-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 26 Jan 2017 23:00:20 -0500 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm libphp5-embed php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source amd64 all Version: 5.4.45-0+deb7u7 Distribution: wheezy-security Urgency: high Maintainer: Debian PHP Maintainers <pkg-php-ma...@lists.alioth.debian.org> Changed-By: Roberto C. Sanchez <robe...@debian.org> Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo libphp5-embed - HTML-embedded scripting language (Embedded SAPI library) php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary) php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-imap - IMAP module for php5 php5-interbase - interbase/firebird module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mcrypt - MCrypt module for php5 php5-mysql - MySQL module for php5 php5-mysqlnd - MySQL module for php5 (Native Driver) php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.4.45-0+deb7u7) wheezy-security; urgency=high . [ Raphaƫl Hertzog ] * Non-maintainer upload by the Debian LTS Team. * Switch source package to "3.0 (quilt)" to be able to include binary files in updates (useful for backported tests). * CVE-2016-2554 Stack-based buffer overflow in ext/phar/tar.c allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted TAR archive. * CVE-2016-3141 Use-after-free vulnerability in wddx.c in the WDDX extension allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact by triggering a wddx_deserialize call on XML data containing a crafted var element. * Add some files which are missing for tests: - ext/phar/tests/bug69720.phar - ext/phar/tests/bug70433.zip - ext/phar/tests/bug71331.tar - ext/phar/tests/bug71488.tar - ext/phar/tests/tar/files/bug64343.tar . [ Roberto C. Sanchez ] * CVE-2016-3142 The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location. * CVE-2016-4342 ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3 mishandles zero-length uncompressed data, which allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR archive. * CVE-2016-9934 ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted serialized data in a wddxPacket XML document, as demonstrated by a PDORow string. * CVE-2016-9935 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service (out-of-bounds read and memory corruption) or possibly have unspecified other impact via an empty boolean element in a wddxPacket XML document. * CVE-2016-10158 The exif_convert_any_to_int function in ext/exif/exif.