All Ubuntu package versions

AllTrustySaucyRaringPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs

Package "php5"

Name: php5


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • server-side, HTML-embedded scripting language (apache 2 filter module)
  • Enchant module for php5
  • internationalisation module for php5

Latest version: 5.3.2-1ubuntu4.26
Release: lucid (10.04)
Level: security
Repository: universe


Save this URL for the latest version of "php5":

All versions of this package Bug fixes
List of files in package Repository home page for package

Other versions of "php5" in Lucid

base universe 5.3.2-1ubuntu4
base main 5.3.2-1ubuntu4
security main 5.3.2-1ubuntu4.26
updates main 5.3.2-1ubuntu4.26
updates universe 5.3.2-1ubuntu4.26
PPA: nathan-renniewaldock ppa 5.4.26-1~ppa1~lucid

Packages in group

Deleted packages are displayed in grey.

libapache2-mod-php5filter php5-enchant php5-intl

Change Log

Version: 5.3.2-1ubuntu4.21 2013-09-05 19:08:27 UTC

  php5 (5.3.2-1ubuntu4.21) lucid-security; urgency=low

  * SECURITY UPDATE: SSL cert validation spoofing via NULL character in
    - debian/patches/CVE-2013-4248.patch: validate subjectAltName in
      ext/openssl/openssl.c, added test to ext/openssl/tests/cve2013_4073*.
    - CVE-2013-4248
 -- Marc Deslauriers <email address hidden> Wed, 04 Sep 2013 12:56:49 -0400

Source diff to previous version
CVE-2013-4248 The openssl_x509_parse function in openssl.c in the OpenSSL module in ...

Version: 5.3.2-1ubuntu4.20 2013-07-16 13:07:20 UTC

  php5 (5.3.2-1ubuntu4.20) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via xml
    parser heap overflow
    - debian/patches/CVE-2013-4113.patch: check against XML_MAXLEVEL in
      ext/xml/xml.c, add test to ext/xml/tests/bug65236.phpt.
    - CVE-2013-4113
  * SECURITY UPDATE: denial of service via overflow in SdnToJewish
    - debian/patches/CVE-2013-4635.patch: check value in
      ext/calendar/jewish.c, add test to
    - CVE-2013-4635
 -- Marc Deslauriers <email address hidden> Mon, 15 Jul 2013 09:50:48 -0400

Source diff to previous version
CVE-2013-4113 ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...
CVE-2013-4635 Integer overflow in the SdnToJewish function in jewish.c in the ...

Version: 5.3.2-1ubuntu4.19 2013-03-13 19:07:11 UTC

  php5 (5.3.2-1ubuntu4.19) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary file disclosure via XML External Entity
    - debian/patches/CVE-2013-1643.patch: disable the entity loader in
      ext/libxml/libxml.c, ext/libxml/php_libxml.h, ext/soap/php_xml.c.
    - CVE-2013-1643
 -- Marc Deslauriers <email address hidden> Mon, 11 Mar 2013 07:49:54 -0400

Source diff to previous version
CVE-2013-1643 The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML e

Version: 5.3.2-1ubuntu4.18 2012-09-17 13:07:03 UTC

  php5 (5.3.2-1ubuntu4.18) lucid-security; urgency=low

  * SECURITY UPDATE: HTTP response-splitting issue with %0D sequences
    - debian/patches/CVE-2011-1398.patch: properly handle %0D and NUL in
      main/SAPI.c, added tests to ext/standard/tests/*, fix test suite
      failures in ext/phar/phar_object.c.
    - CVE-2011-1398
    - CVE-2012-4388
  * SECURITY UPDATE: denial of service and possible code execution via
    _php_stream_scandir function (LP: #1028064)
    - debian/patches/CVE-2012-2688.patch: prevent overflow in
    - CVE-2012-2688
  * SECURITY UPDATE: denial of service via PDO extension crafted parameter
    - debian/patches/CVE-2012-3450.patch: improve logic in
      ext/pdo/, regenerate ext/pdo/pdo_sql_parser.c, add
      test to ext/pdo_mysql/tests/bug_61755.phpt.
    - CVE-2012-3450
 -- Marc Deslauriers <email address hidden> Wed, 12 Sep 2012 11:33:30 -0400

Source diff to previous version
1028064 potential overflow in _php_stream_scandir
CVE-2011-1398 The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and 5.4.x before 5.4.0RC2 does not check for %0D sequences (aka carriage return charac
CVE-2012-4388 The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka ca
CVE-2012-2688 Unspecified vulnerability in the _php_stream_scandir function in the stream implementation in PHP before 5.3.15 and 5.4.x before 5.4.5 has unknown imp
CVE-2012-3450 in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during pars

Version: 5.3.2-1ubuntu4.17 2012-06-19 16:06:45 UTC

  php5 (5.3.2-1ubuntu4.17) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service via invalid tidy objects
    - debian/patches/CVE-2012-0781.patch: track initialization in
      ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt,
    - CVE-2012-0781
  * SECURITY UPDATE: denial of service or possible directory traversal via
    invalid filename.
    - debian/patches/CVE-2012-1172.patch: ensure brackets get closed in
      main/rfc1867.c, add test to tests/basic/bug55500.phpt.
    - CVE-2012-1172
  * SECURITY UPDATE: password truncation via invalid byte
    - debian/patches/CVE-2012-2143.patch: improve logic in
      ext/standard/crypt_freesec.c, add test to
    - CVE-2012-2143
  * SECURITY UPDATE: crypto() empty salt string issue
    - debian/patches/php_crypt_revamped.patch: Return fail string on
      invalid Blowfish salt rounds, fix regression when the salt is empty.
    - CVE-2012-2317
  * SECURITY UPDATE: improve php5-cgi query string parameter parsing
    - debian/patches/CVE-2012-233x.patch: improve parsing in
    - CVE-2012-2335
    - CVE-2012-2336
  * SECURITY UPDATE: phar extension heap overflow
    - debian/patches/CVE-2012-2386.patch: check for overflow in
    - CVE-2012-2386
 -- Marc Deslauriers <email address hidden> Tue, 12 Jun 2012 15:51:23 -0400

CVE-2012-0781 The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via
CVE-2012-1172 The file-upload implementation in rfc1867.c in PHP before 5.4.0 does not properly handle invalid [ (open square bracket) characters in name values, wh
CVE-2012-2317 php5 crypt() empty salt issue
CVE-2012-2335 php-wrapper.fcgi does not properly handle command-line arguments, which allows remote attackers to bypass a protection mechanism in PHP 5.3.12 and 5.4
CVE-2012-2336 sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings
CVE-2012-2386 phar integer overfow

About   -   Changelog   -   Send Feedback