~ubuntu-branches/ubuntu/hardy/php5/hardy-security : files for revision 31

~ubuntu-branches/ubuntu/hardy/php5/hardy-security : (Revision 31)

Committer: Bazaar Package Importer
Author(s): Marc Deslauriers
Date: 2009-01-27 14:22:51 UTC
mfrom: (29.1.3 hardy-proposed)
Revision ID: james.westby@ubuntu.com-20090127142251-4dop6x0usg164dg2

Tags: 5.2.4-2ubuntu5.5

* SECURITY UPDATE: php_admin_value and php_admin_flag restrictions bypass via
  ini_set. (LP: #228095)
  - debian/patches/120_SECURITY_CVE-2007-5900.patch: add new
    zend_alter_ini_entry_ex() function that extends zend_alter_ini_entry() by
    making sure the entry can be modified in Zend/zend_ini.{c,h},
    Zend/zend_vm_def.h, and Zend/zend_vm_execute.h.
  - CVE-2007-5900
* SECURITY UPDATE: denial of service and possible arbitrary code execution
  via crafted font file. (LP: #286851)
  - debian/patches/121_SECURITY_CVE-2008-3658.patch: make sure font->nchars,
    font->h, and font->w don't cause overflows in ext/gd/gd.c. Also, add
    test script ext/gd/tests/imageloadfont_invalid.phpt.
  - CVE-2008-3658
* SECURITY UPDATE: denial of service and possible arbitrary code execution
  via the delimiter argument to the explode function. (LP: #286851)
  - debian/patches/122_SECURITY_CVE-2008-3659.patch: make sure needle_length
    is sane in ext/standard/tests/strings/explode_bug.phpt. Also, add test
    script ext/standard/tests/strings/explode_bug.phpt.
  - CVE-2008-3659
* SECURITY UPDATE: denial of service via a request with multiple dots
  preceding the extension. (ex: foo..php) (LP: #286851)
  - debian/patches/123_SECURITY_CVE-2008-3660.patch: improve .. cleaning with
    a new is_valid_path() function in sapi/cgi/cgi_main.c.
  - CVE-2008-3660
* SECURITY UPDATE: mbstring extension arbitrary code execution via crafted
  string containing HTML entity. (LP: #317672)
  - debian/patches/124_SECURITY_CVE-2008-5557.patch: improve
    mbfl_filt_conv_html_dec_flush() error handling in
    ext/mbstring/libmbfl/filters/mbfilter_htmlent.c.
  - CVE-2008-5557
* SECURITY UPDATE: safe_mode restriction bypass via unrestricted variable
  settings.
  - debian/patches/125_SECURITY_CVE-2008-5624.patch: make sure the page_uid
    and page_gid get initialized properly in ext/standard/basic_functions.c.
    Also, init server_context before processing config variables in
    sapi/apache/mod_php5.c.
  - CVE-2008-5624
* SECURITY UPDATE: arbitrary file write by placing a "php_value error_log"
  entry in a .htaccess file.
  - debian/patches/126_SECURITY_CVE-2008-5625.patch: enforce restrictions
    when merging in dir entry in sapi/apache/mod_php5.c and
    sapi/apache2handler/apache_config.c.
  - CVE-2008-5625
* SECURITY UPDATE: arbitrary file overwrite from directory traversal via zip
  file with dot-dot filenames.
  - debian/patches/127_SECURITY_CVE-2008-5658.patch: clean up filename paths
    in ext/zip/php_zip.c with new php_zip_realpath_r(),
    php_zip_virtual_file_ex() and php_zip_make_relative_path() functions.
  - CVE-2008-5658