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (application crash) via crafted EXIF data that triggers an attempt to divide the minimum representable negative integer by -1. * CVE-2016-10159 Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory consumption or application crash) via a truncated manifest entry in a PHAR archive. * CVE-2016-10160 Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PHAR archive with an alias mismatch. * CVE-2016-10161 The object_common1 function in ext/standard/var_unserializer.c in PHP before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers to cause a denial of service (buffer over-read and application crash) via crafted serialized data that is mishandled in a finish_nested_data call. * BUG-71323.patch Output of stream_get_meta_data can be falsified by its input * BUG-70979.patch Crash on bad SOAP request * BUG-71039.patch exec functions ignore length but look for NULL termination * BUG-71459.patch Integer overflow in iptcembed() * BUG-71391.patch NULL Pointer Dereference in phar_tar_setupmetadata() * BUG-71335.patch Type confusion vulnerability in WDDX packet deserialization * Add some files which are missing for tests: - ext/phar/tests/bug71498.zip - ext/phar/tests/bug71354.tar - ext/exif/tests/bug73737.tiff - ext/phar/tests/bug73764.phar - ext/phar/tests/bug73768.phar - ext/phar/tests/bug71391.tar Checksums-Sha1: d58b24fdcda995a12ff025707c9878d78e61afdb 4426 php5_5.4.45-0+deb7u7.dsc 690d1ccaea4282f3d10fa9c2c6e3f04fcdaf58b5 241641 php5_5.4.45-0+deb7u7.debian.tar.gz 4628a4aa0cc163e64b9f8f396f52030d810fe13e 635938 php5-common_5.4.45-0+deb7u7_amd64.deb 583af19cadc3e8fa96ce08d1d44d98d4223696ff 2710756 libapache2-mod-php5_5.4.45-0+deb7u7_amd64.deb 1febffa83aaf6784890e9b36cd066d7b37e9bcf0 2709772 libapache2-mod-php5filter_5.4.45-0+deb7u7_amd64.deb c288af2f95d749394f602083d3e40740f27a1398 5184728 php5-cgi_5.4.45-0+deb7u7_amd64.deb c48c958f68b83dd502e8b6ee8c62516ca28aa29b 2601012 php5-cli_5.4.45-0+deb7u7_amd64.deb 3e31da1067c8541949fe1463b0d770a839ca71b6 2634392 php5-fpm_5.4.45-0+deb7u7_amd64.deb d1bfbd3d5190eb7b172f70430f39330776476ff5 2708460 libphp5-embed_5.4.45-0+deb7u7_amd64.deb 925537a719f17c7f394f9d6fa41c60d0415db71d 500272 php5-dev_5.4.45-0+deb7u7_amd64.deb 89b1f3746768d7b79769154e7711bc965a25c7d9 16132152 php5-dbg_5.4.45-0+deb7u7_amd64.deb 83661ce3b22cc2dc03febd872e738242cdbcfd74 29490 php5-curl_5.4.45-0+deb7u7_amd64.deb 434d95953c8f37ea301b0dc10f04cabd4d0d5cfd 9898 php5-enchant_5.4.45-0+deb7u7_amd64.deb 0a9ade580d9318dcb6ed924b0ef0623b972c8a2f 35700 php5-gd_5.4.45-0+deb7u7_amd64.deb 68cab959024e6a5585c4be5758dc2d784dc181a8 17014 php5-gmp_5.4.45-0+deb7u7_amd64.deb e04c5745e7876f2e77a96ba2f63252f8e92653fc 35592 php5-imap_5.4.45-0+deb7u7_amd64.deb 67a105c320114ed00d7a41a383b67b2652057f52 49582 php5-interbase_5.4.45-0+deb7u7_amd64.deb 9b3407c0327c80273b8ce4f0bbc077375e075068 72354 php5-intl_5.4.45-0+deb7u7_amd64.deb 3550b2988dfdcb3ba60af75a3c293cad8a6a0f38 23882 php5-ldap_5.4.45-0+deb7u7_amd64.deb 3309619e2180b6d2519559c20da5cfdc6a591345 16144 php5-mcrypt_5.4.45-0+deb7u7_amd64.deb 9786bf00e634ef7b9e315f72a757b1955dd011e1 80852 php5-mysql_5.4.45-0+deb7u7_amd64.deb a99cdb6df1d218350c972b47d31d362a653289ce 164588 