php5 (5.5.9+dfsg-1ubuntu4.25) trusty-security; urgency=medium
* SECURITY UPDATE: opcache access controls bypass
- debian/patches/CVE-2018-10545.patch: do not set PR_SET_DUMPABLE by
default in sapi/fpm/fpm/fpm_conf.c, sapi/fpm/fpm/fpm_conf.h,
sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in.
- CVE-2018-10545
* SECURITY UPDATE: infinite loop in iconv stream filter
- debian/patches/CVE-2018-10546-1.patch: fail on invalid sequences in
ext/iconv/iconv.c, ext/iconv/tests/bug76249.phpt.
- debian/patches/CVE-2018-10546-2.patch: fix tsrm_ls in
ext/iconv/iconv.c.
- CVE-2018-10546
* SECURITY UPDATE: XSS on PHAR error pages
- debian/patches/CVE-2018-10547.patch: remove potential unfiltered
outputs in ext/phar/phar_object.c, fix tests in ext/phar/tests/*.
- CVE-2018-10547
* SECURITY UPDATE: DoS via ldap_get_dn return value mishandling
- debian/patches/CVE-2018-10548.patch: check dn in ext/ldap/ldap.c,
add test to ext/ldap/tests/bug76248.phpt.
- CVE-2018-10548
Date: 2018-05-10 14:29:52.763146+00:00
Changed-By: Marc Deslauriers <marc.deslauri...@canonical.com>
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.25
Sorry, changesfile not available.
--
Trusty-changes mailing list
Trusty-changes@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/trusty-changes
