All Ubuntu package versions


AllUtopicTrustySaucyPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "php5-cgi"

Name: php5-cgi

Description:

server-side, HTML-embedded scripting language (CGI binary)
This package provides the /usr/lib/cgi-bin/php5 CGI interpreter built
for use in Apache 2 with mod_actions, or any other CGI httpd that
supports a similar mechanism. Note that MOST Apache users probably
want the libapache2-mod-php5 package.
The following extensions are built in: bcmath bz2 calendar Core ctype date
dba dom ereg exif fileinfo filter ftp gettext hash iconv json libxml
mbstring mhash openssl pcre Phar posix Reflection session shmop SimpleXML
soap sockets SPL standard sysvmsg sysvsem sysvshm tokenizer wddx xml
xmlreader xmlwriter zip zlib.

PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
from C, Java and Perl with a couple of unique PHP-specific features thrown
in. The goal of the language is to allow web developers to write dynamically
generated pages quickly. This version of PHP5 was built with the Suhosin patch.

Latest version: 5.3.2-1ubuntu4.27
Release: lucid (10.04)
Level: security
Repository: main
Head package: php5
Homepage: http://www.php.net/

Links

Save this URL for the latest version of "php5-cgi": http://www.ubuntuupdates.org/php5-cgi

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "php5-cgi"

32-bit deb package 64-bit deb package APT INSTALL

Other versions of "php5-cgi" in Lucid

RepositoryAreaVersion
base main 5.3.2-1ubuntu4
updates main 5.3.2-1ubuntu4.27
PPA: nathan-renniewaldock ppa 5.4.26-1~ppa1~lucid

Change Log

Version: 5.3.2-1ubuntu4.22 2013-12-12 17:06:50 UTC

  php5 (5.3.2-1ubuntu4.22) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    malicious certificate
    - debian/patches/CVE-2013-6420.patch: properly validate timestr in
      ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*.
    - CVE-2013-6420
  * SECURITY UPDATE: denial of service via crafted interval specification
    - debian/patches/CVE-2013-6712.patch: check error_count in
      ext/date/lib/parse_iso_intervals.*.
    - CVE-2013-6712
 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2013 19:23:24 -0500

Source diff to previous version
CVE-2013-6420 php: memory corruption in openssl_x509_parse()
CVE-2013-6712 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...

Version: 5.3.2-1ubuntu4.21 2013-09-05 19:08:31 UTC

  php5 (5.3.2-1ubuntu4.21) lucid-security; urgency=low

  * SECURITY UPDATE: SSL cert validation spoofing via NULL character in
    subjectAltName.
    - debian/patches/CVE-2013-4248.patch: validate subjectAltName in
      ext/openssl/openssl.c, added test to ext/openssl/tests/cve2013_4073*.
    - CVE-2013-4248
 -- Marc Deslauriers <email address hidden> Wed, 04 Sep 2013 12:56:49 -0400

Source diff to previous version
CVE-2013-4248 The openssl_x509_parse function in openssl.c in the OpenSSL module in ...

Version: 5.3.2-1ubuntu4.20 2013-07-16 13:07:21 UTC

  php5 (5.3.2-1ubuntu4.20) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via xml
    parser heap overflow
    - debian/patches/CVE-2013-4113.patch: check against XML_MAXLEVEL in
      ext/xml/xml.c, add test to ext/xml/tests/bug65236.phpt.
    - CVE-2013-4113
  * SECURITY UPDATE: denial of service via overflow in SdnToJewish
    - debian/patches/CVE-2013-4635.patch: check value in
      ext/calendar/jewish.c, add test to
      ext/calendar/tests/jdtojewish64.phpt.
    - CVE-2013-4635
 -- Marc Deslauriers <email address hidden> Mon, 15 Jul 2013 09:50:48 -0400

Source diff to previous version
CVE-2013-4113 ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...
CVE-2013-4635 Integer overflow in the SdnToJewish function in jewish.c in the ...

Version: 5.3.2-1ubuntu4.19 2013-03-13 19:07:09 UTC

  php5 (5.3.2-1ubuntu4.19) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary file disclosure via XML External Entity
    - debian/patches/CVE-2013-1643.patch: disable the entity loader in
      ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
    - CVE-2013-1643
 -- Marc Deslauriers <email address hidden> Mon, 11 Mar 2013 07:49:54 -0400

Source diff to previous version
CVE-2013-1643 The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML e

Version: 5.3.2-1ubuntu4.18 2012-09-17 13:07:02 UTC

  php5 (5.3.2-1ubuntu4.18) lucid-security; urgency=low

  * SECURITY UPDATE: HTTP response-splitting issue with %0D sequences
    - debian/patches/CVE-2011-1398.patch: properly handle %0D and NUL in
      main/SAPI.c, added tests to ext/standard/tests/*, fix test suite
      failures in ext/phar/phar_object.c.
    - CVE-2011-1398
    - CVE-2012-4388
  * SECURITY UPDATE: denial of service and possible code execution via
    _php_stream_scandir function (LP: #1028064)
    - debian/patches/CVE-2012-2688.patch: prevent overflow in
      main/streams/streams.c.
    - CVE-2012-2688
  * SECURITY UPDATE: denial of service via PDO extension crafted parameter
    - debian/patches/CVE-2012-3450.patch: improve logic in
      ext/pdo/pdo_sql_parser.re, regenerate ext/pdo/pdo_sql_parser.c, add
      test to ext/pdo_mysql/tests/bug_61755.phpt.
    - CVE-2012-3450
 -- Marc Deslauriers <email address hidden> Wed, 12 Sep 2012 11:33:30 -0400

1028064 potential overflow in _php_stream_scandir
CVE-2011-1398 The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return charac
CVE-2012-4388 The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka ca
CVE-2012-2688 Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown imp
CVE-2012-3450 pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during pars



About   -   Changelog   -   Send Feedback