[php-maint] php5_5.3.3.1-7+squeeze28_i386.changes ACCEPTED into squeeze-lts
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sun Nov 8 18:01:42 UTC 2015
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 28 Oct 2015 22:17:00 +0100
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source i386 all
Version: 5.3.3.1-7+squeeze28
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian PHP Maintainers <pkg-php-maint at lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <debian at alteholz.de>
Description:
libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (metapackage)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dbg - Debug symbols for PHP5
php5-dev - Files for PHP5 module development
php5-enchant - Enchant module for php5
php5-gd - GD module for php5
php5-gmp - GMP module for php5
php5-imap - IMAP module for php5
php5-interbase - interbase/firebird module for php5
php5-intl - internationalisation module for php5
php5-ldap - LDAP module for php5
php5-mcrypt - MCrypt module for php5
php5-mysql - MySQL module for php5
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-pspell - pspell module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-tidy - tidy module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Changes:
php5 (5.3.3.1-7+squeeze28) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team.
* CVE-2015-6831
Use after free vulnerability was found in unserialize() function.
We can create ZVAL and free it via Serializable::unserialize.
However the unserialize() will still allow to use R: or r: to set
references to that already freed memory. It is possible to
use-after-free attack and execute arbitrary code remotely.
* CVE-2015-6832
Dangling pointer in the unserialization of ArrayObject items.
* CVE-2015-6833
Files extracted from archive may be placed outside of destination
directory
* CVE-2015-6834
Use after free vulnerability was found in unserialize() function.
We can create ZVAL and free it via Serializable::unserialize.
However the unserialize() will still allow to use R: or r: to set
references to that already freed memory. It is possible to
use-after-free attack and execute arbitrary code remotely.
* CVE-2015-6836
A type confusion occurs within SOAP serialize_function_call due
to an insufficient validation of the headers field.
In the SoapClient's __call method, the verify_soap_headers_array
check is applied only to headers retrieved from
zend_parse_parameters; problem is that a few lines later,
soap_headers could be updated or even replaced with values from
the __default_headers object fields.
* CVE-2015-6837
The XSLTProcessor class misses a few checks on the input from the
libxslt library. The valuePop() function call is able to return
NULL pointer and php does not check that.
* CVE-2015-6838
The XSLTProcessor class misses a few checks on the input from the
libxslt library. The valuePop() function call is able to return
NULL pointer and php does not check that.
* CVE-2015-7803
A NULL pointer dereference flaw was found in the way PHP's Phar
extension parsed Phar archives. A specially crafted archive could
cause PHP to crash.
* CVE-2015-7804
An uninitialized pointer use flaw was found in the
phar_make_dirstream() function of PHP's Phar extension.
A specially crafted phar file in the ZIP format with a directory
entry with a file name "/ZIP" could cause a PHP application
function to crash.
Checksums-Sha1:
9545a77ff101c512459daf0de9bc7fa0185c191b 3324 php5_5.3.3.1-7+squeeze28.dsc
626df6e5c07d431f834580b646228b3d3e01f2a7 14867926 php5_5.3.3.1-7+squeeze28.tar.gz
a2a1da7958f01c5ae501c613682f57f2f1da9eb3 559782 php5-common_5.3.3.1-7+squeeze28_i386.deb
c66806c7e23298dd54c8dfcc376f2cdeb4948251 2891836 libapache2-mod-php5_5.3.3.1-7+squeeze28_i386.deb
97f0e5841e6799737addc9a6aaced213016b9474 2891082 libapache2-mod-php5filter_5.3.3.1-7+squeeze28_i386.deb
32837b393f5b7aa9b119a3f35ca62a0a16116d4e 5723922 php5-cgi_5.3.3.1-7+squeeze28_i386.deb
f6f754e4d9d71688668b43ddc1ec3f06b114c89c 2861810 php5-cli_5.3.3.1-7+squeeze28_i386.deb
3b2f26cbb3cbf4c336bf1a6be1996d30611e819d 409508 php5-dev_5.3.3.1-7+squeeze28_i386.deb
281cd34e8062b6823feb435be3a6b06f8068c172 10473208 php5-dbg_5.3.3.1-7+squeeze28_i386.deb
7a6c2cb2fd69f1a6b663b702000baf7e4d734b9e 25578 php5-curl_5.3.3.1-7+squeeze28_i386.deb
3da1db5fe1bb915ccb5197dd497db0ccee83045f 7816 php5-enchant_5.3.3.1-7+squeeze28_i386.deb
8b57ca844f212cc0621af509cdb3f69ba0b2c5c9 34822 php5-gd_5.3.3.1-7+squeeze28_i386.deb
a2aedde54222b39a645e636e76e5d3fe004c3fdf 14176 php5-gmp_5.3.3.1-7+squeeze28_i386.deb
52ac8bddacf4c0cecee734bce789640b0cab6fa5 31792 php5-imap_5.3.3.1-7+squeeze28_i386.deb
d3353278f3d18947b9155b82a7ecc9b7f6383734 46516 php5-interbase_5.3.3.1-7+squeeze28_i386.deb
7e09ee323888897e113c51e981d037a863df68b4 54044 php5-intl_5.3.3.1-7+squeeze28_i386.deb
d830390d7d8fe9dadd6b7ee5c6d052b7c5190c00 17550 php5-ldap_5.3.3.1-7+squeeze28_i386.deb
94a7b262a21b5bec678834bf088dde11cc44ee2a 13546 php5-mcrypt_5.3.3.1-7+squeeze28_i386.deb
bdfa0977ed8d24aeb0597dab3799748bfab5b3ac 66426 php5-mysql_5.3.3.1-7+squeeze28_i386.deb
29eb8a20bab63e1208bc99feb8cbcb7a2c950927 31354 php5-odbc_5.3.3.1-7+squeeze28_i386.deb
46f856e56aec687494d67fdd1db2388c8be4181e 54950 php5-pgsql_5.3.3.1-7+squeeze28_i386.deb
7479c87279129fed759964c2eefcc5eb314688d7 7324 php5-pspell_5.3.3.1-7+squeeze28_i386.deb
b2abe69c9270a16a5c3242c7e079940b0deeece0 4094 php5-recode_5.3.3.1-7+squeeze28_i386.deb
d8fa9fed3def12b6138727d04ad702f30ad7e6cb 10224 php5-snmp_5.3.3.1-7+squeeze28_i386.deb
620b9265acb9a52c0d32d7d39ee18ecebd2e7345 48094 php5-sqlite_5.3.3.1-7+squeeze28_i386.deb
bd937cfbd59f55376cf3e3c65ff9a7c528c0a224 23260 php5-sybase_5.3.3.1-7+squeeze28_i386.deb
c84aa252c6fa7fb537f69b3d02788b8f4590a076 16416 php5-tidy_5.3.3.1-7+squeeze28_i386.deb
abfafb0b611129bc2b6825fe905dae1ba48e1def 31906 php5-xmlrpc_5.3.3.1-7+squeeze28_i386.deb
