-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Thu, 08 Mar 2007 00:03:22 +0100 Source: php5 Binary: php5-gd php5-ldap php5 php5-xmlrpc php5-pspell libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-tidy php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mcrypt php5-mysql php5-common php5-imap php5-snmp php5-dev php5-sqlite libapache-mod-php5 php5-interbase Architecture: source i386 all Version: 5.2.0-8+etch1 Distribution: testing-proposed-updates Urgency: high Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> Changed-By: sean finney <seanius@debian.org> Description: libapache-mod-php5 - server-side, HTML-embedded scripting language (apache 1.3 module) libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2 module) php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (meta-package) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dev - Files for PHP5 module development php5-gd - GD module for php5 php5-imap - IMAP module for php5 php5-interbase - interbase/firebird module for php5 php5-ldap - LDAP module for php5 php5-mcrypt - MCrypt module for php5 php5-mhash - MHASH module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.2.0-8+etch1) testing-proposed-updates; urgency=high . [ sean finney ] * Rebuild of 5.2.0-10 targeted at etch. * The following security issues are addressed with this update: - CVE-2007-0906: Multiple buffer overflows in various code: * session (116-CVE-2007-0906_session.patch) * streams (116-CVE-2007-0906_streams.patch) * imap (116-CVE-2007-0906_imap.patch) * str_replace: (116-CVE-2007-0906_string.patch) * interbase: (116-CVE-2007-0906_interbase.patch) * zip: (116-CVE-2007-0906_zip.patch) * the sqlite and mail related vulnerabilities in this CVE do not affect the php5 source packages. - CVE-2007-0907: sapi_header_op buffer underflow (116-CVE-2007-0907.patch) - CVE-2007-0908: wddx information disclosure (116-CVE-2007-0908.patch) - CVE-2007-0909: More buffer overflows: * the odbc_result_all function (116-CVE-2007-0909_odbc.patch) * various formatted print functions (116-CVE-2007-0909_print.patch) - CVE-2007-0910: Clobbering of super-globals (116-CVE-2007-0910.patch) - CVE-2007-0988: 64bit unserialize DoS (116-CVE-2007-0988.patch) * The package maintainers would like to thank Joe Orton from redhat and Martin Pitt from ubuntu for their help in preparation of this update. * backport upstream fix for AUTH PLAIN support in imap extension Files: 9855a786db5a8d0ff52ca1095542f7ea 1976 web optional php5_5.2.0-8+etch1.dsc 85e8e1560d2bada44eaa65e8162c0543 102115 web optional php5_5.2.0-8+etch1.diff.gz 9148fc6d7b97f8f252fbc38f5c6d56e7 213150 web optional php5-common_5.2.0-8+etch1_i386.deb 8f91ec8c564c4ee29e34772a469d6545 2412010 web optional libapache-mod-php5_5.2.0-8+etch1_i386.deb 68a193dfa9c4fca60ffd19b219ce56ae 2412288 web optional libapache2-mod-php5_5.2.0-8+etch1_i386.deb 14c7d085fd80b68fa2862c5538e607b4 4754104 web optional php5-cgi_5.2.0-8+etch1_i386.deb ffa5104673bd3ec7a4abfa35a19f0091 2396358 web optional php5-cli_5.2.0-8+etch1_i386.deb 6ca4e911d8057d2a75ea13a3d11766c6 342018 devel optional php5-dev_5.2.0-8+etch1_i386.deb 46a930bf221cf4d3bfd32b91ffca5dba 24462 web optional php5-curl_5.2.0-8+etch1_i386.deb 8e7d0bd41e973526786ebbc6e05879ce 33402 web optional php5-gd_5.2.0-8+etch1_i386.deb 97088c129c3bfb4cc8e866b4067dbc8f 34488 web optional php5-imap_5.2.0-8+etch1_i386.deb a3eeb88a2afb15c6667258ea68774525 44134 web optional php5-interbase_5.2.0-8+etch1_i386.deb 29cf080ca66b6445f40e69a48c72e111 17240 web optional php5-ldap_5.2.0-8+etch1_i386.deb 9d1537058d2fb227fe33b602a3c4735a 12830 web optional php5-mcrypt_5.2.0-8+etch1_i386.deb 47015b5ca60d47acfe33eb3732b0b332 5042 web optional php5-mhash_5.2.0-8+etch1_i386.deb 7d16a91dbd76cc424633e7dedc68c2a7 64906 web optional