php5-mysqlnd_5.4.45-0+deb7u7_amd64.deb a1a6e800f918a4c3ef49e31f4b5e82697690e6bd 36880 php5-odbc_5.4.45-0+deb7u7_amd64.deb 19ed7a6f30c232f6d7771a8fb4bdc4f6b1fa3f06 64328 php5-pgsql_5.4.45-0+deb7u7_amd64.deb 00541500b636a05d710a2da220a594ac0efbcc0e 8908 php5-pspell_5.4.45-0+deb7u7_amd64.deb 929ede4abbd07f9a80c0ad4fdcfe02d4c8380fd1 5202 php5-recode_5.4.45-0+deb7u7_amd64.deb ec4e124b714b6460a955129e7847a83de614b27e 21962 php5-snmp_5.4.45-0+deb7u7_amd64.deb afea32ad9c625d49f894383ab5f76cecd17e6bcb 30804 php5-sqlite_5.4.45-0+deb7u7_amd64.deb 4368119f0bdd2905dcc6fa6b480d810004332f08 28944 php5-sybase_5.4.45-0+deb7u7_amd64.deb 2c8598c609b3b63a57966b703f3860bcd8b81ea6 19652 php5-tidy_5.4.45-0+deb7u7_amd64.deb d14b1ec0cd19d8c417142af6f3e21e238efcf473 36484 php5-xmlrpc_5.4.45-0+deb7u7_amd64.deb 8927f22bc93f09a766d2e2901d66eb855700e5e3 15488 php5-xsl_5.4.45-0+deb7u7_amd64.deb ecdfd3fc4a465c3e25ebef057091d43755a7e270 1024 php5_5.4.45-0+deb7u7_all.deb c5a53d60d955a1de3fd68086283256134b99c86e 373440 php-pear_5.4.45-0+deb7u7_all.deb Checksums-Sha256: 94a9ea18f2c5c765ed6af069e05ebd562ce7ca040d5860ac7d11c2f76b369260 4426 php5_5.4.45-0+deb7u7.dsc 891ce381c1513a4079e55f5cb01606ee350f8c7fd6392f0fa311dd0abe1a58ad 241641 php5_5.4.45-0+deb7u7.debian.tar.gz dc455ce59bb88ef183b9ddcf0ef647ee7384c5703096dfd59c4e2746631d1e1e 635938 php5-common_5.4.45-0+deb7u7_amd64.deb b604a6404ea18f870320b6aebbd631e297f6b71189f5422ba091d5d4e143cf7b 2710756 libapache2-mod-php5_5.4.45-0+deb7u7_amd64.deb 2bb7746f8861c53cabd4eec09b888d05aa82bccbdce7d4a0e2567c09c3bd6779 2709772 libapache2-mod-php5filter_5.4.45-0+deb7u7_amd64.deb 1981b3363326c6b6e2873594512d694c81b7eeb7338117985f8214c431c4aa4b 5184728 php5-cgi_5.4.45-0+deb7u7_amd64.deb 1dd0cf2b4b1a22608e5ea16fbaf4b9e65f085c4a9bb997c9157c6002ea909140 2601012 php5-cli_5.4.45-0+deb7u7_amd64.deb 13df5159dcf9fe707aa15a54f8f954e732412e1809be9b953a74792d3e04a201 2634392 php5-fpm_5.4.45-0+deb7u7_amd64.deb 88d92b38621dd31edfa04211a8c2cbbb89ec417d765b537bc96db3cdf3131b02 2708460 libphp5-embed_5.4.45-0+deb7u7_amd64.deb 0ee84bf5d9a5b80ca34f461573f21be7742075695f19a0d1aa9b84da2c5cd554 500272 php5-dev_5.4.45-0+deb7u7_amd64.deb eb532a0c70e7bd21fce50c976ef1b61e2e43eb135ca9573ab95fefa018e3eabc 16132152 php5-dbg_5.4.45-0+deb7u7_amd64.deb eb27af38b5bc6c4c8457b06cb0f26b9ef5b062b5aef325121181c86688cdea7a 29490 php5-curl_5.4.45-0+deb7u7_amd64.deb c23f328d169611c1a3126c8ae957a6ca610988630e626937f844a280646dda13 9898 php5-enchant_5.4.45-0+deb7u7_amd64.deb 63ffdf90ada207ad875dc5c369f7cc3af687d6a45a871ed7bf7fd7f2cf2fe818 35700 php5-gd_5.4.45-0+deb7u7_amd64.deb 3801bfd1f1a880159115fa557c88dc341778325f5b9e2dd13b3163de1dcc25b4 17014 php5-gmp_5.4.45-0+deb7u7_amd64.deb 581fe80528bbe8ea2bd5fcaa2f6811122d8badb0882556768e670c0013536198 35592 php5-imap_5.4.45-0+deb7u7_amd64.deb 8ac53dce88d4b7ef21a991ce39907943ea4ba6c53ab0e0bcf128dc2cf0c0301f 