~ubuntu-branches/ubuntu/oneiric/php5/oneiric-security

Viewing all changes in revision 100.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2012-06-12 15:31:43 UTC
  • Revision ID: package-import@ubuntu.com-20120612153143-nr8klh3wyxoa114u
Tags: 5.3.6-13ubuntu3.8
* SECURITY UPDATE: denial of service via invalid tidy objects
  - debian/patches/CVE-2012-0781.patch: track initialization in
    ext/tidy/tidy.c, added tests to ext/tidy/tests/004.phpt,
    ext/tidy/tests/bug54682.phpt.
  - CVE-2012-0781
* SECURITY UPDATE: denial of service or possible directory traversal via
  invalid filename.
  - debian/patches/CVE-2012-1172.patch: ensure brackets get closed in
    main/rfc1867.c, add test to tests/basic/bug55500.phpt.
  - CVE-2012-1172
* SECURITY UPDATE: password truncation via invalid byte
  - debian/patches/CVE-2012-2143.patch: improve logic in
    ext/standard/crypt_freesec.c, add test to
    ext/standard/tests/strings/crypt_chars.phpt.
  - CVE-2012-2143
* SECURITY UPDATE: improve php5-cgi query string parameter parsing
  - debian/patches/CVE-2012-233x.patch: improve parsing in
    sapi/cgi/cgi_main.c.
  - CVE-2012-2335
  - CVE-2012-2336
* SECURITY UPDATE: phar extension heap overflow
  - debian/patches/CVE-2012-2386.patch: check for overflow in
    ext/phar/tar.c.
  - CVE-2012-2386

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: