-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 29 Apr 2009 17:55:41 +0200 Source: php5 Binary: php5-gd php5-ldap php5 php5-xmlrpc php5-pspell libapache2-mod-php5 php5-xsl php5-cgi php-pear php5-tidy php5-pgsql php5-cli php5-recode php5-mhash php5-sybase php5-curl php5-odbc php5-mcrypt php5-mysql php5-common php5-imap php5-snmp php5-dev php5-sqlite libapache-mod-php5 php5-interbase Architecture: source amd64 all Version: 5.2.0+dfsg-8+etch15 Distribution: oldstable-security Urgency: high Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> Changed-By: Sean Finney <seanius@debian.org> Description: libapache-mod-php5 - server-side, HTML-embedded scripting language (apache 1.3 module) libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2 module) php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (meta-package) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dev - Files for PHP5 module development php5-gd - GD module for php5 php5-imap - IMAP module for php5 php5-interbase - interbase/firebird module for php5 php5-ldap - LDAP module for php5 php5-mcrypt - MCrypt module for php5 php5-mhash - MHASH module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Closes: 341420 471104 507101 507857 508021 511493 523028 523049 Changes: php5 (5.2.0+dfsg-8+etch15) oldstable-security; urgency=high . * The previous security upload was missing one fix. * The following security issues are addressed with this update: - CVE-2009-1271: remote DoS in json_decode() Patch: 149-CVE-2009-1271.patch . php5 (5.2.0+dfsg-8+etch14) oldstable-security; urgency=high . * The following security issues are addressed with this update: - CVE-2008-5624: proper initialization of uid/gid for apache2 sapi. Patch: 142-CVE-2008-5624.patch (closes: #508021). - CVE-2008-5557: heap overflows in the mbstring extension. Patch: 144-CVE-2008-5557.patch (closes: #511493). - CVE-2008-5658: directory traversal in the zip extension Patch: 148-CVE-2008-5658.patch (closes: #507857). - CVE-2008-2107/CVE-2008-2108: crypto weaknesses in php_rand module Patch: 212-CVE-2008-2107+2108.patch (borrowed from dapper). - CVE-2009-0754.patch: mbstring.func_overload leakage between vhosts Patch: 147-CVE-2009-0754.patch (closes: #523049). - CVE-2008-5814: XSS vulnerability via display_errors Patch: 146-CVE-2008-5814.patch (closes: #523028). - (no CVE): file truncation via inifile handler for the dba functions. Patch: 145-dba-inifile-truncation.patch (closes: #507101). * Backport the patch from lenny/sid to use the system timezone database instead of the embedded php timezone database which is out of date. Patch: 143-use_embedded_timezonedb.patch (closes: #471104). * Repack the etch version of php5, stripping out the (unused) dbase module which contained licensing problems (closes: #341420). Files: 68d631a7860f0fc34516cc8bbf2938a5 1993 web optional php5_5.2.0+dfsg-8+etch15.dsc 956486a588c577616a5008d185e84968 8431973 web optional php5_5.2.0+dfsg.orig.tar.gz 27d7683a1388c69479b06ac1162e27a2 130902 web optional php5_5.2.0+dfsg-8+etch15.diff.gz 294541ab5286e92e2895931547a4015e 218482 web optional php5-common_5.2.0+dfsg-8+etch15_amd64.deb aad636fd27d8f7d7575d5ff3b89dce3f 2433932 web optional libapache-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb 913d144ced4d3cbcbfd55361f60fe791 2434624 web optional libapache2-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb 7d29d3f231affd34e79719346d075327 4718800 web optional php5-cgi_5.2.0+dfsg-8+etch15_amd64.deb 0b47996fb2a5944fd22ab8b65cf4c722 2379548 web optional php5-cli_5.2.0+dfsg-8+etch15_amd64.deb 51b9e65a337166cdb1125549580abf89 345976 devel optional php5-dev_5.2.0+dfsg-8+etch15_amd64.deb 5fbbeb2537f4876d7a516464d510173a 24994 web optional php5-curl_5.2.0+dfsg-8+etch15_amd64.deb 99d582300b639a7db1b781ce76a28738 37124 web optional php5-gd_5.2.0+dfsg-8+etch15_amd64.deb 5c0f91b30760d8512384c0f68dc2bf21 36726 web optional php5-imap_5.2.0+dfsg-8+etch15_amd64.deb ce7e64f8aa10fbc1f40149fcbd40f6e0 46630 web optional php5-interbase_5.2.0+dfsg-8+etch15_amd64.deb c24afd04176a516986910ab36e612f3c 18670 web optional php5-ldap_5.2.0+dfsg-8+etch15_amd64.deb 4a7e7dd3e7e2b86097b9494bfa4dcec9 13494 web optional php5-mcrypt_5.2.0+dfsg-8+etch15_amd64.deb 39eff740288549e5d8ea1cdce0c5f85b 5266 web optional