-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 29 Sep 2007 00:04:15 +0200 Source: php5 Binary: php5-gd php5-ldap php5 php5-xmlrpc php5-pspell libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-tidy php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mcrypt php5-mysql php5-common php5-imap php5-snmp php5-dev php5-sqlite php5-interbase Architecture: source i386 all Version: 5.2.3-1+lenny1 Distribution: testing-security Urgency: high Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> Changed-By: Nico Golde <nion@debian.org> Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2 module) php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (meta-package) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dev - Files for PHP5 module development php5-gd - GD module for php5 php5-imap - IMAP module for php5 php5-interbase - interbase/firebird module for php5 php5-ldap - LDAP module for php5 php5-mcrypt - MCrypt module for php5 php5-mhash - MHASH module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.2.3-1+lenny1) testing-security; urgency=high . * Non-maintainer upload by testing security team. * The following security issues are addressed with this update: - CVE-2007-3806 possible code execution via glob() function - CVE-2007-3799 insertion of arbitrary attributes into the session cookie - CVE-2007-4658 possible use of multiple format string tokens in money_format with unknown impact, possibly format string vulnerability - CVE-2007-4657 multiple integer overflows via large len values passed to strspn and strcspn functions - CVE-2007-4662 buffer overflow in php_openssl_make_REQ - CVE-2007-4660 incorrect size calculations in chunk_split function - CVE-2007-3998 possible denial of service vulnerability because of missing check for breakcharlen in wordwrap() - CVE-2007-4659 missing interrupt handling for flow execution triggered by a memory_limit violation Files: 5e1329da1d756dcbb5793e026a4cf6fb 1935 web optional php5_5.2.3-1+lenny1.dsc 359f936e55497bf8cdf03132ebc95f17 121813 web optional php5_5.2.3-1+lenny1.diff.gz df79b04d63fc4c1ccb6d8ea58a9cf3ac 9341653 web optional php5_5.2.3.orig.tar.gz c6d2dea4aa525ae6148ea758431d892d 231814 web optional php5-common_5.2.3-1+lenny1_i386.deb f98964f7793565cbf6ea131c29c7104a 2523334 web optional libapache2-mod-php5_5.2.3-1+lenny1_i386.deb 3bac3f3776969ed3ada52ce12df435c5 4984556 web optional php5-cgi_5.2.3-1+lenny1_i386.deb f554d6ebfa74b0bbc672b16a69144752 2510350 web optional php5-cli_5.2.3-1+lenny1_i386.deb 4608c4938e5f537fc44472dcfd98a484 354420 devel optional php5-dev_5.2.3-1+lenny1_i386.deb 1d0994b3418794026f5873c24fffe388 23496 web optional php5-curl_5.2.3-1+lenny1_i386.deb c98f99383ad163895b10daab988e39e7 32284 web optional php5-gd_5.2.3-1+lenny1_i386.deb 98ac4a69d5d32e1c378a9062fc37e03d 33912 web optional php5-imap_5.2.3-1+lenny1_i386.deb 8247a041b293b0b5c9d14bf890331759 44024 web optional php5-interbase_5.2.3-1+lenny1_i386.deb 6ef8bd11d6256c4b1895eb29454e9d77 17746 web optional php5-ldap_5.2.3-1+lenny1_i386.deb 231141e540b3d9d2afd4907d511fe56a 12840 web optional php5-mcrypt_5.2.3-1+lenny1_i386.deb 679976a8ffcd759b408ce52b623a8169 5042 web optional php5-mhash_5.2.3-1+lenny1_i386.deb fccbc811cd0dc974d73c6b203c3775a2 64742 web optional php5-mysql_5.2.3-1+lenny1_i386.deb a1b9110b24979d85c5220d5b971a662b 32940 web optional php5-odbc_5.2.3-1+lenny1_i386.deb 294e48e5d21bdd09ca0a215e01d0b84e 50696 web optional php5-pgsql_5.2.3-1+lenny1_i386.deb 1bbcdc1f1d88e8a17aece2c2e1e0391f 