Package "php7.0"

WARNING: the "php7.0" package was deleted from this repository

Name:	php7.0
Description:	This package is just an umbrella for a group of other packages, it has no description. Description samples from packages in group: HTML-embedded scripting language (Embedded SAPI library) Bcmath module for PHP bzip2 module for PHP DBA module for PHP
Latest version:	DELETED
Release:	xenial (16.04)
Level:	proposed
Repository:	universe

Links

Raw Package Information

All versions of this package

Bug fixes

List of files in package

Repository home page

Other versions of "php7.0" in Xenial

Repository	Area	Version
base	universe	7.0.4-7ubuntu2
base	main	7.0.4-7ubuntu2
security	universe	7.0.33-0ubuntu0.16.04.16
security	main	7.0.33-0ubuntu0.16.04.16
updates	universe	7.0.33-0ubuntu0.16.04.16
updates	main	7.0.33-0ubuntu0.16.04.16

Packages in group

Deleted packages are displayed in grey.

Changelog

Version: 7.0.15-0ubuntu0.16.04.3 2017-03-02 11:07:04 UTC

php7.0 (7.0.15-0ubuntu0.16.04.3) xenial; urgency=medium * debian/patches/bug_74021.patch: Fix fetch_array with more than MEDIUMBLOB. Thanks to andrewnester <email address hidden>. Closes LP: #1668017. -- Nishanth Aravamudan <email address hidden> Mon, 27 Feb 2017 13:55:02 -0800

1668017

Large mysql requests broken after security update, null character inserted close to 16MB boundary

Version: DELETED	2017-02-22 15:06:57 UTC
No changelog for deleted or moved packages.

Version: 7.0.15-0ubuntu0.16.04.1 2017-02-15 02:06:53 UTC

php7.0 (7.0.15-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream release - LP: #1663405 - Refresh patches for new upstream release. * debian/patches/0050-Fix-pdo_pgsql.patch: Fixed #73959 - lastInsertId fails to throw an exception in pdsql. Thanks to andrewnester <email address hidden>. Closes LP: #1658289. -- Nishanth Aravamudan <email address hidden> Tue, 14 Feb 2017 14:53:34 -0800

1663405	[SRU] microrelease exception for src:php7.0 (7.0.15)
1658289	Regression in pdo_pgsql after SRU to php 7.0.13 (fixed upstream)

Version: DELETED	2017-01-14 01:07:19 UTC
No changelog for deleted or moved packages.

Version: 7.0.13-0ubuntu0.16.04.1 2016-12-01 21:07:12 UTC

php7.0 (7.0.13-0ubuntu0.16.04.1) xenial; urgency=medium * New upstream release - LP: #1645431 - Refresh patches for new upstream release. * Drop: - SECURITY UPDATE: proxy request header vulnerability (httpoxy) + debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the local environment in ext/standard/basic_functions.c, main/SAPI.c, main/php_variables.c. + CVE-2016-5385 [ Fixed in 7.0.9 ] - SECURITY UPDATE: inadequate error handling in bzread() + debian/patches/CVE-2016-5399.patch: do not allow reading past error read in ext/bz2/bz2.c. + CVE-2016-5399 [ Fixed in 7.0.9 ] - SECURITY UPDATE: integer overflow in the virtual_file_ex function + debian/patches/CVE-2016-6289.patch: properly check path_length in Zend/zend_virtual_cwd.c. + CVE-2016-6289 [ Fixed in 7.0.9 ] - SECURITY UPDATE: use after free in unserialize() with unexpected session deserialization + debian/patches/CVE-2016-6290.patch: destroy var_hash properly in ext/session/session.c, added test to ext/session/tests/bug72562.phpt. + CVE-2016-6290 [ Fixed in 7.0.9 ] - SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE + debian/patches/CVE-2016-6291.patch: add more bounds checks to ext/exif/exif.c. + CVE-2016-6291 [ Fixed in 7.0.9 ] - SECURITY UPDATE: NULL pointer dereference in exif_process_user_comment + debian/patches/CVE-2016-6292.patch: properly handle encoding in ext/exif/exif.c. + CVE-2016-6292 [ Fixed in 7.0.9 ] - SECURITY UPDATE: locale_accept_from_http out-of-bounds access + debian/patches/CVE-2016-6294.patch: check length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72533.phpt. + CVE-2016-6294 [ Fixed in 7.0.9 ] - SECURITY UPDATE: use after free vulnerability in SNMP with GC and unserialize() + debian/patches/CVE-2016-6295.patch: add new handler to ext/snmp/snmp.c, add test to ext/snmp/tests/bug72479.phpt. + CVE-2016-6295 [ Fixed in 7.0.9 ] - SECURITY UPDATE: heap buffer overflow in simplestring_addn + debian/patches/CVE-2016-6296.patch: prevent overflows in ext/xmlrpc/libxmlrpc/simplestring.*. + CVE-2016-6296 [ Fixed in 7.0.9 ] - SECURITY UPDATE: integer overflow in php_stream_zip_opener + debian/patches/CVE-2016-6297.patch: use size_t in ext/zip/zip_stream.c. + CVE-2016-6297 [ Fixed in 7.0.9 ] - debian/patches/fix_exif_tests.patch: fix exif test results after security changes. [ Fixed in 7.0.9 ] - SECURITY UPDATE: denial of service or code execution via crafted serialized data + debian/patches/CVE-2016-7124.patch: fix unserializing logic in ext/session/session.c, ext/standard/var_unserializer.c*, ext/wddx/wddx.c, added tests to ext/standard/tests/serialize/bug72663.phpt, ext/standard/tests/serialize/bug72663_2.phpt, ext/standard/tests/serialize/bug72663_3.phpt. + CVE-2016-7124 [ Fixed in 7.0.10 ] - SECURITY UPDATE: arbitrary-type session data injection + debian/patches/CVE-2016-7125.patch: consume data even if not storing in ext/session/session.c, added test to ext/session/tests/bug72681.phpt. + CVE-2016-7125 [ Fixed in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution in imagegammacorrect function + debian/patches/CVE-2016-7127.patch: check gamma values in ext/gd/gd.c, added test to ext/gd/tests/bug72730.phpt. + CVE-2016-7127 [ Fixed in 7.0.10 ] - SECURITY UPDATE: information disclosure via exif_process_IFD_in_TIFF + debian/patches/CVE-2016-7128.patch: properly handle thumbnails in ext/exif/exif.c. + CVE-2016-7128 [ Fixed in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via invalid ISO 8601 time value + debian/patches/CVE-2016-7129.patch: properly handle strings in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72749.phpt. + CVE-2016-7129 [ Fixed in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via invalid base64 binary value + debian/patches/CVE-2016-7130.patch: properly handle string in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72750.phpt. + CVE-2016-7130 [ Fixed in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via malformed wddxPacket XML document + debian/patches/CVE-2016-7131.patch: added checks to ext/wddx/wddx.c, added tests to ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug72799.phpt. + CVE-2016-7131 + CVE-2016-7132 [ Fixed in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via long pathname + debian/patches/CVE-2016-7133.patch: fix memory allocator in Zend/zend_alloc.c. + CVE-2016-7133 [ Fixed in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via long string and curl_escape call + debian/patches/CVE-2016-7134.patch: check both curl_escape and curl_unescape in ext/curl/interface.c. + CVE-2016-7134 [ Fixed in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via crafted field metadata in MySQL driver + debian/patches/CVE-2016-7412.patch: validate field length in ext/mysqlnd/mysqlnd_wireprotocol.c. + CVE-2016-7412 [ Fixed in 7.0.11 ] - SECURITY UPDATE: denial of service and possible code execution via malformed wddxPacket XML document + debian/patches/CVE-2016-7413.patch: fixed use-after-free in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72860.phpt. + CVE-2016-7413 [ Fixed in 7.0.11 ]

