Your message dated Sat, 05 May 2007 18:47:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#422405: fixed in php5 5.2.2-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: php5
Version: 5.2.0-10
The PHP development team has released a new version of PHP 5 that fixes
numerous security holes that affected both 5.2.0 and 5.2.1 (some of
which I found no fixes for in the Debian packages).
The following has been resolved in PHP 5.2.2:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1001
http://www.php-security.org/MOPB/PMOPB-45-2007.html
http://www.php-security.org/MOPB/MOPB-34-2007.html
http://www.php-security.org/MOPB/MOPB-33-2007.html
http://www.php-security.org/MOPB/MOPB-29-2007.html
http://www.php-security.org/MOPB/MOPB-26-2007.html
http://www.php-security.org/MOPB/MOPB-24-2007.html
http://www.php-security.org/MOPB/MOPB-22-2007.html
http://www.php-security.org/MOPB/MOPB-21-2007.html
http://www.php-security.org/MOPB/MOPB-20-2007.html
http://www.php-security.org/MOPB/MOPB-14-2007.html
http://www.php-security.org/MOPB/MOPB-03-2007.html
Other fixes are available at:
http://www.php.net/ChangeLog-5.php#5.2.2
I would these bugs to be taken very seriously especially the ones at
php-security.org because they affect a great many web applications.
--- End Message ---
--- Begin Message ---
Source: php5
Source-Version: 5.2.2-1
We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive:
libapache-mod-php5_5.2.2-1_amd64.deb
to pool/main/p/php5/libapache-mod-php5_5.2.2-1_amd64.deb
libapache2-mod-php5_5.2.2-1_amd64.deb
to pool/main/p/php5/libapache2-mod-php5_5.2.2-1_amd64.deb
php-pear_5.2.2-1_all.deb
to pool/main/p/php5/php-pear_5.2.2-1_all.deb
php5-cgi_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-cgi_5.2.2-1_amd64.deb
php5-cli_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-cli_5.2.2-1_amd64.deb
php5-common_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-common_5.2.2-1_amd64.deb
php5-curl_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-curl_5.2.2-1_amd64.deb
php5-dev_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-dev_5.2.2-1_amd64.deb
php5-gd_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-gd_5.2.2-1_amd64.deb
php5-imap_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-imap_5.2.2-1_amd64.deb
php5-interbase_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-interbase_5.2.2-1_amd64.deb
php5-ldap_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-ldap_5.2.2-1_amd64.deb
php5-mcrypt_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-mcrypt_5.2.2-1_amd64.deb
php5-mhash_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-mhash_5.2.2-1_amd64.deb
php5-mysql_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-mysql_5.2.2-1_amd64.deb
php5-odbc_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-odbc_5.2.2-1_amd64.deb
php5-pgsql_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-pgsql_5.2.2-1_amd64.deb
php5-pspell_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-pspell_5.2.2-1_amd64.deb
php5-recode_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-recode_5.2.2-1_amd64.deb
php5-snmp_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-snmp_5.2.2-1_amd64.deb
php5-sqlite_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-sqlite_5.2.2-1_amd64.deb
php5-sybase_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-sybase_5.2.2-1_amd64.deb
php5-tidy_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-tidy_5.2.2-1_amd64.deb
php5-xmlrpc_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-xmlrpc_5.2.2-1_amd64.deb
php5-xsl_5.2.2-1_amd64.deb
to pool/main/p/php5/php5-xsl_5.2.2-1_amd64.deb
php5_5.2.2-1.diff.gz
to pool/main/p/php5/php5_5.2.2-1.diff.gz
php5_5.2.2-1.dsc
to pool/main/p/php5/php5_5.2.2-1.dsc
php5_5.2.2-1_all.deb
to pool/main/p/php5/php5_5.2.2-1_all.deb
php5_5.2.2.orig.tar.gz
to pool/main/p/php5/php5_5.2.2.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
sean finney <[EMAIL PROTECTED]> (supplier of updated php5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 05 May 2007 19:56:30 +0200
Source: php5
Binary: php5-gd php5-ldap php5 php5-xmlrpc php5-pspell libapache2-mod-php5
php5-xsl php5-cgi php-pear php5-tidy php5-pgsql php5-cli php5-recode php5-mhash
php5-sybase php5-curl php5-odbc php5-mcrypt php5-mysql php5-common php5-imap
php5-snmp php5-dev php5-sqlite libapache-mod-php5 php5-interbase
Architecture: source amd64 all
Version: 5.2.2-1
Distribution: unstable
Urgency: low
Maintainer: Debian PHP Maintainers <[EMAIL PROTECTED]>
Changed-By: sean finney <[EMAIL PROTECTED]>
Description:
libapache-mod-php5 - server-side, HTML-embedded scripting language (apache 1.3
module)
libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2
module)
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (meta-package)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dev - Files for PHP5 module development
php5-gd - GD module for php5
php5-imap - IMAP module for php5
php5-interbase - interbase/firebird module for php5
php5-ldap - LDAP module for php5
php5-mcrypt - MCrypt module for php5
php5-mhash - MHASH module for php5
php5-mysql - MySQL module for php5
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-pspell - pspell module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-tidy - tidy module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Closes: 338315 399924 418471 421929 422224 422405
Changes:
php5 (5.2.2-1) unstable; urgency=low
.