8406 web optional php5-pspell_5.2.3-1+lenny1_i386.deb dba9ff03ca2ff8f8b84c2658b4699c27 4742 web optional php5-recode_5.2.3-1+lenny1_i386.deb b40bdc01c3d226ca4a7845bb1f1e069b 11314 web optional php5-snmp_5.2.3-1+lenny1_i386.deb 59f81dcb74e59906fb1b9d0dabd66179 34270 web optional php5-sqlite_5.2.3-1+lenny1_i386.deb a132819f7b8b0b6694074697d687bbb0 17934 web optional php5-sybase_5.2.3-1+lenny1_i386.deb 7744ceaa23e659811d76f4c600c3fca1 16200 web optional php5-tidy_5.2.3-1+lenny1_i386.deb 27fe6c5c43c718a70a6054c83c099563 36588 web optional php5-xmlrpc_5.2.3-1+lenny1_i386.deb 3f5b38859dfe633022732ad9f34a30ef 12230 web optional php5-xsl_5.2.3-1+lenny1_i386.deb d7940fc3709298016057467f217feb6f 1036 web optional php5_5.2.3-1+lenny1_all.deb a1d78f04732d0ba050b79d0f13e58683 357318 web optional php-pear_5.2.3-1+lenny1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHA+7/bxelr8HyTqQRAjVCAJ0VQJkJphpA5Yz9FTysIsvk8kvhGQCdGdz4 xIfhAwuGjqz1d7AsRYziArA= =SYer -----END PGP SIGNATURE----- Accepted: libapache2-mod-php5_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/libapache2-mod-php5_5.2.3-1+lenny1_i386.deb php-pear_5.2.3-1+lenny1_all.deb to pool/main/p/php5/php-pear_5.2.3-1+lenny1_all.deb php5-cgi_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-cgi_5.2.3-1+lenny1_i386.deb php5-cli_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-cli_5.2.3-1+lenny1_i386.deb php5-common_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-common_5.2.3-1+lenny1_i386.deb php5-curl_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-curl_5.2.3-1+lenny1_i386.deb php5-dev_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-dev_5.2.3-1+lenny1_i386.deb php5-gd_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-gd_5.2.3-1+lenny1_i386.deb php5-imap_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-imap_5.2.3-1+lenny1_i386.deb php5-interbase_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-interbase_5.2.3-1+lenny1_i386.deb php5-ldap_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-ldap_5.2.3-1+lenny1_i386.deb php5-mcrypt_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-mcrypt_5.2.3-1+lenny1_i386.deb php5-mhash_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-mhash_5.2.3-1+lenny1_i386.deb php5-mysql_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-mysql_5.2.3-1+lenny1_i386.deb php5-odbc_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-odbc_5.2.3-1+lenny1_i386.deb php5-pgsql_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-pgsql_5.2.3-1+lenny1_i386.deb php5-pspell_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-pspell_5.2.3-1+lenny1_i386.deb php5-recode_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-recode_5.2.3-1+lenny1_i386.deb php5-snmp_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-snmp_5.2.3-1+lenny1_i386.deb php5-sqlite_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-sqlite_5.2.3-1+lenny1_i386.deb php5-sybase_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-sybase_5.2.3-1+lenny1_i386.deb php5-tidy_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-tidy_5.2.3-1+lenny1_i386.deb php5-xmlrpc_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-xmlrpc_5.2.3-1+lenny1_i386.deb php5-xsl_5.2.3-1+lenny1_i386.deb to pool/main/p/php5/php5-xsl_5.2.3-1+lenny1_i386.deb php5_5.2.3-1+lenny1.diff.gz to pool/main/p/php5/php5_5.2.3-1+lenny1.diff.gz php5_5.2.3-1+lenny1.dsc to pool/main/p/php5/php5_5.2.3-1+lenny1.dsc php5_5.2.3-1+lenny1_all.deb to pool/main/p/php5/php5_5.2.3-1+lenny1_all.deb