f3456d8fe658bb0a3ad85590b04c87097390255b 12994 php5-xsl_5.3.3.1-7+squeeze28_i386.deb
ffac6725805b1c526b20a5953172436ff4afc5bb 1062 php5_5.3.3.1-7+squeeze28_all.deb
51e5379bc7ad66f9570749b3ba05281e8b222bf2 360432 php-pear_5.3.3.1-7+squeeze28_all.deb
Checksums-Sha256:
152ac4e87164d8653b4d4102744bf0993e8969993d01ff03b846a2d5391d3b7c 3324 php5_5.3.3.1-7+squeeze28.dsc
89da799f582a79388225924d6c80fe0ea5ee1c1d07486cc1e03a49d37fac373e 14867926 php5_5.3.3.1-7+squeeze28.tar.gz
e0745df18593fc4f7b4ff21060b1f8f9f8f5f643ece8aad911d788c87f671e0b 559782 php5-common_5.3.3.1-7+squeeze28_i386.deb
2b50d45c53fd38de17e6592d26fd8893e1a950116ad8b40a3c4101c50be78612 2891836 libapache2-mod-php5_5.3.3.1-7+squeeze28_i386.deb
d41a9281986d84943b57cbc917804d55f45c71b95c978ffb84c9bb02569daac5 2891082 libapache2-mod-php5filter_5.3.3.1-7+squeeze28_i386.deb
10053f7207d298d28bbea9ea4f3a6723ab89bdc6457057f9f2918c76e0074df1 5723922 php5-cgi_5.3.3.1-7+squeeze28_i386.deb
2984e740914ec508041f992156f7079f682399f74cf651fef79ab211bf8dca00 2861810 php5-cli_5.3.3.1-7+squeeze28_i386.deb
cb42aca41733d30c67b596dd7ed0a82ab2a4b7c1145a72d073128f10da887a0a 409508 php5-dev_5.3.3.1-7+squeeze28_i386.deb
38528c3a18a3c60840631efa22f52eb40f798b31fce204e43248533ead50edbe 10473208 php5-dbg_5.3.3.1-7+squeeze28_i386.deb
60cce5e0af4389b8d434cdb2c5c25fa4985e2190c52e1d60a9f69b5b3ca8b1cb 25578 php5-curl_5.3.3.1-7+squeeze28_i386.deb
a6efb1a86c87a6d9426f2a4ed9edcc9d45be26609aec309aa580ae0589150f32 7816 php5-enchant_5.3.3.1-7+squeeze28_i386.deb
56c584a2b6b8e7d5dcc4d1dbe06804c96161326765db031c15163701f18fb3a9 34822 php5-gd_5.3.3.1-7+squeeze28_i386.deb
a203e1d70c00cbffa7b81eadbf9dae6198ea97ce6bec7cfdf01e26aeea300959 14176 php5-gmp_5.3.3.1-7+squeeze28_i386.deb
a7876d043e6628fdc7e7ad4a0dd58ecc9d4793fc88321eb362510427eec47168 31792 php5-imap_5.3.3.1-7+squeeze28_i386.deb
a802798e36fd06e8b8be5a460610b83127ee3fdb18efe4b5c7e3a9e23c0c7346 46516 php5-interbase_5.3.3.1-7+squeeze28_i386.deb
35c56585c4aa41abdc27f2a75b24a4a3dd53245b44f304cc35a3a955f44fcb3d 54044 php5-intl_5.3.3.1-7+squeeze28_i386.deb
f20093a07c55dce3237f1e2164e77207381072cd0f9e245f51194c713587cf32 17550 php5-ldap_5.3.3.1-7+squeeze28_i386.deb
ae270825609686e80bbda0e15637a78bc63f931eb81bddd75c969513da1c8a82 13546 php5-mcrypt_5.3.3.1-7+squeeze28_i386.deb
76dea18a8eebcb883c4c5b0f03da702bc95cdc850bd333432a36ab9c63b983a4 66426 php5-mysql_5.3.3.1-7+squeeze28_i386.deb
9a804468739ed2cb5cbbf1100bc086d982a47866b60143aa1c44c0f34e2fe968 31354 php5-odbc_5.3.3.1-7+squeeze28_i386.deb
