Viewing all changes in revision 19.
- Committer: Bazaar Package Importer
- Date: 2009-01-29 19:29:49 UTC
- Revision ID: james.westby@ubuntu.com-20090129192949-m02cvdd5fa6ebxhy
* SECURITY UPDATE: denial of service and possible code execution from
integer overflow in libgd. Although the system libgd was fixed in USN-557-1,
php5 would not gracefully handle the error return code, resulting in a
denial of service.
- debian/patches/219_SECURITY_CVE-2007-3996.patch: check return codes when
calling libgd in ext/gd/gd.c.
- CVE-2007-3996
* SECURITY UPDATE: php_admin_value and php_admin_flag restrictions bypass via
ini_set. (LP: #228095)
- debian/patches/220_SECURITY_CVE-2007-5900.patch: add new
zend_alter_ini_entry_ex() function that extends zend_alter_ini_entry() by
making sure the entry can be modified in Zend/zend_ini.{c,h},
Zend/zend_vm_def.h, and Zend/zend_vm_execute.h. Use the new function for
bacporting reasons in sapi/cgi/cgi_main.c and sapi/cli/php_cli.c.
- CVE-2007-5900
* SECURITY UPDATE: denial of service and possible arbitrary code execution
via crafted font file. (LP: #286851)
- debian/patches/221_SECURITY_CVE-2008-3658.patch: make sure font->nchars,
font->h, and font->w don't cause overflows in ext/gd/gd.c. Also, add
test script ext/gd/tests/imageloadfont_invalid.phpt.
- CVE-2008-3658
* SECURITY UPDATE: denial of service and possible arbitrary code execution
via the delimiter argument to the explode function. (LP: #286851)
- debian/patches/222_SECURITY_CVE-2008-3659.patch: make sure needle_length
is sane in ext/standard/tests/strings/explode_bug.phpt. Also, add test
script ext/standard/tests/strings/explode_bug.phpt.
- CVE-2008-3659
* SECURITY UPDATE: denial of service via a request with multiple dots
preceding the extension. (ex: foo..php) (LP: #286851)
- debian/patches/223_SECURITY_CVE-2008-3660.patch: improve .. cleaning with
a new is_valid_path() function in sapi/cgi/cgi_main.c.
- CVE-2008-3660
* SECURITY UPDATE: mbstring extension arbitrary code execution via crafted
string containing HTML entity. (LP: #317672)
- debian/patches/224_SECURITY_CVE-2008-5557.patch: improve
mbfl_filt_conv_html_dec_flush() error handling in
ext/mbstring/libmbfl/filters/mbfilter_htmlent.c.
- CVE-2008-5557
* SECURITY UPDATE: safe_mode restriction bypass via unrestricted variable
settings.
- debian/patches/225_SECURITY_CVE-2008-5624.patch: make sure the page_uid
and page_gid get initialized properly in ext/standard/basic_functions.c.
Also, init server_context before processing config variables in
sapi/apache/mod_php5.c.
- CVE-2008-5624
* SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
entry in a .htaccess file.
- debian/patches/226_SECURITY_CVE-2008-5625.patch: enforce restrictions
when merging in dir entry in sapi/apache/mod_php5.c and
sapi/apache2handler/apache_config.c.
- CVE-2008-5625
integer overflow in libgd. Although the system libgd was fixed in USN-557-1,
php5 would not gracefully handle the error return code, resulting in a
denial of service.
- debian/patches/219_SECURITY_CVE-2007-3996.patch: check return codes when
calling libgd in ext/gd/gd.c.
- CVE-2007-3996
* SECURITY UPDATE: php_admin_value and php_admin_flag restrictions bypass via
ini_set. (LP: #228095)
- debian/patches/220_SECURITY_CVE-2007-5900.patch: add new
zend_alter_ini_entry_ex() function that extends zend_alter_ini_entry() by
making sure the entry can be modified in Zend/zend_ini.{c,h},
Zend/zend_vm_def.h, and Zend/zend_vm_execute.h. Use the new function for
bacporting reasons in sapi/cgi/cgi_main.c and sapi/cli/php_cli.c.
- CVE-2007-5900
* SECURITY UPDATE: denial of service and possible arbitrary code execution
via crafted font file. (LP: #286851)
- debian/patches/221_SECURITY_CVE-2008-3658.patch: make sure font->nchars,
font->h, and font->w don't cause overflows in ext/gd/gd.c. Also, add
test script ext/gd/tests/imageloadfont_invalid.phpt.
- CVE-2008-3658
* SECURITY UPDATE: denial of service and possible arbitrary code execution
via the delimiter argument to the explode function. (LP: #286851)
- debian/patches/222_SECURITY_CVE-2008-3659.patch: make sure needle_length
is sane in ext/standard/tests/strings/explode_bug.phpt. Also, add test
script ext/standard/tests/strings/explode_bug.phpt.
- CVE-2008-3659
* SECURITY UPDATE: denial of service via a request with multiple dots
preceding the extension. (ex: foo..php) (LP: #286851)
- debian/patches/223_SECURITY_CVE-2008-3660.patch: improve .. cleaning with
a new is_valid_path() function in sapi/cgi/cgi_main.c.
- CVE-2008-3660
* SECURITY UPDATE: mbstring extension arbitrary code execution via crafted
string containing HTML entity. (LP: #317672)
- debian/patches/224_SECURITY_CVE-2008-5557.patch: improve
mbfl_filt_conv_html_dec_flush() error handling in
ext/mbstring/libmbfl/filters/mbfilter_htmlent.c.
- CVE-2008-5557
* SECURITY UPDATE: safe_mode restriction bypass via unrestricted variable
settings.
- debian/patches/225_SECURITY_CVE-2008-5624.patch: make sure the page_uid
and page_gid get initialized properly in ext/standard/basic_functions.c.
Also, init server_context before processing config variables in
sapi/apache/mod_php5.c.
- CVE-2008-5624
* SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
entry in a .htaccess file.
- debian/patches/226_SECURITY_CVE-2008-5625.patch: enforce restrictions
when merging in dir entry in sapi/apache/mod_php5.c and
sapi/apache2handler/apache_config.c.
- CVE-2008-5625
- files added:
- debian/patches/219_SECURITY_CVE-2007-3996.patch
- files modified:
- debian/changelog
expand all
collapse all
added
removed
