~ubuntu-branches/ubuntu/natty/php5/natty-security

Viewing all changes in revision 90.

  • Committer: Package Import Robot
  • Author(s): Steve Beattie, Angel Abad, Steve Beattie
  • Date: 2011-10-13 13:49:23 UTC
  • Revision ID: package-import@ubuntu.com-20111013134923-m0vw36h5ox5glvhn
Tags: 5.3.5-1ubuntu7.3
[ Angel Abad ]
* SECURITY UPDATE: File path injection vulnerability in RFC1867 File
  upload filename (LP: #813115)
  - debian/patches/php5-CVE-2011-2202.patch:
  - CVE-2011-2202
* SECURITY UPDATE: Fixed stack buffer overflow in socket_connect()
  (LP: #813110)
  - debian/patches/php5-CVE-2011-1938.patch:
  - CVE-2011-1938

[ Steve Beattie ]
* SECURITY UPDATE: DoS in zip handling due to addGlob() crashing
  on invalid flags
  - debian/patches/php5-CVE-2011-1657.patch: check for valid flags
  - CVE-2011-1657
* SECURITY UPDATE: crypt_blowfish doesn't properly handle 8-bit
  (non-ascii) passwords leading to a smaller collision space
  - debian/patches/php5-CVE-2011-2483.patch: update crypt_blowfish
    to 1.2 to correct handling of passwords containing 8-bit
    (non-ascii) characters.
    CVE-2011-2483
* SECURITY UPDATE: DoS due to failure to check for memory allocation errors
  - debian/patches/php5-CVE-2011-3182.patch: check the return values
    of the malloc, calloc, and realloc functions
  - CVE-2011-3182
* SECURITY UPDATE:  DoS in errorlog() when passed NULL
  - debian/patches/php5-CVE-2011-3267.patch: fix NULL pointer crash in
    errorlog()
  - CVE-2011-3267
* debian/patches/fix_crash_in__php_mssql_get_column_content_without_type.patch:
  refresh patch to make it cleanly apply.

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: