All Ubuntu package versions


AllRaringQuantalPreciseOneiricNattyLucidHardyAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
Comments

Package "php5"

Name: php5

Description:

server-side, HTML-embedded scripting language (metapackage)
This package is a metapackage that, when installed, guarantees that you
have at least one of the three server-side versions of the PHP5 interpreter
installed. Removing this package won't remove PHP5 from your system, however
it may remove other packages that depend on this one.

PHP5 is an HTML-embedded scripting language. Much of its syntax is borrowed
from C, Java and Perl with a couple of unique PHP-specific features thrown
in. The goal of the language is to allow web developers to write dynamically
generated pages quickly. This version of PHP5 was built with the Suhosin patch.
Latest version: 5.3.2-1ubuntu4.19
Release: lucid (10.04)
Level: updates
Repository: main
Homepage: http://www.php.net/

Links

Save this URL for the latest version of "php5": http://www.ubuntuupdates.org/php5

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "php5"

All arch deb package APT INSTALL

Other versions of "php5" in Lucid

RepositoryAreaVersion
base main 5.3.2-1ubuntu4
base universe 5.3.2-1ubuntu4
security universe 5.3.2-1ubuntu4.19
security main 5.3.2-1ubuntu4.19
updates universe 5.3.2-1ubuntu4.19
PPA: nathan-renniewaldock ppa 5.4.12-1~ppa1~lucid

Packages in group

Deleted packages are displayed in grey.

libapache2-mod-php5 php-pear php5-cgi php5-cli php5-common
php5-curl php5-dbg php5-dev php5-gd php5-gmp
php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell
php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy
php5-xmlrpc php5-xsl

Change Log

Version: 5.3.2-1ubuntu4.19 2013-03-13 21:06:40 UTC

  php5 (5.3.2-1ubuntu4.19) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary file disclosure via XML External Entity
    - debian/patches/CVE-2013-1643.patch: disable the entity loader in
      ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
    - CVE-2013-1643
 -- Marc Deslauriers <email address hidden> Mon, 11 Mar 2013 07:49:54 -0400
Source diff to previous version
CVE-2013-1643 The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML e

Version: 5.3.2-1ubuntu4.18 2012-09-17 15:07:14 UTC

  php5 (5.3.2-1ubuntu4.18) lucid-security; urgency=low

  * SECURITY UPDATE: HTTP response-splitting issue with %0D sequences
    - debian/patches/CVE-2011-1398.patch: properly handle %0D and NUL in
      main/SAPI.c, added tests to ext/standard/tests/*, fix test suite
      failures in ext/phar/phar_object.c.
    - CVE-2011-1398
    - CVE-2012-4388
  * SECURITY UPDATE: denial of service and possible code execution via
    _php_stream_scandir function (LP: #1028064)
    - debian/patches/CVE-2012-2688.patch: prevent overflow in
      main/streams/streams.c.
    - CVE-2012-2688
  * SECURITY UPDATE: denial of service via PDO extension crafted parameter
    - debian/patches/CVE-2012-3450.patch: improve logic in
      ext/pdo/pdo_sql_parser.re, regenerate ext/pdo/pdo_sql_parser.c, add
      test to ext/pdo_mysql/tests/bug_61755.phpt.
    - CVE-2012-3450
 -- Marc Deslauriers <email address hidden> Wed, 12 Sep 2012 11:33:30 -0400
Source diff to previous version
1028064 potential overflow in _php_stream_scandir
CVE-2011-1398 The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return charac
CVE-2012-4388 The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka ca
CVE-2012-2688 Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown imp
CVE-2012-3450 pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during pars

Version: 5.3.2-1ubuntu4.17 2012-06-19 17:06:51 UTC

  php5 (5.3.2-1ubuntu4.17) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via invalid tidy objects
    - debian/patches/CVE-2012-0781.patch: track initialization in
      ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt,
      ext/tidy/tests/bug54682.phpt.
    - CVE-2012-0781
  * SECURITY UPDATE: denial of service or possible directory traversal via
    invalid filename.
    - debian/patches/CVE-2012-1172.patch: ensure brackets get closed in
      main/rfc1867.c, add test to tests/basic/bug55500.phpt.
    - CVE-2012-1172
  * SECURITY UPDATE: password truncation via invalid byte
    - debian/patches/CVE-2012-2143.patch: improve logic in
      ext/standard/crypt_freesec.c, add test to
      ext/standard/tests/strings/crypt_chars.phpt.
    - CVE-2012-2143
  * SECURITY UPDATE: crypto() empty salt string issue
    - debian/patches/php_crypt_revamped.patch: Return fail string on
      invalid Blowfish salt rounds, fix regression when the salt is empty.
    - CVE-2012-2317
  * SECURITY UPDATE: improve php5-cgi query string parameter parsing
    - debian/patches/CVE-2012-233x.patch: improve parsing in
      sapi/cgi/cgi_main.c.
    - CVE-2012-2335
    - CVE-2012-2336
  * SECURITY UPDATE: phar extension heap overflow
    - debian/patches/CVE-2012-2386.patch: check for overflow in
      ext/phar/tar.c.
    - CVE-2012-2386
 -- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 15:51:23 -0400
Source diff to previous version
CVE-2012-0781 The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via
CVE-2012-1172 The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, wh
CVE-2012-2317 php5 crypt() empty salt issue
CVE-2012-2335 php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4
CVE-2012-2336 sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings
CVE-2012-2386 phar integer overfow

Version: 5.3.2-1ubuntu4.15 2012-05-04 16:08:29 UTC

  php5 (5.3.2-1ubuntu4.15) lucid-security; urgency=low

  * SECURITY UPDATE: php5-cgi query string parameters parsing
    vulnerability
    - debian/patches/php5-CVE-2012-1823.patch: filter query strings that
      are prefixed with '-'
    - CVE-2012-1823
    - CVE-2012-2311
 -- Steve Beattie <email address hidden> Thu, 03 May 2012 15:13:14 -0700
Source diff to previous version
CVE-2012-1823 sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings
CVE-2012-2311 sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings

Version: 5.3.2-1ubuntu4.14 2012-02-13 19:04:05 UTC

php5 (5.3.2-1ubuntu4.14) lucid-security; urgency=low

  * debian/patches/php5-CVE-2012-0831-regression.patch: fix
    magic_quotes_gpc ini setting regression introduced by patch for
    CVE-2012-0831. Thanks to Ondřej Surý for the patch. (LP: #930115)

 -- Steve Beattie Fri, 10 Feb 2012 15:07:08 -0800
930115 php5 5.3.2-1ubuntu4.13 introduced regression in magic_quotes_gpc
CVE-2012-0831 RESERVED


About   -   Changelog   -   Send Feedback
Site Meter