UbuntuUpdates.org

Package "php5-dbg"

Name: php5-dbg

Description:

Debug symbols for PHP5

Latest version: 5.5.9+dfsg-1ubuntu4.29
Release: trusty (14.04)
Level: security
Repository: main
Head package: php5
Homepage: http://www.php.net/

Links


Download "php5-dbg"


Other versions of "php5-dbg" in Trusty

Repository Area Version
base main 5.5.9+dfsg-1ubuntu4
updates main 5.5.9+dfsg-1ubuntu4.29

Changelog

Version: 5.5.9+dfsg-1ubuntu4.23 2018-02-12 17:06:24 UTC

  php5 (5.5.9+dfsg-1ubuntu4.23) trusty-security; urgency=medium

  * SECURITY UPDATE: buffer over-read while unserializing untrusted data
    - debian/patches/CVE-2017-12933.patch: add check to
      ext/standard/var_unserializer.*, add test to
      ext/standard/tests/serialize/bug74111.phpt, adjust test in
      ext/standard/tests/serialize/bug25378.phpt.
    - CVE-2017-12933
  * SECURITY UPDATE: information leak in php_parse_date function
    - debian/patches/CVE-2017-16642.patch: fix backof/frontof in
      ext/date/lib/parse_date.*, fix test in
      ext/date/tests/bug53437_var3.phpt, added test to
      ext/wddx/tests/bug75055.*.
    - CVE-2017-16642
  * SECURITY UPDATE: XSS in PHAR error page
    - debian/patches/CVE-2018-5712.patch: remove file name from output to
      avoid XSS in ext/phar/shortarc.php, ext/phar/stub.h, fix tests in
      ext/phar/tests/*.
    - CVE-2018-5712
  * SECURITY REGRESSION: exif_read_data broken (LP: #1633031)
    - debian/patches/CVE-2016-6291-regression.patch: add DJI signatures to
      the MAKERNOTE and its supported tags in ext/exif/exif.c.

 -- Marc Deslauriers <email address hidden> Thu, 08 Feb 2018 08:24:11 -0500

Source diff to previous version
1633031 exif_read_data broken in a lot of use cases by the CVE-2016-6291 bugfix
CVE-2017-12933 The finish_nested_data function in ext/standard/var_unserializer.re in PHP before 5.6.31, 7.0.x before 7.0.21, and 7.1.x before 7.1.7 is prone to a b
CVE-2017-16642 In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an error in the date extension's timelib_meridian handling of 'front of' and 'back
CVE-2018-5712 An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 40
CVE-2016-6291 The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers

