This bug was fixed in the package php5 - 5.2.4-2ubuntu5.3 --------------- php5 (5.2.4-2ubuntu5.3) hardy-security; urgency=low
[ Tormod Volden ] * Backport security fixes from 5.2.6: (LP: #227464) - debian/patches/SECURITY_CVE-2008-2050.patch + Fixed possible stack buffer overflow in FastCGI SAPI + Fixed sending of uninitialized paddings which may contain some information - debian/patches/SECURITY_CVE-2008-0599.patch + Fixed security issue detailed in CVE-2008-0599 - debian/patches/SECURITY_CVE-2007-4850.patch + Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz - debian/patches/security526-pcre_compile.patch: + avoid stack overflow (fix from pcre 7.6) [ Jamie Strandboge ] * debian/patches/SECURITY_CVE-2008-2051.patch: properly address incomplete multibyte chars inside escapeshellcmd() (thanks Tormod Volden) * Add debian/patches/SECURITY_CVE-2007-5898.patch: don't accept partial utf8 sequences. Backported upstream fixes. * Add debian/patches/SECURITY_CVE-2007-5899.patch: don't send session id to remote forms. Backported upstream fixes. * Add debian/patches/SECURITY_CVE-2008-2829.patch: unsafe usage of deprecated imap functions (patch from Debian) * Add debian/patches/SECURITY_CVE-2008-1384.patch: integer overflow in printf() (patch from Debian) * Add debian/patches/SECURITY_CVE-2008-2107+2108.patch: weak random number seed. Backported upstream patches. * Add debian/patches/SECURITY_CVE-2007-4782.patch: DoS via long string in the fnmatch functions * Add debian/patches/SECURITY_CVE-2008-2371.patch: buffer overflow. Backported upstream patches. * References CVE-2008-2050 CVE-2008-2051 CVE-2008-0599 CVE-2007-4850 CVE-2007-5898 CVE-2007-5899 CVE-2008-2829 CVE-2008-1384 CVE-2008-2107 CVE-2008-2108 CVE-2007-4782 CVE-2008-2371 -- Jamie Strandboge <[EMAIL PROTECTED]> Fri, 18 Jul 2008 11:50:38 -0400 ** Changed in: php5 (Ubuntu Hardy) Status: Fix Committed => Fix Released ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-4782 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-4850 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5898 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2007-5899 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1384 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2050 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2051 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2107 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2108 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2371 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-2829 ** Changed in: php5 (Ubuntu Gutsy) Status: Fix Committed => Fix Released -- Please roll out security fixes from PHP 5.2.6 https://bugs.launchpad.net/bugs/227464 You received this bug notification because you are a member of Ubuntu Backports Testing Team, which is subscribed to Hardy Backports. -- ubuntu-backports mailing list ubuntu-backports@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-backports