~ubuntu-branches/ubuntu/dapper/php5/dapper-security : files for revision 8

~ubuntu-branches/ubuntu/dapper/php5/dapper-security : (Revision 8)

Committer: Bazaar Package Importer
Author(s): Martin Pitt, CVE-2006-1494, CVE-2006-2660, CVE-2006-1991, CVE-2006-2563
Date: 2006-07-18 17:22:30 UTC
Revision ID: james.westby@ubuntu.com-20060718172230-xwvv2iczcsg020q6

Tags: 5.1.2-1ubuntu3.1

* SECURITY UPDATE: Multiple vulnerabilities.
* debian/patches/CVE-2006-0996.patch:
  - XSS in phpinfo() [CVE-2006-0996]
  - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/info.c?r1=1.260&r2=1.261
* debian/patches/CVE-2006-1490.patch:
  - Memory disclosure in html_entity_decode() [CVE-2006-1490]
  - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.112&r2=1.113
* debian/patches/CVE-2006-1494.patch:
  - Bypassing open_basedir restrictions with tempnam()
    [CVE-2006-1494, CVE-2006-2660]
  - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.279.2.70.2.4&r2=1.279.2.70.2.5
* debian/patches/CVE-2006-1608.patch:
  - Bypassing open_basedir restrictions with copy() via a source argument
    containing a compress.zlib:// URI [CVE-2006-1494]
  - http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/file.c?r1=1.382.2.10&r2=1.382.2.11
* debian/patches/CVE-2006-1990.patch:
  - Integer overflow in wordwrap function (usually not triggerable from
    outside). [CVE-2006-1990]
  - Zend/zend_alloc.c: Fix variable declaration to work on 64-bit systems to
    plug this vulnerability on amd64/ia64, too. (not yet fixed upstream)
* debian/patches/CVE-2006-1991.patch:
  - DoS with out-of-bounds offset argument to substr_compare()
    [CVE-2006-1991]
* debian/patches/CVE-2006-2563.patch:
  - Bypassing safe mode/open_basedir restrictions with curl module
    [CVE-2006-2563]
  - Patch taken from Mandriva, not fixed upstream.
* debian/patches/CVE-2006-3011.patch:
  - Bypassing safe mode/open_basedir restrictions with error_log() with
    'php://' or other schema in the third argument. [CVE-2006-3011]
  - http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.543.2.51.2.9&r2=1.543.2.51.2.10
* debian/patches/CVE-2006-3016.patch:
  - Check session name for invalid characters to prevent CRLF and other
    malicious injections. [CVE-2006-3016]
  - http://cvs.php.net/viewcvs.cgi/php-src/ext/session/session.c?r1=1.425&r2=1.426
* debian/patches/CVE-2006-3017.patch:
  - Fix zend_hash_del() (previously could delete the wrong element, which
    prevented a variable from being unset even when the PHP unset function
    was called, which might cause the variable's value to be used in
    security-relevant operations). [CVE-2006-3017]
  - http://cvs.php.net/viewcvs.cgi/Zend/zend_hash.c?r1=1.87.4.8.2.1&r2=1.87.4.8.2.3
* debian/patches/CVE-2006-3018.patch:
  - Heap corruption in session extension. [CVE-2006-3018]
  - http://cvs.php.net/viewcvs.cgi/php-src/ext/session/mod_files.c?r1=1.102&r2=1.103

Filename	Latest Rev	Last Changed	Committer	Comment	Size
..
build	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
debian	2	18 years ago	Bazaar Package Importer	Resync with Debian, bringing in two security fixes
ext	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
main	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
netware	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
pear	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
regex	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
sapi	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
scripts	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
tests	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
TSRM	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
win32	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
Zend	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
.gdbinit	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	7.1 KB
acconfig.h	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	3.2 KB
acconfig.h.in	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	28 bytes
acinclude.m4	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	64.5 KB
aclocal.m4	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	280 KB
buildconf	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	1.2 KB
buildconf.bat	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	51 bytes
CODING_STANDARDS	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	10.8 KB
config.guess	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	42.4 KB
config.sub	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	30.9 KB
configure	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	2.8 MB
configure.in	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	41 KB
CREDITS	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	91 bytes
cvsclean	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	58 bytes
cvsclean.bat	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	50 bytes
EXTENSIONS	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	22.6 KB
footer	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	137 bytes
generated_lists	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	2.2 KB
genfiles	1.1.1	18 years ago	Bazaar Package Importer	Import upstream version 5.1.1	459 bytes
header	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	1.1 KB
INSTALL	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	86.5 KB
install-sh	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	Empty
LICENSE	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	3.1 KB
ltmain.sh	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	182 KB
makedist	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	3.4 KB
Makefile.frag	1.1.1	18 years ago	Bazaar Package Importer	Import upstream version 5.1.1	941 bytes
Makefile.gcov	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	2.5 KB
Makefile.global	1.1.1	18 years ago	Bazaar Package Importer	Import upstream version 5.1.1	4.1 KB
makerpm	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	5.1 KB
missing	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	Empty
mkinstalldirs	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	Empty
NEWS	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	72.7 KB
php.gif	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	3.7 KB
php.ini-dist	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	40.3 KB
php.ini-recommended	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	44.3 KB
php5.spec.in	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	1.4 KB
README.CVS-RULES	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	4.6 KB
README.EXT_SKEL	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	6.9 KB
README.EXTENSIONS	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	1.5 KB
README.input_filter	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	5.6 KB
README.PARAMETER_PARSING_API	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	3.7 KB
README.PHP4-TO-PHP5-THIN-CHANGES	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.6 KB
README.QNX	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	2 KB
README.SELF-CONTAINED-EXTENSIONS	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.6 KB
README.STREAMS	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	15 KB
README.SUBMITTING_PATCH	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.4 KB
README.TESTING	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	6.3 KB
README.TESTING2	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.8 KB
README.UNIX-BUILD-SYSTEM	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.1 KB
README.WIN32-BUILD-SYSTEM	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	6.1 KB
README.Zeus	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.1 KB
run-tests.php	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	51.9 KB
server-tests-config.php	1.1.1	18 years ago	Bazaar Package Importer	Import upstream version 5.1.1	2 KB
server-tests.php	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	50.6 KB
snapshot	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	108 bytes
stamp-h.in	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	10 bytes
stub.c	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	1 bytes
TODO	1.1.1	18 years ago	Bazaar Package Importer	Import upstream version 5.1.1	5.2 KB
TODO-5.1	1.1.1	18 years ago	Bazaar Package Importer	Import upstream version 5.1.1	163 bytes
TODO-PHP5	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.6 KB
UPGRADING	1.1.1	18 years ago	Bazaar Package Importer	Import upstream version 5.1.1	17 KB