-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2012-06-12 15:38:21 UTC
-
Revision ID:
package-import@ubuntu.com-20120612153821-wlxxn198vzk10zld
Tags: 5.3.5-1ubuntu7.10
* SECURITY UPDATE: denial of service via invalid tidy objects
- debian/patches/CVE-2012-0781.patch: track initialization in
ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt,
ext/tidy/tests/bug54682.phpt.
- CVE-2012-0781
* SECURITY UPDATE: denial of service or possible directory traversal via
invalid filename.
- debian/patches/CVE-2012-1172.patch: ensure brackets get closed in
main/rfc1867.c, add test to tests/basic/bug55500.phpt.
- CVE-2012-1172
* SECURITY UPDATE: password truncation via invalid byte
- debian/patches/CVE-2012-2143.patch: improve logic in
ext/standard/crypt_freesec.c, add test to
ext/standard/tests/strings/crypt_chars.phpt.
- CVE-2012-2143
* SECURITY UPDATE: crypto() empty salt string issue
- debian/patches/{php_crypt_revamped,use_system_crypt_fixes}.patch:
Return fail string on invalid Blowfish salt rounds, fix regression
when the salt is empty.
- CVE-2012-2317
* SECURITY UPDATE: improve php5-cgi query string parameter parsing
- debian/patches/CVE-2012-233x.patch: improve parsing in
sapi/cgi/cgi_main.c.
- CVE-2012-2335
- CVE-2012-2336
* SECURITY UPDATE: phar extension heap overflow
- debian/patches/CVE-2012-2386.patch: check for overflow in
ext/phar/tar.c.
- CVE-2012-2386