Version: 5.5.9+dfsg-1ubuntu4.22 2017-08-10 16:06:39 UTC

  php5 (5.5.9+dfsg-1ubuntu4.22) trusty-security; urgency=medium

  * SECURITY UPDATE: Zend OpCache shared memory issue
    - debian/patches/CVE-2015-8994-1.patch: check cached files permissions
      in ext/opcache/ZendAccelerator.*,
      ext/opcache/zend_accelerator_hash.c,
      ext/opcache/zend_accelerator_module.c.
    - debian/patches/CVE-2015-8994-2.patch: use full path in
      ext/opcache/ZendAccelerator.c.
    - debian/patches/CVE-2015-8994-3.patch: handle big inodes in
      ext/opcache/ZendAccelerator.c.
    - CVE-2015-8994
  * SECURITY UPDATE: URL check bypass
    - debian/patches/CVE-2016-10397-1.patch: fix logic in
      ext/standard/url.c, added tests to
      ext/standard/tests/url/bug73192.phpt,
      ext/standard/tests/url/parse_url_basic_00*.phpt.
    - debian/patches/CVE-2016-10397-2.patch: respect length argument in
      ext/standard/url.c.
    - CVE-2016-10397
  * SECURITY UPDATE: wddx empty boolean tag parsing issue
    - debian/patches/CVE-2017-11143-1.patch: handle empty tag in
      ext/wddx/wddx.c, added test to ext/wddx/tests/bug74145.*.
    - debian/patches/CVE-2017-11143-2.patch: improve fix in
      ext/wddx/wddx.c.
    - CVE-2017-11143
  * SECURITY UPDATE: DoS in OpenSSL sealing function
    - debian/patches/CVE-2017-11144.patch: check return code in
      ext/openssl/openssl.c, added test to ext/openssl/tests/*74651*.
    - CVE-2017-11144
  * SECURITY UPDATE: information leak in the date extension
    - debian/patches/CVE-2017-11145.patch: fix parsing of strange formats
      in ext/date/lib/parse_date.*.
    - CVE-2017-11145
  * SECURITY UPDATE: buffer overread in phar_parse_pharfile
    - debian/patches/CVE-2017-11147.patch: use proper sizes in
      ext/phar/phar.c.
    - CVE-2017-11147
  * SECURITY UPDATE: DoS via long locale
    - debian/patches/CVE-2017-11362.patch: check length in
      ext/intl/msgformat/msgformat_parse.c.
    - CVE-2017-11362
  * SECURITY UPDATE: buffer overflow in the zend_ini_do_op()
    - debian/patches/CVE-2017-11628.patch: use correct buffer size in
      Zend/zend_ini_parser.y, added tests to Zend/tests/bug74603.*.
    - CVE-2017-11628
  * SECURITY UPDATE: out-of-bounds read in oniguruma in mbstring
    - debian/patches/CVE-2017-9224.patch: fix logic in
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9224
  * SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
    - debian/patches/CVE-2017-9226.patch: add checks to
      ext/mbstring/oniguruma/regparse.c.
    - CVE-2017-9226
  * SECURITY UPDATE: stack out-of-bounds read in oniguruma in mbstring
    - debian/patches/CVE-2017-9227.patch: add bounds check to
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9227
  * SECURITY UPDATE: heap out-of-bounds write in oniguruma in mbstring
    - debian/patches/CVE-2017-9228.patch: add check to
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9228
  * SECURITY UPDATE: invalid pointer dereference in oniguruma in mbstring
    - debian/patches/CVE-2017-9229.patch: fix logic in
      ext/mbstring/oniguruma/regexec.c.
    - CVE-2017-9229

 -- Marc Deslauriers <email address hidden> Fri, 04 Aug 2017 10:26:27 -0400

Source diff to previous version
CVE-2015-8994 An issue was discovered in PHP 5.x and 7.x, when the configuration uses apache2handler/mod_php or php-fpm with OpCache enabled. With 5.x after 5.6.28
CVE-2016-1039 Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous befo
CVE-2017-1114 RESERVED
CVE-2017-1136 RESERVED
CVE-2017-1162 RESERVED
CVE-2017-9224 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds r
CVE-2017-9226 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds wr
CVE-2017-9227 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds r
CVE-2017-9228 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds wr
CVE-2017-9229 An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A SIGSEGV occurs in lef