80e8e169f7af10e7d0f97bb154d2cff22e5784c0447fae92c33d9949846a051b 54950 php5-pgsql_5.3.3.1-7+squeeze28_i386.deb
b1481b63da5387f85ab0c217d2df2fff02913d147d3937ef83bd8b30d963908f 7324 php5-pspell_5.3.3.1-7+squeeze28_i386.deb
eb5da4d40679f27dd74001711f000cffca7112babfeed352f1e8b7418914fcdc 4094 php5-recode_5.3.3.1-7+squeeze28_i386.deb
37dbaf34e85a7a7c34cd0d25e3444ca0433912d1c2cc6ce8b873cddcfe973ef4 10224 php5-snmp_5.3.3.1-7+squeeze28_i386.deb
129140660c44b88ed16fa9dba09be621695413fd2bf00f983f0e6e0072f6f410 48094 php5-sqlite_5.3.3.1-7+squeeze28_i386.deb
60168b71d82c69a7f03d451c5d91d9ad02d0ef24cc546f5306cad818990eff8a 23260 php5-sybase_5.3.3.1-7+squeeze28_i386.deb
71ebbe846148d63dee905d6572190e9a362aebcf794fc349022af5888e66f62b 16416 php5-tidy_5.3.3.1-7+squeeze28_i386.deb
a2d2ef88408f34e4d0fd03b0c9a0c4887f1b779cb46715eafce026f32a9b7e2b 31906 php5-xmlrpc_5.3.3.1-7+squeeze28_i386.deb
d2710aaf195b540f8f2ff4ddf83d6113ca744609708c0e8a2976241e0d4421b2 12994 php5-xsl_5.3.3.1-7+squeeze28_i386.deb
e80f1821163357bbe168b06e7b4c34a4997859a3e4251e84a1b88a885721cba6 1062 php5_5.3.3.1-7+squeeze28_all.deb
f7d3895fa64bd11a7234cfc0672684f3d87ac5c6eb1cd829a080132db41e8650 360432 php-pear_5.3.3.1-7+squeeze28_all.deb
Files:
b23a2c6f13f1b6c2927aabf0b09faf27 3324 php optional php5_5.3.3.1-7+squeeze28.dsc
304b24cc9a0dc632d0606f1888c63c29 14867926 php optional php5_5.3.3.1-7+squeeze28.tar.gz
4db8590baa5c946e8f45d456722fc697 559782 php optional php5-common_5.3.3.1-7+squeeze28_i386.deb
0c9e7cca84a2bdafbf0d4ad11efb14b8 2891836 httpd optional libapache2-mod-php5_5.3.3.1-7+squeeze28_i386.deb
973819e020f3fe4305e5da67a741fe83 2891082 httpd optional libapache2-mod-php5filter_5.3.3.1-7+squeeze28_i386.deb
8816632fb2d84462c6f1853d441e7505 5723922 php optional php5-cgi_5.3.3.1-7+squeeze28_i386.deb
6412b1d3c505113077bd401f87897f14 2861810 php optional php5-cli_5.3.3.1-7+squeeze28_i386.deb
977f70006bb0292765d4754cfc16b465 409508 php optional php5-dev_5.3.3.1-7+squeeze28_i386.deb
681c0e036184186d0fb9437cd724cf05 10473208 debug extra php5-dbg_5.3.3.1-7+squeeze28_i386.deb
65c36ee6c7e43e9d400d783669bcdac4 25578 php optional php5-curl_5.3.3.1-7+squeeze28_i386.deb
1c8731ca9de09240b73b368da89a77f4 7816 php optional php5-enchant_5.3.3.1-7+squeeze28_i386.deb
b572b38b77a96468ebb3e7e0a622cd2f 34822 php optional php5-gd_5.3.3.1-7+squeeze28_i386.deb
884cae5dc92f83316994a3d18157d398 14176 php optional php5-gmp_5.3.3.1-7+squeeze28_i386.deb
36083809e839c13fa31c39ee5bb826a7 31792 php optional php5-imap_5.3.3.1-7+squeeze28_i386.deb