1645431	[SRU] microrelease exception for src:php7.0 (7.0.13)
CVE-2016-5385	PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presen
CVE-2016-5399	Improper error handling in bzread()
CVE-2016-6289	Integer overflow in the virtual_file_ex function in TSRM/tsrm_virtual_cwd.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows re
CVE-2016-6290	ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not properly maintain a certain hash data structure, which
CVE-2016-6291	The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers
CVE-2016-6292	The exif_process_user_comment function in ext/exif/exif.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to
CVE-2016-6294	The locale_accept_from_http function in ext/intl/locale/locale_methods.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 does not pro
CVE-2016-6295	ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 improperly interacts with the unserialize implementation and garbage
CVE-2016-6296	Integer signedness error in the simplestring_addn function in simplestring.c in xmlrpc-epi through 0.54.2, as used in PHP before 5.5.38, 5.6.x before
CVE-2016-6297	Integer overflow in the php_stream_zip_opener function in ext/zip/zip_stream.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows
CVE-2016-7124	ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause
CVE-2016-7125	ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips invalid session names in a way that triggers incorrect parsing, which allows r
CVE-2016-7127	The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and 7.x before 7.0.10 does not properly validate gamma values, which allows remote
CVE-2016-7128	The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles the case of a thumbnail offset that ex
CVE-2016-7129	The php_wddx_process_data function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service
CVE-2016-7130	The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service
CVE-2016-7131	ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and applica
CVE-2016-7132	ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows remote attackers to cause a denial of service (NULL pointer dereference and applica
CVE-2016-7133	Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is enabled, mishandles huge realloc operations, which allows remote attackers to cause
CVE-2016-7134	ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a libcurl integer overflow, which allows remote attackers to cause a denial of ser
CVE-2016-7412	ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before 7.0.11 does not verify that a BIT field has the UNSIGNED_FLAG flag, which allo
CVE-2016-7413	Use-after-free vulnerability in the wddx_stack_destroy function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers
CVE-2016-7414	The ZIP signature-verification feature in PHP before 5.6.26 and 7.x before 7.0.11 does not ensure that the uncompressed_filesize field is large enoug
CVE-2016-7416	ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x before 7.0.11 does not properly restrict the locale length provided to the Locale
CVE-2016-7417	ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 proceeds with SplArray unserialization without validating a return value and data type
CVE-2016-7418	The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.26 and 7.x before 7.0.11 allows remote attackers to cause a denial of service

About - Send Feedback to @ubuntu_updates

Package "php7.0"

Links

Other versions of "php7.0" in Xenial

Packages in group

Changelog

Share this page

Bookmarks

Latest updates

proposed

updates

security

PPA updates