49582 php5-interbase_5.4.45-0+deb7u7_amd64.deb e5143cfa7c77ee0d1d1267bf079ce4ea2e3efd60a5e1b0d8de34ef0ba60718d3 72354 php5-intl_5.4.45-0+deb7u7_amd64.deb 7403f4c9af7f0cc343ca1a9d04ed9cf1c42576f1d686cf257e375b88549ee255 23882 php5-ldap_5.4.45-0+deb7u7_amd64.deb 85bd6121e97144fb94f60709b45c04e2fae75fdfdcc805b109cfdbd2e917b4e1 16144 php5-mcrypt_5.4.45-0+deb7u7_amd64.deb b8a0a77536449eb3bac1df1209d0d3ef6d1ea7f47a288b6d4fee1c50c39ea508 80852 php5-mysql_5.4.45-0+deb7u7_amd64.deb a9b117df5678819cbc85812beca0f3b4c07aac10d3822d3cfe131d0bbc005d6a 164588 php5-mysqlnd_5.4.45-0+deb7u7_amd64.deb 5c4c9e863f69718777577d9aca124438b8b81997c8acc12ce7c0afb0ea233630 36880 php5-odbc_5.4.45-0+deb7u7_amd64.deb 797c4c9bf6a8c0c574de9f552f9a5b9bb1b886efc1a6e7b7d54e3c8456db508c 64328 php5-pgsql_5.4.45-0+deb7u7_amd64.deb 4e32df56238201d4ee1bccbaa987bef8f5790bcc0b44f0151bf5d18a5c85e087 8908 php5-pspell_5.4.45-0+deb7u7_amd64.deb 8b4b95c176402de5f7d5737fe3752f48bb9baf12896f186cdc6b196e12db8653 5202 php5-recode_5.4.45-0+deb7u7_amd64.deb f786f4f5dbc8ef156cddd85518cc3c71e5a9650505f53d897af5e1f76fe1358b 21962 php5-snmp_5.4.45-0+deb7u7_amd64.deb 2f3a9b93470470d94ed420548dac613cbb70ee63728fec2eabb81ebb2f1649f6 30804 php5-sqlite_5.4.45-0+deb7u7_amd64.deb 12487b8e4357a0c86b08b23ac4a2ad5b403fa5bc38a72fc460c10bd13739a2a0 28944 php5-sybase_5.4.45-0+deb7u7_amd64.deb 6246ec63325428b6ee76ded7e94f8e38392718002908f63f2c21817762a30efa 19652 php5-tidy_5.4.45-0+deb7u7_amd64.deb f4f24fe4897228c971c7d643ac74e1eeaeade78db7307327d87a0a680f4d514c 36484 php5-xmlrpc_5.4.45-0+deb7u7_amd64.deb e3dfa9a45812f47cc7c2ee0197d1668ecb33ca3733e71be38d9f3b3ea64003e7 15488 php5-xsl_5.4.45-0+deb7u7_amd64.deb 7c80aaf6d7f8e7a3ac815d5378461f869f6285d2527ce39cab0de401159643ba 1024 php5_5.4.45-0+deb7u7_all.deb 0bd22b0f2060b0d0d5eb002dc2267d744d65a6cdd3205be6995f85e778e3b0f9 373440 php-pear_5.4.45-0+deb7u7_all.deb Files: 4198e65d04344282aaac7446d634166e 4426 php optional php5_5.4.45-0+deb7u7.dsc 8eaaed01632bf89a1b9ef99c4c9993ac 241641 php optional php5_5.4.45-0+deb7u7.debian.tar.gz f0082432f27a6a7f13cf4722292fcdf7 635938 php optional php5-common_5.4.45-0+deb7u7_amd64.deb 5e7fb3b2c076507a0d87e464236a2916 2710756 httpd optional libapache2-mod-php5_5.4.45-0+deb7u7_amd64.deb c7c586ce75acab7cbc5bbb0b591e52f8 2709772 httpd extra libapache2-mod-php5filter_5.4.45-0+deb7u7_amd64.deb bc2b34edc5914cc2f960fdd262e70eef 5184728 php optional php5-cgi_5.4.45-0+deb7u7_amd64.deb f6e1a8d5f5200385ac4990cd3ce6dab9 2601012 php optional php5-cli_5.4.45-0+deb7u7_amd64.deb 8d156328e6a6b5443d15f56a1fa128a3 2634392 php optional php5-fpm_5.4.45-0+deb7u7_amd64.deb 31e9d8d54b39b7d0cf36c6df9dc95cac 2708460 php optional libphp5-embed_5.4.45-0+deb7u7_amd64.deb 9cf4131228ac462abbd6f57060256dbc 500272 php optional php5-dev_5.4.45-0+deb7u7_amd64.deb 0e1258405f2bfe026c47604ad41e363a 16132152 debug extra