Filename	Latest Rev	Last Changed	Committer	Comment	Size
..
build	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
debian	2	18 years ago	Bazaar Package Importer	Resync with Debian, bringing in two security fixes
ext	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
main	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
netware	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
pear	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
regex	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
sapi	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
scripts	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
tests	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
TSRM	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
win32	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
Zend	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5
.gdbinit	1.1.8	16 years ago	Bazaar Package Importer	Import upstream version 5.2.3	10.3 KB
acconfig.h	1.1.6	17 years ago	Bazaar Package Importer	Import upstream version 5.2.1	3.2 KB
acconfig.h.in	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	28 bytes
acinclude.m4	1.1.9	16 years ago	Bazaar Package Importer	Import upstream version 5.2.4	72.7 KB
aclocal.m4	25	16 years ago	Bazaar Package Importer	* Merge from Debian unstable (LP: #176011). Remain	288 KB
buildconf	1.1.9	16 years ago	Bazaar Package Importer	Import upstream version 5.2.4	1.2 KB
buildconf.bat	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	51 bytes
CODING_STANDARDS	1.1.9	16 years ago	Bazaar Package Importer	Import upstream version 5.2.4	10.8 KB
config.guess	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	42.4 KB
config.sub	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	30.9 KB
configure	25	16 years ago	Bazaar Package Importer	* Merge from Debian unstable (LP: #176011). Remain	2.8 MB
configure.in	1.1.9	16 years ago	Bazaar Package Importer	Import upstream version 5.2.4	42.2 KB
CREDITS	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	91 bytes
cvsclean	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	58 bytes
cvsclean.bat	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	50 bytes
EXTENSIONS	1.1.7	17 years ago	Bazaar Package Importer	Import upstream version 5.2.2	22.1 KB
footer	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	137 bytes
generated_lists	1.1.6	17 years ago	Bazaar Package Importer	Import upstream version 5.2.1	2.1 KB
genfiles	1.1.1	18 years ago	Bazaar Package Importer	Import upstream version 5.1.1	459 bytes
header	1.1.6	17 years ago	Bazaar Package Importer	Import upstream version 5.2.1	1.1 KB
INSTALL	1.1.7	17 years ago	Bazaar Package Importer	Import upstream version 5.2.2	85.5 KB
install-sh	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	Empty
LICENSE	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	3.1 KB
ltmain.sh	1.1.2	18 years ago	Bazaar Package Importer	Import upstream version 5.1.2	182 KB
makedist	1.1.5	17 years ago	Bazaar Package Importer	Import upstream version 5.2.0	3.6 KB
Makefile.frag	1.1.8	16 years ago	Bazaar Package Importer	Import upstream version 5.2.3	919 bytes
Makefile.gcov	1.1.6	17 years ago	Bazaar Package Importer	Import upstream version 5.2.1	2.7 KB
Makefile.global	1.1.9	16 years ago	Bazaar Package Importer	Import upstream version 5.2.4	6.2 KB
makerpm	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	5.1 KB
missing	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	Empty
mkinstalldirs	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	Empty
NEWS	1.1.9	16 years ago	Bazaar Package Importer	Import upstream version 5.2.4	161 KB
php.gif	1.1.3	17 years ago	Bazaar Package Importer	Import upstream version 5.1.4	2.4 KB
php.ini-dist	1.1.9	16 years ago	Bazaar Package Importer	Import upstream version 5.2.4	43.9 KB
php.ini-recommended	1.1.9	16 years ago	Bazaar Package Importer	Import upstream version 5.2.4	47.4 KB
php5.spec.in	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	1.4 KB
README.CVS-RULES	1.1.9	16 years ago	Bazaar Package Importer	Import upstream version 5.2.4	5.1 KB
README.EXT_SKEL	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	6.9 KB
README.EXTENSIONS	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	1.5 KB
README.input_filter	1.1.5	17 years ago	Bazaar Package Importer	Import upstream version 5.2.0	5.7 KB
README.PARAMETER_PARSING_API	1.1.6	17 years ago	Bazaar Package Importer	Import upstream version 5.2.1	3.9 KB
README.PHP4-TO-PHP5-THIN-CHANGES	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.6 KB
README.QNX	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	2 KB
README.SELF-CONTAINED-EXTENSIONS	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.6 KB
README.STREAMS	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	15 KB
README.SUBMITTING_PATCH	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.4 KB
README.TESTING	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	6.3 KB
README.TESTING2	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.8 KB
README.UNIX-BUILD-SYSTEM	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.1 KB
README.UPDATE_5_2	1.1.6	17 years ago	Bazaar Package Importer	Import upstream version 5.2.1	37 KB
README.WIN32-BUILD-SYSTEM	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	6.1 KB
README.Zeus	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	4.1 KB
run-tests.php	1.1.9	16 years ago	Bazaar Package Importer	Import upstream version 5.2.4	57.1 KB
server-tests-config.php	1.1.1	18 years ago	Bazaar Package Importer	Import upstream version 5.1.1	2 KB
server-tests.php	1.1.6	17 years ago	Bazaar Package Importer	Import upstream version 5.2.1	50.5 KB
snapshot	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	108 bytes
stamp-h.in	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	10 bytes
stub.c	1	18 years ago	Bazaar Package Importer	Import upstream version 5.0.5	1 bytes
TODO	1.1.7	17 years ago	Bazaar Package Importer	Import upstream version 5.2.2	4.9 KB
TODO-5.1	1.1.1	18 years ago	Bazaar Package Importer	Import upstream version 5.1.1	163 bytes
TODO-PHP5	1.1.7	17 years ago	Bazaar Package Importer	Import upstream version 5.2.2	3.6 KB
UPGRADING	1.1.5	17 years ago	Bazaar Package Importer	Import upstream version 5.2.0	17 KB