This bug was fixed in the package php5 - 5.3.10-1ubuntu3.24 --------------- php5 (5.3.10-1ubuntu3.24) precise-security; urgency=medium
* SECURITY UPDATE: segfault in SplMinHeap::compare - debian/patches/CVE-2015-4116.patch: properly handle count in ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt. - CVE-2015-4116 * SECURITY UPDATE: denial of service via recursive method calls - debian/patches/CVE-2015-8873.patch: add limit to Zend/zend_exceptions.c, add tests to ext/standard/tests/serialize/bug69152.phpt, ext/standard/tests/serialize/bug69793.phpt, sapi/cli/tests/005.phpt. - CVE-2015-8873 * SECURITY UPDATE: denial of service or code execution via crafted serialized data - debian/patches/CVE-2015-8876.patch: fix logic in Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt. - CVE-2015-8876 * SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041) - debian/patches/CVE-2015-8935.patch: update header handling to RFC 7230 in main/SAPI.c, added tests to ext/standard/tests/general_functions/bug60227_*.phpt. - CVE-2015-8935 * SECURITY UPDATE: get_icu_value_internal out-of-bounds read - debian/patches/CVE-2016-5093.patch: add enough space in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72241.phpt. - CVE-2016-5093 * SECURITY UPDATE: integer overflow in php_html_entities() - debian/patches/CVE-2016-5094.patch: don't create strings with lengths outside int range in ext/standard/html.c. - CVE-2016-5094 * SECURITY UPDATE: string overflows in string add operations - debian/patches/CVE-2016-5095.patch: check for size overflow in Zend/zend_operators.c. - CVE-2016-5095 * SECURITY UPDATE: int/size_t confusion in fread - debian/patches/CVE-2016-5096.patch: check string length in ext/standard/file.c, added test to ext/standard/tests/file/bug72114.phpt. - CVE-2016-5096 * SECURITY UPDATE: memory leak and buffer overflow in FPM - debian/patches/CVE-2016-5114.patch: check buffer length in sapi/fpm/fpm/fpm_log.c. - CVE-2016-5114 * SECURITY UPDATE: proxy request header vulnerability (httpoxy) - debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the local environment in ext/standard/basic_functions.c, main/SAPI.c, main/php_variables.c. - CVE-2016-5385 * SECURITY UPDATE: inadequate error handling in bzread() - debian/patches/CVE-2016-5399.patch: do not allow reading past error read in ext/bz2/bz2.c. - CVE-2016-5399 * SECURITY UPDATE: integer overflows in mcrypt - debian/patches/CVE-2016-5769.patch: check for overflow in ext/mcrypt/mcrypt.c. - CVE-2016-5769 * SECURITY UPDATE: double free corruption in wddx_deserialize - debian/patches/CVE-2016-5772.patch: prevent double-free in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt. - CVE-2016-5772 * SECURITY UPDATE: buffer overflow in php_url_parse_ex() - debian/patches/CVE-2016-6288.patch: handle length in ext/standard/url.c. - CVE-2016-6288 * SECURITY UPDATE: integer overflow in the virtual_file_ex function - debian/patches/CVE-2016-6289.patch: properly check path_length in Zend/zend_virtual_cwd.c. - CVE-2016-6289 * SECURITY UPDATE: use after free in unserialize() with unexpected session deserialization - debian/patches/CVE-2016-6290.patch: destroy var_hash properly in ext/session/session.c, added test to ext/session/tests/bug72562.phpt. - CVE-2016-6290 * SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE - debian/patches/CVE-2016-6291.patch: add more bounds checks to ext/exif/exif.c. - CVE-2016-6291 * SECURITY UPDATE: locale_accept_from_http out-of-bounds access - debian/patches/CVE-2016-6294.patch: check length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72533.phpt. - CVE-2016-6294 * SECURITY UPDATE: heap buffer overflow in simplestring_addn - debian/patches/CVE-2016-6296.patch: prevent overflows in ext/xmlrpc/libxmlrpc/simplestring.*. - CVE-2016-6296 * SECURITY UPDATE: integer overflow in php_stream_zip_opener - debian/patches/CVE-2016-6297.patch: use size_t in ext/zip/zip_stream.c. - CVE-2016-6297 * debian/patches/fix_exif_tests.patch: fix exif test results after security changes. -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Mon, 01 Aug 2016 13:27:52 -0400 ** Changed in: php5 (Ubuntu Precise) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-4116 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-8873 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2015-8876 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5093 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5094 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5095 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5096 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5114 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5385 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5399 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5769 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5772 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6288 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6289 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6290 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6291 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6294 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6296 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6297 ** Changed in: php5 (Ubuntu Trusty) Status: Confirmed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5768 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5771 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-5773 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6292 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2016-6295 -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1594041 Title: PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported Status in php: Unknown Status in php5 package in Ubuntu: Fix Released Status in php5 source package in Precise: Fix Released Status in php5 source package in Trusty: Fix Released Status in php5 source package in Wily: Fix Released Status in php5 source package in Xenial: Fix Released Status in php5 source package in Yakkety: Fix Released Bug description: The PHP Security Bug #68978 (https://bugs.php.net/bug.php?id=68978) has not been backported to Trusty. It has been included with PHP 5.5.22 in February 2015. The patch can be found at https://github.com/php/php- src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b and is trivial. We'd appreciate if this patch could be backported to Trusty to prevent PHP applications from being insecure against header injections in Internet Explorer. (as really no PHP application out there is really manually performing a check for this form, especially since the PHP documentation explicitly states that only one header can be sent) To manage notifications about this bug go to: https://bugs.launchpad.net/php/+bug/1594041/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : group.of.nepali.translators@lists.launchpad.net Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp