All Ubuntu package versions


AllVividUtopicTrustySaucyPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "php-pear"

Name: php-pear

Description:

PEAR - PHP Extension and Application Repository
This package contains the base PEAR classes for PHP, as well as the PEAR
installer. Many PEAR classes are already packaged for Debian, and can be
easily identified by names beginning with "php-", such as php-db and
php-auth. Note: to build and install precompiled PECL extensions, you
will need one of the php development packages installed.

PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
from C, Java and Perl with a couple of unique PHP-specific features thrown
in. The goal of the language is to allow web developers to write dynamically
generated pages quickly. This version of PHP5 was built with the Suhosin patch.

Latest version: 5.3.2-1ubuntu4.30
Release: lucid (10.04)
Level: updates
Repository: main
Head package: php5
Homepage: http://www.php.net/

Links

Save this URL for the latest version of "php-pear": http://www.ubuntuupdates.org/php-pear

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "php-pear"

All arch deb package APT INSTALL

Other versions of "php-pear" in Lucid

RepositoryAreaVersion
base main 5.3.2-1ubuntu4
security main 5.3.2-1ubuntu4.30
PPA: nathan-renniewaldock ppa 5.4.26-1~ppa1~lucid

Change Log

Version: 5.3.2-1ubuntu4.25 2014-06-23 14:06:36 UTC

  php5 (5.3.2-1ubuntu4.25) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service in FileInfo cdf_unpack_summary_info
    - debian/patches/CVE-2014-0237.patch: remove file_printf calls in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0237
  * SECURITY UPDATE: denial of service in FileInfo cdf_read_property_info
    - debian/patches/CVE-2014-0238.patch: fix infinite loop in
      ext/fileinfo/libmagic/cdf.c.
    - CVE-2014-0238
  * SECURITY UPDATE: code execution via buffer overflow in DNS TXT record
    parsing
    - debian/patches/CVE-2014-4049.patch: check length in
      ext/standard/dns.c.
    - CVE-2014-4049
 -- Marc Deslauriers <email address hidden> Thu, 19 Jun 2014 13:48:46 -0400

Source diff to previous version
CVE-2014-0237 The cdf_unpack_summary_info function in cdf.c in the Fileinfo ...
CVE-2014-0238 The cdf_read_property_info function in cdf.c in the Fileinfo component ...
CVE-2014-4049 Heap-based buffer overflow in the php_parserr function in ...

Version: 5.3.2-1ubuntu4.24 2014-04-07 14:07:07 UTC

  php5 (5.3.2-1ubuntu4.24) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service in fileinfo via crafted offset in
    PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-2270
 -- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 15:23:04 -0400

Source diff to previous version
CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context-dependent ...

Version: 5.3.2-1ubuntu4.23 2014-03-03 19:07:01 UTC

  php5 (5.3.2-1ubuntu4.23) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted indirect offset value
    in fileinfo
    - debian/patches/CVE-2013-1943.patch: properly handle recursion in
      ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added
      test to ext/fileinfo/tests/cve-2014-1943.phpt.
    - CVE-2013-1943
 -- Marc Deslauriers <email address hidden> Fri, 28 Feb 2014 17:40:15 -0500

Source diff to previous version
CVE-2013-1943 The KVM subsystem in the Linux kernel before 3.0 does not check ...

Version: 5.3.2-1ubuntu4.22 2013-12-12 18:06:57 UTC

  php5 (5.3.2-1ubuntu4.22) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    malicious certificate
    - debian/patches/CVE-2013-6420.patch: properly validate timestr in
      ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*.
    - CVE-2013-6420
  * SECURITY UPDATE: denial of service via crafted interval specification
    - debian/patches/CVE-2013-6712.patch: check error_count in
      ext/date/lib/parse_iso_intervals.*.
    - CVE-2013-6712
 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2013 19:23:24 -0500

Source diff to previous version
CVE-2013-6420 php: memory corruption in openssl_x509_parse()
CVE-2013-6712 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...

Version: 5.3.2-1ubuntu4.21 2013-09-05 20:08:06 UTC

  php5 (5.3.2-1ubuntu4.21) lucid-security; urgency=low

  * SECURITY UPDATE: SSL cert validation spoofing via NULL character in
    subjectAltName.
    - debian/patches/CVE-2013-4248.patch: validate subjectAltName in
      ext/openssl/openssl.c, added test to ext/openssl/tests/cve2013_4073*.
    - CVE-2013-4248
 -- Marc Deslauriers <email address hidden> Wed, 04 Sep 2013 12:56:49 -0400

CVE-2013-4248 The openssl_x509_parse function in openssl.c in the OpenSSL module in ...



About   -   Changelog   -   Send Feedback