Version: 5.5.9+dfsg-1ubuntu4.21 2017-02-14 19:06:59 UTC

  php5 (5.5.9+dfsg-1ubuntu4.21) trusty-security; urgency=medium

  * SECURITY UPDATE: overflow in locale_get_display_name
    - debian/patches/CVE-2014-9912.patch: check locale name length in
      ext/intl/locale/locale_methods.c, added test to
      ext/intl/tests/bug67397.phpt.
    - debian/patches/CVE-2014-9912-2.patch: fix test in
      ext/intl/tests/bug62082.phpt.
    - CVE-2014-9912
  * SECURITY UPDATE: infinite loop via crafted serialized data
    - debian/patches/CVE-2016-7478-pre.patch: don't unset the default value
      in Zend/zend_exceptions.c, fix tests in
      ext/standard/tests/serialize/bug69152.phpt,
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478-pre2.patch: fix test in
      ext/standard/tests/serialize/bug69793.phpt.
    - debian/patches/CVE-2016-7478.patch: fix memcpy in
      Zend/zend_exceptions.c, ext/bcmath/libbcmath/src/init.c,
      ext/bcmath/libbcmath/src/outofmem.c.
    - CVE-2016-7478
  * SECURITY UPDATE: arbitrary code execution via crafted serialized data
    - debian/patches/CVE-2016-7479-pre.patch: fix null pointer dereference
      in ext/standard/var_unserializer.*, added test to
      standard/tests/serialize/bug68545.phpt.
    - debian/patches/CVE-2016-7479.patch: implement delayed __wakeup in
      ext/standard/var_unserializer.*.
    - CVE-2016-7479
  * SECURITY UPDATE: denial of service via crafted serialized data
    - debian/patches/CVE-2016-9137.patch: fix use-after-free in
      Zend/zend_API.*, ext/curl/curl_file.c, added test to
      ext/curl/tests/bug73147.phpt.
    - CVE-2016-9137
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9934.patch: check objects in ext/wddx/wddx.c,
      ext/pdo/pdo_stmt.c, ext/wddx/tests/bug45901.phpt,
      ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug73331.phpt.
    - CVE-2016-9934
  * SECURITY UPDATE: denial of service via crafted wddxPacket XML document
    - debian/patches/CVE-2016-9935-1.patch: fix memory leak in
      ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-2.patch: fix leak in ext/wddx/wddx.c.
    - debian/patches/CVE-2016-9935-3.patch: fix leak in ext/wddx/wddx.c.
    - CVE-2016-9935
  * SECURITY UPDATE: exif DoS via FPE
    - debian/patches/CVE-2016-10158.patch: fix integer size issue in
      ext/exif/exif.c.
    - CVE-2016-10158
  * SECURITY UPDATE: integer overflow in phar_parse_pharfile
    - debian/patches/CVE-2016-10159.patch: fix overflows in
      ext/phar/phar.c.
    - CVE-2016-10159
  * SECURITY UPDATE: off-by-one in phar_parse_pharfile
    - debian/patches/CVE-2016-10160.patch: handle length in
      ext/phar/phar.c.
    - CVE-2016-10160
  * SECURITY UPDATE: denial of service via crafted serialized data
    - debian/patches/CVE-2016-10161.patch: fix out-of-bounds read in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/serialize/bug73825.phpt.
    - CVE-2016-10161

 -- Marc Deslauriers <email address hidden> Thu, 09 Feb 2017 11:02:44 -0500

Source diff to previous version
CVE-2014-9912 The get_icu_disp_value_src_php function in ext/intl/locale/locale_methods.c in PHP before 5.3.29, 5.4.x before 5.4.30, and 5.5.x before 5.5.14 does n
CVE-2016-7478 Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service (infinite loop)
CVE-2016-7479 In all versions of PHP 7, during the unserialization process, resizing the 'properties' hash table of a serialized object may lead to use-after-free.
CVE-2016-9137 Use-after-free vulnerability in the CURLFile implementation in ext/curl/curl_file.c in PHP before 5.6.27 and 7.x before 7.0.12 allows remote attacker
CVE-2016-9934 ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafte
CVE-2016-9935 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29 and 7.x before 7.0.14 allows remote attackers to cause a denial of service
CVE-2016-1015 Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to
CVE-2016-1016 Use-after-free vulnerability in the Transform object implementation in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 o