php5-mhash_5.2.0+dfsg-8+etch15_amd64.deb c547292c0a0d6da49953e1001db139d8 71674 web optional php5-mysql_5.2.0+dfsg-8+etch15_amd64.deb 3ace3d84f12b5a8e83248e738fcb706e 36416 web optional php5-odbc_5.2.0+dfsg-8+etch15_amd64.deb 94aae1cea47eb7b61be1800e011a93b9 53952 web optional php5-pgsql_5.2.0+dfsg-8+etch15_amd64.deb 1fdbf3acbf72ef317428fe4f60485882 9404 web optional php5-pspell_5.2.0+dfsg-8+etch15_amd64.deb 4bb26c59f0c29152d7d62dd048b25bb2 4904 web optional php5-recode_5.2.0+dfsg-8+etch15_amd64.deb c4e5fd6ba704945b175c410a4b728672 12062 web optional php5-snmp_5.2.0+dfsg-8+etch15_amd64.deb 90097351de2bac5c6e11a4f7fb5ec73d 38588 web optional php5-sqlite_5.2.0+dfsg-8+etch15_amd64.deb f80699a3c7592b7c38f50af56eeeb957 19438 web optional php5-sybase_5.2.0+dfsg-8+etch15_amd64.deb 1d72cf93b65af6c999e443e656531123 17570 web optional php5-tidy_5.2.0+dfsg-8+etch15_amd64.deb 9f9aea8b4be57aad3d2eda043e190c03 39166 web optional php5-xmlrpc_5.2.0+dfsg-8+etch15_amd64.deb 7776dbf0c8a27a45fb358f2bb6c2f7f9 13030 web optional php5-xsl_5.2.0+dfsg-8+etch15_amd64.deb a6e0b8f0547c74c498749d28dac8b92f 1044 web optional php5_5.2.0+dfsg-8+etch15_all.deb c5fb5dc9ccfe7dfaabce6c5f6f289549 312534 web optional php-pear_5.2.0+dfsg-8+etch15_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFJ+I4lynjLPm522B0RAmdjAJ43s1rbffo294Cq8GQSOvhm+0xEgwCfWOEB WbxZlGNNyPHQcS9HKjoNg+E= =ErOT -----END PGP SIGNATURE----- Accepted: libapache-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/libapache-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb libapache2-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/libapache2-mod-php5_5.2.0+dfsg-8+etch15_amd64.deb php-pear_5.2.0+dfsg-8+etch15_all.deb to pool/main/p/php5/php-pear_5.2.0+dfsg-8+etch15_all.deb php5-cgi_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-cgi_5.2.0+dfsg-8+etch15_amd64.deb php5-cli_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-cli_5.2.0+dfsg-8+etch15_amd64.deb php5-common_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-common_5.2.0+dfsg-8+etch15_amd64.deb php5-curl_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-curl_5.2.0+dfsg-8+etch15_amd64.deb php5-dev_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-dev_5.2.0+dfsg-8+etch15_amd64.deb php5-gd_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-gd_5.2.0+dfsg-8+etch15_amd64.deb php5-imap_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-imap_5.2.0+dfsg-8+etch15_amd64.deb php5-interbase_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-interbase_5.2.0+dfsg-8+etch15_amd64.deb php5-ldap_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-ldap_5.2.0+dfsg-8+etch15_amd64.deb php5-mcrypt_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-mcrypt_5.2.0+dfsg-8+etch15_amd64.deb php5-mhash_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-mhash_5.2.0+dfsg-8+etch15_amd64.deb php5-mysql_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-mysql_5.2.0+dfsg-8+etch15_amd64.deb php5-odbc_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-odbc_5.2.0+dfsg-8+etch15_amd64.deb php5-pgsql_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-pgsql_5.2.0+dfsg-8+etch15_amd64.deb php5-pspell_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-pspell_5.2.0+dfsg-8+etch15_amd64.deb php5-recode_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-recode_5.2.0+dfsg-8+etch15_amd64.deb php5-snmp_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-snmp_5.2.0+dfsg-8+etch15_amd64.deb php5-sqlite_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-sqlite_5.2.0+dfsg-8+etch15_amd64.deb php5-sybase_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-sybase_5.2.0+dfsg-8+etch15_amd64.deb php5-tidy_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-tidy_5.2.0+dfsg-8+etch15_amd64.deb php5-xmlrpc_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-xmlrpc_5.2.0+dfsg-8+etch15_amd64.deb php5-xsl_5.2.0+dfsg-8+etch15_amd64.deb to pool/main/p/php5/php5-xsl_5.2.0+dfsg-8+etch15_amd64.deb php5_5.2.0+dfsg-8+etch15.diff.gz to pool/main/p/php5/php5_5.2.0+dfsg-8+etch15.diff.gz php5_5.2.0+dfsg-8+etch15.dsc to pool/main/p/php5/php5_5.2.0+dfsg-8+etch15.dsc php5_5.2.0+dfsg-8+etch15_all.deb to pool/main/p/php5/php5_5.2.0+dfsg-8+etch15_all.deb php5_5.2.0+dfsg.orig.tar.gz to pool/main/p/php5/php5_5.2.0+dfsg.orig.tar.gz