php5-dbg_5.4.45-0+deb7u7_amd64.deb 829e3189d62d9679f337f81cfdafffed 29490 php optional php5-curl_5.4.45-0+deb7u7_amd64.deb 8ff8c9ffdf4edff9535bc9c647e870ef 9898 php optional php5-enchant_5.4.45-0+deb7u7_amd64.deb d0d156fecd9afcdc7dd9246a0a35590c 35700 php optional php5-gd_5.4.45-0+deb7u7_amd64.deb 3cc1b9250a0161415c65c770792801df 17014 php optional php5-gmp_5.4.45-0+deb7u7_amd64.deb 0213070fb302823705586687368b5716 35592 php optional php5-imap_5.4.45-0+deb7u7_amd64.deb 13b59596d1ee391331932d3f7b2fd792 49582 php optional php5-interbase_5.4.45-0+deb7u7_amd64.deb bbfb5c632586cf044505eb08a1234906 72354 php optional php5-intl_5.4.45-0+deb7u7_amd64.deb e27ac5f12f859bbb67d3c196222476bf 23882 php optional php5-ldap_5.4.45-0+deb7u7_amd64.deb 6991c94ba97cb1f4606e867d6661bcfc 16144 php optional php5-mcrypt_5.4.45-0+deb7u7_amd64.deb a73e4041f7e9c2241a464cd8dd2b4c99 80852 php optional php5-mysql_5.4.45-0+deb7u7_amd64.deb 252cb005a2515b01d91354437963acfb 164588 php extra php5-mysqlnd_5.4.45-0+deb7u7_amd64.deb 1d1c29d321e809a86b76b836c23ec747 36880 php optional php5-odbc_5.4.45-0+deb7u7_amd64.deb 1c6977477508c868d8ba182c99ecc411 64328 php optional php5-pgsql_5.4.45-0+deb7u7_amd64.deb d322f29e088cacd9885fa4ef21ea24a3 8908 php optional php5-pspell_5.4.45-0+deb7u7_amd64.deb eacb058c2891ad266aa9f9799a49f90f 5202 php optional php5-recode_5.4.45-0+deb7u7_amd64.deb 5fdb98ab165cb7f1e718fee1913dc618 21962 php optional php5-snmp_5.4.45-0+deb7u7_amd64.deb beaf442315f06253343ac060ccbec4b9 30804 php optional php5-sqlite_5.4.45-0+deb7u7_amd64.deb 9d9ad2058e71a2529e4b5dc8af3ea9ea 28944 php optional php5-sybase_5.4.45-0+deb7u7_amd64.deb 360e76854b699db0dfb1de06f3a50c81 19652 php optional php5-tidy_5.4.45-0+deb7u7_amd64.deb 6f2f0f2305d2686e7c4cf9acc251d136 36484 php optional php5-xmlrpc_5.4.45-0+deb7u7_amd64.deb bc135e3c552dff88a89f1f40097e181b 15488 php optional php5-xsl_5.4.45-0+deb7u7_amd64.deb 46bf61824770fa09535fc4e8c1cdec67 1024 php optional php5_5.4.45-0+deb7u7_all.deb 4bb7bac1159248a5a33f37e8032f02bb 373440 php optional php-pear_5.4.45-0+deb7u7_all.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJYmeimAAoJECzXeF7dp7IPajgP/0bHt44lBD/5XhsjcGVm7r4Z tmN5O8SoOomrUTlWdU1VmjGZHB+4EcE0TJCxXOHblURsdZpALsxpA6SReFzbWTwp 2K1ogYvm5iWFuBKbwSnQNMKu6G633U684Fv704OjT5MSM4vpL/nXjJ6JAaRtSoh8 IQLln+OQMkh14cpn8Mx54Lu0UUr+0X00b/57Q0tr21ZhPivqJfaKqgq5sFxYDJEN kP3RppUBFLKVYmxephrlp1URMB8r9/QFm0v51hVGX0QXk9mJX8eNWlAy1LEV2I0J Q8C3MED/Rlu0HQW58gxLHDAq588xCQqX4+BocXDymMmkQjJkzbzbfrdYkNy7UP+A o9ysF4PhKtpPR9SI4hmNcL9VIL6ynlbPvyeUPBDUuE0yIRv+yMFl1F6aEDUr17pk Cm3QP9ZLlwDjWbGU+KGw0S0mgNF6RBONUiOIsACWcQhCTVb8X/0BV29PmIWnPCFt NHy/MfCOriResii6ysPlzek9xTxIDRpsOfyysxw/y2WDxVZITjEnczcZ7y0KEOXL PMcSNjmNL/CTv3zGa3CEFr4Dyg/4kTjC6b/8v8ZZjsO7GMQn6Gc8sYADe4mArG+2 x34fo0nfrVG2Vie/GmvpUN2bnttu0SPq1UrYMZ7M50b2KumLgde/HwI/1grQ4Bjq DzBpcedgzJNEtG7+1O1L =FjR/ -----END PGP SIGNATURE-----