880e3eba69411d716de6a8ff6bf194e5 46516 php optional php5-interbase_5.3.3.1-7+squeeze28_i386.deb
b800769304a7812c6bfc31f08272592b 54044 php optional php5-intl_5.3.3.1-7+squeeze28_i386.deb
e038efae0f6e147630348bc1564a7c25 17550 php optional php5-ldap_5.3.3.1-7+squeeze28_i386.deb
219deeee7d61fd5cb01768d15de2954b 13546 php optional php5-mcrypt_5.3.3.1-7+squeeze28_i386.deb
beb048b06778a9d8744be36e9d7a0ce0 66426 php optional php5-mysql_5.3.3.1-7+squeeze28_i386.deb
d14f6bac7e0f56f66ba1597811e065ca 31354 php optional php5-odbc_5.3.3.1-7+squeeze28_i386.deb
44438052bc222cba1c03f24ac8e14a7c 54950 php optional php5-pgsql_5.3.3.1-7+squeeze28_i386.deb
93855099d22f4a24c3d0d6b70c57e569 7324 php optional php5-pspell_5.3.3.1-7+squeeze28_i386.deb
a3b995e9e339b0e3e28d1207e75540ad 4094 php optional php5-recode_5.3.3.1-7+squeeze28_i386.deb
8b801efa2b4b776ee2b11380c0d4b682 10224 php optional php5-snmp_5.3.3.1-7+squeeze28_i386.deb
15d26560bec18f8bc1cfe28cd0822383 48094 php optional php5-sqlite_5.3.3.1-7+squeeze28_i386.deb
17e9f46e4fd86e401c741f3034bc4352 23260 php optional php5-sybase_5.3.3.1-7+squeeze28_i386.deb
8003f24bd7f646ba6d7c0ee8df3d3350 16416 php optional php5-tidy_5.3.3.1-7+squeeze28_i386.deb
37690b93b6a665aa3ab35f02e5bb59fb 31906 php optional php5-xmlrpc_5.3.3.1-7+squeeze28_i386.deb
f66b2924e4f0ebc48fb864f8e5d07666 12994 php optional php5-xsl_5.3.3.1-7+squeeze28_i386.deb
599b30b5a04a69f99cd235453e247394 1062 php optional php5_5.3.3.1-7+squeeze28_all.deb
bdbd0d9ec89f41d7e62e72f6b517fc76 360432 php optional php-pear_5.3.3.1-7+squeeze28_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJWP4rsXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHAdQQAJRRlGXDbUIxwTeqv5q4/NkJ
Uw8L6tHtB5yV1sgWb2APeeo5DVXZJPEdTYEWZFMKZmGcU+DZw4agLv78yFHhIm1G
9/AOVtIf9ClgGzRIdudRAV1gpGtN2vxPsGy6Ka5uCxwfdumKLjJSsYK121iiJM3H
kvza14Wmu2f7g3rau0UqMGuN1W4eNDhu+uSWU7/tFNbJQ6LImc6TIMp9xYAE7QCL
Xb9Q3dmMpymgThU+GK0WLKyUvWzPXkf9dUQ931yfFAaE64zeJD5rgHuFetPH3LRC
HcP/lv/1HsrH00VNG7NN48PplbOJd2+dMhcrccGOXwdutCuswbGOCmJisyCHuMVx
vxbyp33PW0yD66zyaGZmeshSePh8TMDGDH97QasiASveNsbtLF+K5r4uW4F98Kx6
CJ1Afu9yK8R2JbCdCFsbEoJpgCQhad2IsYr/R8bHMJEWXm8VAcGa6eTKUceNtTtx
lMUsEfwrzo6ADvg3BY5oFRuyz6pVM93OLBA4XZzXNfj5LohhCcLmkNn5qCEpDRuy
U/IT/1PuuY/kJQSni4lG1tsgiydgW0nJO/g2EDKA1KSksdDQa6Xotb4VLybOBntP
gdlZiymjrC6G3qeNdX9Ow6FotztlioYXr66opM5iGhm4+pXAycefc6DLkyo319IM
wdX3eiYkZqHFQqJ5CJLp
=4gzl
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-php-maint
mailing list