php5-mysql_5.2.0-8+etch1_i386.deb 1c5dab7d6baaa6d42b3a6044a56012b7 34050 web optional php5-odbc_5.2.0-8+etch1_i386.deb 339d8d08f5283814b0b69da6c7bb81e3 50612 web optional php5-pgsql_5.2.0-8+etch1_i386.deb 3bcee1ede32604deea98f67b9e786a3d 8622 web optional php5-pspell_5.2.0-8+etch1_i386.deb 441a97537f178155ffdd030cc1d9e215 4752 web optional php5-recode_5.2.0-8+etch1_i386.deb e9ad08a434bc84ef2158c34765ad93e8 11298 web optional php5-snmp_5.2.0-8+etch1_i386.deb e6d5882e2893826aa7cb615f13451712 34464 web optional php5-sqlite_5.2.0-8+etch1_i386.deb 67e08fff37552557bb1734e914251fb3 18392 web optional php5-sybase_5.2.0-8+etch1_i386.deb 14e877ffcd3377bae826f2deb4ec0dd0 16466 web optional php5-tidy_5.2.0-8+etch1_i386.deb de8e026be7a55193b39013206cef96f4 36440 web optional php5-xmlrpc_5.2.0-8+etch1_i386.deb 931c05b56a4a35552fab0071172e547b 12250 web optional php5-xsl_5.2.0-8+etch1_i386.deb dc583a2fe047c71adff4cf6a56a690d1 1040 web optional php5_5.2.0-8+etch1_all.deb cf4667f3c487f62b9ecb09b2f76ed300 306944 web optional php-pear_5.2.0-8+etch1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF702qynjLPm522B0RAin0AJ9kKSBuEjwdO7RWZhcmBerj6Opg4QCff2Y1 gExnsTBhL+RNhgOflGBQsvw= =ak5h -----END PGP SIGNATURE----- Accepted: libapache-mod-php5_5.2.0-8+etch1_i386.deb to pool/main/p/php5/libapache-mod-php5_5.2.0-8+etch1_i386.deb libapache2-mod-php5_5.2.0-8+etch1_i386.deb to pool/main/p/php5/libapache2-mod-php5_5.2.0-8+etch1_i386.deb php-pear_5.2.0-8+etch1_all.deb to pool/main/p/php5/php-pear_5.2.0-8+etch1_all.deb php5-cgi_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-cgi_5.2.0-8+etch1_i386.deb php5-cli_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-cli_5.2.0-8+etch1_i386.deb php5-common_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-common_5.2.0-8+etch1_i386.deb php5-curl_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-curl_5.2.0-8+etch1_i386.deb php5-dev_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-dev_5.2.0-8+etch1_i386.deb php5-gd_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-gd_5.2.0-8+etch1_i386.deb php5-imap_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-imap_5.2.0-8+etch1_i386.deb php5-interbase_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-interbase_5.2.0-8+etch1_i386.deb php5-ldap_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-ldap_5.2.0-8+etch1_i386.deb php5-mcrypt_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-mcrypt_5.2.0-8+etch1_i386.deb php5-mhash_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-mhash_5.2.0-8+etch1_i386.deb php5-mysql_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-mysql_5.2.0-8+etch1_i386.deb php5-odbc_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-odbc_5.2.0-8+etch1_i386.deb php5-pgsql_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-pgsql_5.2.0-8+etch1_i386.deb php5-pspell_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-pspell_5.2.0-8+etch1_i386.deb php5-recode_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-recode_5.2.0-8+etch1_i386.deb php5-snmp_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-snmp_5.2.0-8+etch1_i386.deb php5-sqlite_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-sqlite_5.2.0-8+etch1_i386.deb php5-sybase_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-sybase_5.2.0-8+etch1_i386.deb php5-tidy_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-tidy_5.2.0-8+etch1_i386.deb php5-xmlrpc_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-xmlrpc_5.2.0-8+etch1_i386.deb php5-xsl_5.2.0-8+etch1_i386.deb to pool/main/p/php5/php5-xsl_5.2.0-8+etch1_i386.deb php5_5.2.0-8+etch1.diff.gz to pool/main/p/php5/php5_5.2.0-8+etch1.diff.gz php5_5.2.0-8+etch1.dsc to pool/main/p/php5/php5_5.2.0-8+etch1.dsc php5_5.2.0-8+etch1_all.deb to pool/main/p/php5/php5_5.2.0-8+etch1_all.deb