deb
 d9487b8dfcfe66621c741c622021b942 44360 web optional php5-interbase_5.2.0-10+lenny1_i386.deb
 bf1ca25a92f943281bfbdaff30b41763 17236 web optional php5-ldap_5.2.0-10+lenny1_i386.deb
 314ac126049709c3c01ed03cab23c509 12826 web optional php5-mcrypt_5.2.0-10+lenny1_i386.deb
 fde4db0c43259ae0d419cdf325e2488b 5050 web optional php5-mhash_5.2.0-10+lenny1_i386.deb
 2f0c0413dddf36c8f1670223e3f48a16 65012 web optional php5-mysql_5.2.0-10+lenny1_i386.deb
 f507e55db0fd9fc1e6e244b1dc85c30c 33404 web optional php5-odbc_5.2.0-10+lenny1_i386.deb
 9b498b7b4a66f4e1b7142018512b43a1 50662 web optional php5-pgsql_5.2.0-10+lenny1_i386.deb
 3a5480f4b206e1b1a494511012df525f 8630 web optional php5-pspell_5.2.0-10+lenny1_i386.deb
 f3e6cad9bbc66ed97013b52154c6e3be 4762 web optional php5-recode_5.2.0-10+lenny1_i386.deb
 a953800ffe9a9e5b16f64c67249d3bbe 11306 web optional php5-snmp_5.2.0-10+lenny1_i386.deb
 23ac864b70efa9e53de7fb6648df3175 34484 web optional php5-sqlite_5.2.0-10+lenny1_i386.deb
 2351a7e4c170a6add48737eaa6681247 18392 web optional php5-sybase_5.2.0-10+lenny1_i386.deb
 78f62f25cb72f5cf4cc694079c6822fc 16476 web optional php5-tidy_5.2.0-10+lenny1_i386.deb
 ce7d344f4df75c15e8a9004f84180214 36456 web optional php5-xmlrpc_5.2.0-10+lenny1_i386.deb
 3e7bab14e62846e6f33250969a9f3f82 12264 web optional php5-xsl_5.2.0-10+lenny1_i386.deb
 d7fbc4d15ddfdf16e1da7d2e6377fabe 1040 web optional php5_5.2.0-10+lenny1_all.deb
 1278343490b74b40f1cacd247e33d6cf 310586 web optional php-pear_5.2.0-10+lenny1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGV/B9bxelr8HyTqQRAjuoAKCI9XOFy1T6ggZJ3alAtaN5BODZlQCgqTS7
+ZT+YCkiYFLrA17jLpgXxUM=
=QmXq
-----END PGP SIGNATURE-----


Accepted:
libapache-mod-php5_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/libapache-mod-php5_5.2.0-10+lenny1_i386.deb
libapache2-mod-php5_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/libapache2-mod-php5_5.2.0-10+lenny1_i386.deb
php-pear_5.2.0-10+lenny1_all.deb
  to pool/main/p/php5/php-pear_5.2.0-10+lenny1_all.deb
php5-cgi_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-cgi_5.2.0-10+lenny1_i386.deb
php5-cli_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-cli_5.2.0-10+lenny1_i386.deb
php5-common_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-common_5.2.0-10+lenny1_i386.deb
php5-curl_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-curl_5.2.0-10+lenny1_i386.deb
php5-dev_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-dev_5.2.0-10+lenny1_i386.deb
php5-gd_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-gd_5.2.0-10+lenny1_i386.deb
php5-imap_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-imap_5.2.0-10+lenny1_i386.deb
php5-interbase_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-interbase_5.2.0-10+lenny1_i386.deb
php5-ldap_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-ldap_5.2.0-10+lenny1_i386.deb
php5-mcrypt_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-mcrypt_5.2.0-10+lenny1_i386.deb
php5-mhash_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-mhash_5.2.0-10+lenny1_i386.deb
php5-mysql_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-mysql_5.2.0-10+lenny1_i386.deb
php5-odbc_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-odbc_5.2.0-10+lenny1_i386.deb
php5-pgsql_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-pgsql_5.2.0-10+lenny1_i386.deb
php5-pspell_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-pspell_5.2.0-10+lenny1_i386.deb
php5-recode_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-recode_5.2.0-10+lenny1_i386.deb
php5-snmp_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-snmp_5.2.0-10+lenny1_i386.deb
php5-sqlite_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-sqlite_5.2.0-10+lenny1_i386.deb
php5-sybase_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-sybase_5.2.0-10+lenny1_i386.deb
php5-tidy_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-tidy_5.2.0-10+lenny1_i386.deb
php5-xmlrpc_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-xmlrpc_5.2.0-10+lenny1_i386.deb
php5-xsl_5.2.0-10+lenny1_i386.deb
  to pool/main/p/php5/php5-xsl_5.2.0-10+lenny1_i386.deb
php5_5.2.0-10+lenny1.diff.gz
  to pool/main/p/php5/php5_5.2.0-10+lenny1.diff.gz
php5_5.2.0-10+lenny1.dsc
  to pool/main/p/php5/php5_5.2.0-10+lenny1.dsc
php5_5.2.0-10+lenny1_all.deb
  to pool/main/p/php5/php5_5.2.0-10+lenny1_all.deb
Reply to:
Prev by Date: Accepted php4 6:4.4.4-9+lenny1 (source i386 all)
Next by Date: Testing migration summary 2007-05-28 (Monday)
Previous by thread: Accepted php4 6:4.4.4-9+lenny1 (source i386 all)
Next by thread: Testing migration summary 2007-05-28 (Monday)
Index(es):
- Date
- Thread