* New upstream security/bugfix release: - safe_mode & open_basedir bypasses inside the session extension [CVE-2007-0905] - multiple buffer overflows in various extensions and functions [CVE-2007-0906] - underflow in the internal sapi_header_op() function [CVE-2007-0907] - information disclosure in the wddx extension [CVE-2007-0908] - string format vulnerability in *print() functions on 64 bit systems [CVE-2007-0909] - possible clobbering of super-globals in several code paths [CVE-2007-0910] * Adapted patches to new upstream release: - 006-debian_quirks.patch - 034-apache2_umask_fix.patch - 044-strtod_arm_fix.patch * Drop 109-libdb4.4.patch: Obsolete, upstream now checks for db 4.5 and 4.4. * Drop 114-zend_alloc.c_m68k_alignment.patch and 115-zend_alloc.c_memleak.patch: Applied upstream. * Add debian/patches/000upstream-str_ireplace_offbyone.patch: - Fix off-by-one in str_ireplace(), a regression introduced in 5.2.1. - Patch taken from upstream CVS: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.630&r2=1.631 - CVE-2007-0911 * debian/control: Set Ubuntu maintainer.