All Ubuntu package versions


AllTrustySaucyRaringQuantalPreciseLucidAll PPAs
DashboardRecent Search QueriesSearch Statistics
Alphabetical listSearchBugs
CommentsResqueStathatMemoryTracker

Package "php5"

Name: php5

Description:

server-side, HTML-embedded scripting language (metapackage)

Latest version: 5.3.10-1ubuntu3.11
Release: precise (12.04)
Level: security
Repository: main
Homepage: http://www.php.net/

Links

Save this URL for the latest version of "php5": http://www.ubuntuupdates.org/php5

All versions of this package Bug fixes
List of files in package Repository home page for package

Download "php5"

All arch deb package APT INSTALL

Other versions of "php5" in Precise

RepositoryAreaVersion
base universe 5.3.10-1ubuntu3
base main 5.3.10-1ubuntu3
security universe 5.3.10-1ubuntu3.11
updates main 5.3.10-1ubuntu3.11
updates universe 5.3.10-1ubuntu3.11
PPA: nathan-renniewaldock ppa 5.4.26-1~ppa1~precise

Packages in group

Deleted packages are displayed in grey.

libapache2-mod-php5 php-pear php5-cgi php5-cli php5-common
php5-curl php5-dbg php5-dev php5-gd php5-gmp
php5-ldap php5-mysql php5-odbc php5-pgsql php5-pspell
php5-recode php5-snmp php5-sqlite php5-tidy php5-xmlrpc
php5-xsl

Change Log

Version: 5.3.10-1ubuntu3.11 2014-04-07 14:07:11 UTC

  php5 (5.3.10-1ubuntu3.11) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service in fileinfo via crafted offset in
    PE executable
    - debian/patches/CVE-2014-2270.patch: check bounds in
      ext/fileinfo/libmagic/softmagic.c.
    - CVE-2014-2270
 -- Marc Deslauriers <email address hidden> Thu, 03 Apr 2014 15:21:27 -0400

Source diff to previous version
CVE-2014-2270 softmagic.c in file before 5.17 and libmagic allows context-dependent ...

Version: 5.3.10-1ubuntu3.10 2014-03-03 19:06:58 UTC

  php5 (5.3.10-1ubuntu3.10) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted indirect offset value
    in fileinfo
    - debian/patches/CVE-2013-1943.patch: properly handle recursion in
      ext/fileinfo/libmagic/{ascmagic.c,file.h,funcs.c,softmagic.c}, added
      test to ext/fileinfo/tests/cve-2014-1943.phpt.
    - CVE-2013-1943
 -- Marc Deslauriers <email address hidden> Fri, 28 Feb 2014 14:55:00 -0500

Source diff to previous version
CVE-2013-1943 The KVM subsystem in the Linux kernel before 3.0 does not check ...

Version: 5.3.10-1ubuntu3.9 2013-12-12 17:06:53 UTC

  php5 (5.3.10-1ubuntu3.9) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    malicious certificate
    - debian/patches/CVE-2013-6420.patch: properly validate timestr in
      ext/openssl/openssl.c, added ext/openssl/tests/cve-2013-6420.*.
    - CVE-2013-6420
  * SECURITY UPDATE: denial of service via crafted interval specification
    - debian/patches/CVE-2013-6712.patch: check error_count in
      ext/date/lib/parse_iso_intervals.*.
    - CVE-2013-6712
 -- Marc Deslauriers <email address hidden> Wed, 11 Dec 2013 19:22:04 -0500

Source diff to previous version
CVE-2013-6420 php: memory corruption in openssl_x509_parse()
CVE-2013-6712 The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...

Version: 5.3.10-1ubuntu3.8 2013-09-05 19:08:07 UTC

  php5 (5.3.10-1ubuntu3.8) precise-security; urgency=low

  * SECURITY UPDATE: SSL cert validation spoofing via NULL character in
    subjectAltName.
    - debian/patches/CVE-2013-4248.patch: validate subjectAltName in
      ext/openssl/openssl.c, added test to ext/openssl/tests/cve2013_4073*.
    - CVE-2013-4248
 -- Marc Deslauriers <email address hidden> Wed, 04 Sep 2013 12:54:39 -0400

Source diff to previous version
CVE-2013-4248 The openssl_x509_parse function in openssl.c in the OpenSSL module in ...

Version: 5.3.10-1ubuntu3.7 2013-07-16 13:07:17 UTC

  php5 (5.3.10-1ubuntu3.7) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via xml
    parser heap overflow
    - debian/patches/CVE-2013-4113.patch: check against XML_MAXLEVEL in
      ext/xml/xml.c, add test to ext/xml/tests/bug65236.phpt.
    - CVE-2013-4113
  * SECURITY UPDATE: denial of service via overflow in SdnToJewish
    - debian/patches/CVE-2013-4635.patch: check value in
      ext/calendar/jewish.c, add test to
      ext/calendar/tests/jdtojewish64.phpt.
    - CVE-2013-4635
 -- Marc Deslauriers <email address hidden> Mon, 15 Jul 2013 09:49:43 -0400

CVE-2013-4113 ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...
CVE-2013-4635 Integer overflow in the SdnToJewish function in jewish.c in the ...



About   -   Changelog   -   Send Feedback