[php-maint] new php5 packages for stable-security

[sean finney]

hey folks,

to follow up on this morning's mail, i've now uploaded a new security update 
for php5 to the pub security upload queue.  this update fixes 
CVE-2007-1399/MOPB-16, which managed to slip through the mess of mopb fun 
from earlier updates.

text from CVE-2007-1399:

  Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and   
  earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to 
  execute arbitrary code via a long zip:// URL, as demonstrated by actively 
  triggering URL access from a remote PHP interpreter via avatar upload or 
  blog pingback.

also in this update is a fix to a regression in single quoting introduced by 
the php team's original fix for one of the previous CVE's.  in #422567 
someone was kind enough to dig up a fix, which has been tested and verified 
by a number of submitters.   at the time i didn't realize it was a regression 
in the security update and instead thought it was just general breakage in 
php, so i threw an upload with the fix at stable p-u, which was accepted, in 
case you're curious after reading the changelog or wondering where the 
previous version is when you go to debdiff.

anyway, please let me know if you need any more information.


	sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20070701/6af33416/attachment.pgp