Version: 5.5.9+dfsg-1ubuntu4.20 2016-10-04 18:06:49 UTC

  php5 (5.5.9+dfsg-1ubuntu4.20) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service or code execution via crafted
    serialized data
    - debian/patches/CVE-2016-7124-1.patch: destroy broken object when
      unserializing in ext/standard/var_unserializer.c*, added tests to
      ext/standard/tests/strings/bug72663.phpt,
      ext/standard/tests/strings/bug72663_2.phpt.
    - debian/patches/CVE-2016-7124-2.patch: improve fix in
      ext/standard/var_unserializer.c*, added test to
      ext/standard/tests/strings/bug72663_3.phpt.
    - CVE-2016-7124
  * SECURITY UPDATE: arbitrary-type session data injection
    - debian/patches/CVE-2016-7125.patch: consume data even if not storing
      in ext/session/session.c, added test to
      ext/session/tests/bug72681.phpt.
    - debian/patches/CVE-2016-7125-2.patch: remove unused label in
      ext/session/session.c.
    - CVE-2016-7125
  * SECURITY UPDATE: denial of service and possible code execution in
    imagegammacorrect function
    - debian/patches/CVE-2016-7127.patch: check gamma values in
      ext/gd/gd.c, added test to ext/gd/tests/bug72730.phpt.
    - CVE-2016-7127
  * SECURITY UPDATE: information disclosure via exif_process_IFD_in_TIFF
    - debian/patches/CVE-2016-7128.patch: properly handle thumbnails in
      ext/exif/exif.c.
    - CVE-2016-7128
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid ISO 8601 time value
    - debian/patches/CVE-2016-7129.patch: properly handle strings in
      ext/wddx/wddx.c, added test to ext/wddx/tests/bug72749.phpt.
    - CVE-2016-7129
  * SECURITY UPDATE: denial of service and possible code execution via
    invalid base64 binary value
    - debian/patches/CVE-2016-7130.patch: properly handle string in
      ext/wddx/wddx.c, added test to ext/wddx/tests/bug72750.phpt.
    - CVE-2016-7130
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed wddxPacket XML document
    - debian/patches/CVE-2016-7131.patch: added check to ext/wddx/wddx.c,
      added tests to ext/wddx/tests/bug72790.phpt,
      ext/wddx/tests/bug72799.phpt.
    - CVE-2016-7131
    - CVE-2016-7132
  * SECURITY UPDATE: denial of service and possible code execution via
    partially constructed object
    - debian/patches/CVE-2016-7411.patch: properly handle partial object in
      ext/standard/var_unserializer.*, added test to
      ext/standard/tests/serialize/bug73052.phpt.
    - CVE-2016-7411
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted field metadata in MySQL driver
    - debian/patches/CVE-2016-7412.patch: validate field length in
      ext/mysqlnd/mysqlnd_wireprotocol.c.
    - CVE-2016-7412
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed wddxPacket XML document
    - debian/patches/CVE-2016-7413.patch: fixed use-after-free in
      ext/wddx/wddx.c, added test to ext/wddx/tests/bug72860.phpt.
    - CVE-2016-7413
  * SECURITY UPDATE: denial of service and possible code execution via
    crafted PHAR archive
    - debian/patches/CVE-2016-7414.patch: validate signatures in
      ext/phar/util.c, ext/phar/zip.c.
    - CVE-2016-7414
  * SECURITY UPDATE: denial of service and possible code execution via
    MessageFormatter::formatMessage call with a long first argument
    - debian/patches/CVE-2016-7416.patch: added locale length check to
      ext/intl/msgformat/msgformat_format.c.
    - CVE-2016-7416
  * SECURITY UPDATE: denial of service or code execution via crafted
    serialized data
    - debian/patches/CVE-2016-7417.patch: added type check to
      ext/spl/spl_array.c, added test to ext/spl/tests/bug73029.phpt.
    - debian/patches/CVE-2016-7417-2.patch: fix test in
      ext/spl/tests/bug70068.phpt.
    - CVE-2016-7417
  * SECURITY UPDATE: denial of service and possible code execution via
    malformed wddxPacket XML document
    - debian/patches/CVE-2016-7418.patch: fix out-of-bounds read in
      ext/wddx/wddx.c, added test to ext/wddx/tests/bug73065.phpt.
    - CVE-2016-7418

 -- Marc Deslauriers <email address hidden> Mon, 03 Oct 2016 07:34:26 -0400

Source diff to previous version
CVE-2016-7124 ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause
CVE-2016-7125 ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows r
CVE-2016-7127 The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote
CVE-2016-7128 The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that ex
CVE-2016-7129 The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service
CVE-2016-7130 The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service
CVE-2016-7131 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and applica
CVE-2016-7132 ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and applica
CVE-2016-7411 ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles object-deserialization failures, which allows remote attackers to cause a denial of
CVE-2016-7412 ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allo
CVE-2016-7413 Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers
CVE-2016-7414 The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enoug
CVE-2016-7416 ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale
CVE-2016-7417 ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type
CVE-2016-7418 The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service