[ sean finney ]
* new upstream release (closes: #422405).
* /most/ of the previous CVE patches have been committed upstream, though:
- the patch for MOPB-41 was fixed in a different way and we'll be keeping
our fix for the time being.
- it doesn't seem like MOPB-45 has been fixed yet.
* remove build-dependency option on libmysqlclient12-dev, since the mysqli
option requires it, and 15 is in stable now anyway. thanks to
Henk van de kamer for finding this (closes: #422224).
* now includes requested fix for mysql row counts (closes: #418471).
* needle/haystack issues are reported fixed (closes: #399924).
* oh yeah, because we're using quilt now: (closes: #338315).
* update build-deps to libdb4.5-dev | libdb4.4-dev (closes: #421929).
note that the resulting php packages won't actually build against
libdb4.5 until all of our build-dependant packages do too.
Files:
efd7d34b679eee25231e7076f549c0f1 1948 web optional php5_5.2.2-1.dsc
7a920d0096900b2b962b21dc5c55fe3c 9201988 web optional php5_5.2.2.orig.tar.gz
313522b55472e9c43a1cb5a5cd92db8a 96918 web optional php5_5.2.2-1.diff.gz
60ccc623f9d94cd46449314bf6545add 229288 web optional
php5-common_5.2.2-1_amd64.deb
90c7b75eba1222e84e477f253dc59f3b 2645818 web optional
libapache-mod-php5_5.2.2-1_amd64.deb
854d01a2720bd05d242487fa3451b198 2647284 web optional
libapache2-mod-php5_5.2.2-1_amd64.deb
dfd962c5ecfd9326dc204dde46942e84 5144256 web optional
php5-cgi_5.2.2-1_amd64.deb
e5c8c2fea43f57cffbb567915bfb0c52 2591016 web optional
php5-cli_5.2.2-1_amd64.deb
fee0660caad61eed9742d791f3a1faec 350940 devel optional
php5-dev_5.2.2-1_amd64.deb
6c26ea9516245e1eeb95b10a1a19dde6 24912 web optional php5-curl_5.2.2-1_amd64.deb
6da5ee04c25b7b08f8b025ade99fea7a 36886 web optional php5-gd_5.2.2-1_amd64.deb
39809342589699e13bbc9e5339c95458 37364 web optional php5-imap_5.2.2-1_amd64.deb
347e16361c452f212e553f0ea4d924a7 46552 web optional
php5-interbase_5.2.2-1_amd64.deb
0b591021ab081cc99298af2683de4973 18468 web optional php5-ldap_5.2.2-1_amd64.deb
1ebd9bf1f3a678069b3c4025c6fc4e36 13532 web optional
php5-mcrypt_5.2.2-1_amd64.deb
2c32af568dc0baaff297e9f5eead39f1 5186 web optional php5-mhash_5.2.2-1_amd64.deb
1358ae797cc067ec7a8e0af04fa51d66 71646 web optional
php5-mysql_5.2.2-1_amd64.deb
468703e262ddef07d3c85cd04df29a70 36342 web optional php5-odbc_5.2.2-1_amd64.deb
7c213ad16af2a91a784e8409b70b64a7 54622 web optional
php5-pgsql_5.2.2-1_amd64.deb
57ea5aa02724f0c699d16001a6578e01 9362 web optional
php5-pspell_5.2.2-1_amd64.deb
0c7cbc5ea99cdbbe93d4e8746ea3078f 4820 web optional
php5-recode_5.2.2-1_amd64.deb
1398adf1dbc46d024ae186a35ffb9fd5 11982 web optional php5-snmp_5.2.2-1_amd64.deb
aeff3d5945816345fa073b5ae59461cf 37850 web optional
php5-sqlite_5.2.2-1_amd64.deb
d9d70c14f8a0c379706dc846eaf8f893 19264 web optional
php5-sybase_5.2.2-1_amd64.deb
a5ad401b8a34dcac516bd2978f19f485 17444 web optional php5-tidy_5.2.2-1_amd64.deb
e629b8b3af74c9350f19387afda5d538 39774 web optional
php5-xmlrpc_5.2.2-1_amd64.deb
486a718c68748252978eb22bc927077c 12850 web optional php5-xsl_5.2.2-1_amd64.deb
91fdbe4d34a0ef4df77e20ae1efaa35b 1036 web optional php5_5.2.2-1_all.deb
d9d6be606dcc689bc83ab9dca0b2fcb3 349194 web optional php-pear_5.2.2-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGPMmGynjLPm522B0RAq4UAJ9wLUCCikdE+O5Y11kJ1PJKfUaMdACdEj9g
U3VYwsW/lmd4cNnHGOisShs=
=4ySz
-----END PGP SIGNATURE-----
--- End Message ---
