- Committer: Bazaar Package Importer
- Date: 2009-11-26 08:27:27 UTC
- mfrom: (51.1.1 karmic-proposed)
- Revision ID: james.westby@ubuntu.com-20091126082727-7ihkk80ui6j9wkmq
* SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313)
- debian/patches/CVE-2009-3291.patch: validate certificate's CN length
in ext/openssl/openssl.c.
- CVE-2009-3291
* SECURITY UPDATE: denial of service via malformed exif images
(LP: #446313)
- debian/patches/CVE-2009-3292.patch: check length, return codes, and
nesting level in ext/exif/exif.c.
- CVE-2009-3292
* SECURITY UPDATE: safe_mode bypass via tempam function
- debian/patches/CVE-2009-3557.patch: check for safe_mode in
ext/standard/file.c.
- CVE-2009-3557
* SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo
- debian/patches/CVE-2009-3558.patch: check for open_basedir in
ext/posix/posix.c.
- CVE-2009-3558
* SECURITY UPDATE: denial of service via large number of files in
form-data POST request.
- debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads"
directive and enforce in main/main.c, main/rfc1867.c.
- ATTENTION: this update changes previous php5 behaviour by limiting
the number of files in a POST request to 50. This may be increased
by adding a "max_file_uploads" directive to the php.ini configuration
file.
- CVE-2009-4017
* SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open()
- debian/patches/CVE-2009-4018.patch: add safe_mode check in
ext/standard/proc_open.c
- CVE-2009-4018
- debian/patches/CVE-2009-3291.patch: validate certificate's CN length
in ext/openssl/openssl.c.
- CVE-2009-3291
* SECURITY UPDATE: denial of service via malformed exif images
(LP: #446313)
- debian/patches/CVE-2009-3292.patch: check length, return codes, and
nesting level in ext/exif/exif.c.
- CVE-2009-3292
* SECURITY UPDATE: safe_mode bypass via tempam function
- debian/patches/CVE-2009-3557.patch: check for safe_mode in
ext/standard/file.c.
- CVE-2009-3557
* SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo
- debian/patches/CVE-2009-3558.patch: check for open_basedir in
ext/posix/posix.c.
- CVE-2009-3558
* SECURITY UPDATE: denial of service via large number of files in
form-data POST request.
- debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads"
directive and enforce in main/main.c, main/rfc1867.c.
- ATTENTION: this update changes previous php5 behaviour by limiting
the number of files in a POST request to 50. This may be increased
by adding a "max_file_uploads" directive to the php.ini configuration
file.
- CVE-2009-4017
* SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open()
- debian/patches/CVE-2009-4018.patch: add safe_mode check in
ext/standard/proc_open.c
- CVE-2009-4018
| Filename | Latest Rev | Last Changed | Committer | Comment | Size | ||
|---|---|---|---|---|---|---|---|
 ..
|
|||||||
sendmail_nw.h |
1.1.13 | 15 years ago | Bazaar Package Importer | Import upstream version 5.2.9.dfsg.1 | 577 bytes |
|
|
|
start.c |
1.1.13 | 15 years ago | Bazaar Package Importer | Import upstream version 5.2.9.dfsg.1 | 3.7 KB |
|
|