Version: 5.5.9+dfsg-1ubuntu4.19 2016-08-02 16:06:51 UTC

  php5 (5.5.9+dfsg-1ubuntu4.19) trusty-security; urgency=medium

  * SECURITY UPDATE: segfault in SplMinHeap::compare
    - debian/patches/CVE-2015-4116.patch: properly handle count in
      ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt.
    - CVE-2015-4116
  * SECURITY UPDATE: denial of service via recursive method calls
    - debian/patches/CVE-2015-8873.patch: add limit to
      Zend/zend_exceptions.c, add tests to
      ext/standard/tests/serialize/bug69152.phpt,
      ext/standard/tests/serialize/bug69793.phpt,
      sapi/cli/tests/005.phpt.
    - CVE-2015-8873
  * SECURITY UPDATE: denial of service or code execution via crafted
    serialized data
    - debian/patches/CVE-2015-8876.patch: fix logic in
      Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt.
    - CVE-2015-8876
  * SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041)
    - debian/patches/CVE-2015-8935.patch: update header handling to
      RFC 7230 in main/SAPI.c, added tests to
      ext/standard/tests/general_functions/bug60227_*.phpt.
    - CVE-2015-8935
  * SECURITY UPDATE: get_icu_value_internal out-of-bounds read
    - debian/patches/CVE-2016-5093.patch: add enough space in
      ext/intl/locale/locale_methods.c, added test to
      ext/intl/tests/bug72241.phpt.
    - CVE-2016-5093
  * SECURITY UPDATE: integer overflow in php_html_entities()
    - debian/patches/CVE-2016-5094.patch: don't create strings with lengths
      outside int range in ext/standard/html.c.
    - CVE-2016-5094
  * SECURITY UPDATE: string overflows in string add operations
    - debian/patches/CVE-2016-5095.patch: check for size overflow in
      Zend/zend_operators.c.
    - CVE-2016-5095
  * SECURITY UPDATE: int/size_t confusion in fread
    - debian/patches/CVE-2016-5096.patch: check string length in
      ext/standard/file.c, added test to
      ext/standard/tests/file/bug72114.phpt.
    - CVE-2016-5096
  * SECURITY UPDATE: memory leak and buffer overflow in FPM
    - debian/patches/CVE-2016-5114.patch: check buffer length in
      sapi/fpm/fpm/fpm_log.c.
    - CVE-2016-5114
  * SECURITY UPDATE: proxy request header vulnerability (httpoxy)
    - debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the
      local environment in ext/standard/basic_functions.c, main/SAPI.c,
      main/php_variables.c.
    - CVE-2016-5385
  * SECURITY UPDATE: inadequate error handling in bzread()
    - debian/patches/CVE-2016-5399.patch: do not allow reading past error
      read in ext/bz2/bz2.c.
    - CVE-2016-5399
  * SECURITY UPDATE: double free in _php_mb_regex_ereg_replace_exec
    - debian/patches/CVE-2016-5768.patch: check pointer in
      ext/mbstring/php_mbregex.c, added test to
      ext/mbstring/tests/bug72402.phpt.
    - CVE-2016-5768
  * SECURITY UPDATE: integer overflows in mcrypt
    - debian/patches/CVE-2016-5769.patch: check for overflow in
      ext/mcrypt/mcrypt.c.
    - CVE-2016-5769
  * SECURITY UPDATE: ese after free GC algorithm and unserialize
    - debian/patches/CVE-2016-5771.patch: added new handler in
      ext/spl/spl_array.c, added test to Zend/tests/gc_024.phpt,
      ext/standard/tests/strings/bug72433.phpt.
    - CVE-2016-5771
  * SECURITY UPDATE: double free corruption in wddx_deserialize
    - debian/patches/CVE-2016-5772.patch: prevent double-free in
      ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt.
    - CVE-2016-5772
  * SECURITY UPDATE: use after free in ZipArchive class
    - debian/patches/CVE-2016-5773.patch: add new handler in
      ext/zip/php_zip.c, added test to
      ext/standard/tests/strings/bug72434.phpt.
    - CVE-2016-5773
  * SECURITY UPDATE: buffer overflow in php_url_parse_ex()
    - debian/patches/CVE-2016-6288.patch: handle length in
      ext/standard/url.c.
    - CVE-2016-6288
  * SECURITY UPDATE: integer overflow in the virtual_file_ex function
    - debian/patches/CVE-2016-6289.patch: properly check path_length in
      Zend/zend_virtual_cwd.c.
    - CVE-2016-6289
  * SECURITY UPDATE: use after free in unserialize() with unexpected
    session deserialization
    - debian/patches/CVE-2016-6290.patch: destroy var_hash properly in
      ext/session/session.c, added test to ext/session/tests/bug72562.phpt.
    - CVE-2016-6290
  * SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE
    - debian/patches/CVE-2016-6291.patch: add more bounds checks to
      ext/exif/exif.c.
    - CVE-2016-6291
  * SECURITY UPDATE: NULL pointer dereference in exif_process_user_comment
    - debian/patches/CVE-2016-6292.patch: properly handle encoding in
      ext/exif/exif.c.
    - CVE-2016-6292
  * SECURITY UPDATE: locale_accept_from_http out-of-bounds access
    - debian/patches/CVE-2016-6294.patch: check length in
      ext/intl/locale/locale_methods.c, added test to
      ext/intl/tests/bug72533.phpt.
    - CVE-2016-6294
  * SECURITY UPDATE: use after free vulnerability in SNMP with GC and
    unserialize()
    - debian/patches/CVE-2016-6295.patch: add new handler to
      ext/snmp/snmp.c, add test to ext/snmp/tests/bug72479.phpt.
    - CVE-2016-6295
  * SECURITY UPDATE: heap buffer overflow in simplestring_addn
    - debian/patches/CVE-2016-6296.patch: prevent overflows in
      ext/xmlrpc/libxmlrpc/simplestring.*.
    - CVE-2016-6296
  * SECURITY UPDATE: integer overflow in php_stream_zip_opener
    - debian/patches/CVE-2016-6297.patch: use size_t in
      ext/zip/zip_stream.c.
    - CVE-2016-6297
  * debian/patches/fix_exif_tests.patch: fix exif test results after
    security changes.

 -- Marc Deslauriers <email address hidden> Thu, 28 Jul 2016 08:57:10 -0400

1594041 PHP Security Bug #68978: \
CVE-2015-4116 Use-after-free vulnerability in the spl_ptr_heap_insert function in ext/spl/spl_heap.c in PHP before 5.5.27 and 5.6.x before 5.6.11 allows remote att
CVE-2015-8873 Stack consumption vulnerability in Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 allows remote attackers
CVE-2015-8876 Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and 5.6.x before 5.6.12 does not validate certain Exception objects, which allows r
CVE-2015-8935 XSS in header() with Internet Explorer
CVE-2016-5093 get_icu_value_internal out-of-bounds read
CVE-2016-5094 don't create strings with lengths outside int range
CVE-2016-5095 don't create strings with lengths outside int range
CVE-2016-5096 int/size_t confusion in fread
CVE-2016-5385 PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presen
CVE-2016-5399 Improper error handling in bzread()
CVE-2016-5768 _php_mb_regex_ereg_replace_exec - double free
CVE-2016-5769 Heap Overflow due to integer overflows
CVE-2016-5771 Use After Free Vulnerability in PHP's GC algorithm and unserialize
CVE-2016-5772 Double Free Courruption in wddx_deserialize
CVE-2016-5773 ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize
CVE-2016-6288 The php_url_parse_ex function in ext/standard/url.c in PHP before 5.5.38 allows remote attackers to cause a denial of service (buffer over-read) or p
CVE-2016-6289 Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows re
CVE-2016-6290 ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which
CVE-2016-6291 The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers
CVE-2016-6292 The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to
CVE-2016-6294 The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not pro
CVE-2016-6295 ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage
CVE-2016-6296 Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before
CVE-2016-6297 Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows



About   -   Send Feedback to @ubuntu_updates