-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 18 Jan 2006 18:41:11 +1100 Source: php4 Binary: php4-sybase php4-recode php4-cgi libapache-mod-php4 php4-cli php4-dev php4-snmp libapache2-mod-php4 php4-odbc php4-xslt php4-mysql php4-domxml php4-gd php4-ldap php4-common php4 php4-curl php4-pear php4-mcal php4-mhash php4-pgsql Architecture: source i386 all Version: 4:4.4.2-1 Distribution: unstable Urgency: low Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> Changed-By: Adam Conrad <adconrad@0c3.net> Description: libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 module) libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 2.0 module) php4 - server-side, HTML-embedded scripting language (meta-package) php4-cgi - server-side, HTML-embedded scripting language (CGI binary) php4-cli - command-line interpreter for the php4 scripting language php4-common - Common files for packages built from the php4 source php4-curl - CURL module for php4 php4-dev - Files for PHP4 module development php4-domxml - XMLv2 module for php4 php4-gd - GD module for php4 php4-ldap - LDAP module for php4 php4-mcal - MCAL calendar module for php4 php4-mhash - MHASH module for php4 php4-mysql - MySQL module for php4 php4-odbc - ODBC module for php4 php4-pear - PHP Extension and Application Repository (transitional package) php4-pgsql - PostgreSQL module for php4 php4-recode - Character recoding module for php4 php4-snmp - SNMP module for php4 php4-sybase - Sybase / MS SQL Server module for php4 php4-xslt - XSLT module for php4 Closes: 336004 336645 339577 341726 343399 343791 Changes: php4 (4:4.4.2-1) unstable; urgency=low . * New upstream bugfix release, skipping the problematic 4.4.1 release: - Remove some PEAR cruft from 006-debian_quirks.patch, since we don't build PEAR from php4 anymore, and it conflicted with upstream diffs. - Remove 054-open_basedir_slash.patch, now integrated upstream. - Remove 055-gd_safe_mode_checks.patch, fixed differently upstream. * Many security vulns fixed (closes: #336645, #339577, #336004, #341726): - Fixes multiple cross-site-scripting vulnerabilities; CVE-2006-0208 - Resolves multiple HTTP response splitting vulnerabilities, allowing arbitrary header injection via Set-Cookie headers; see CVE-2006-0207 - Resolves a local denial of service in the apache2 SAPI, which can be triggered by using session.save_path in .htaccess; CVE-2005-3319 - Resolves an infinite loop in the exif_read_data function which can be triggered with a specially-crafted JPEG image; CVE-2005-3353 - Resolves an XSS vulnerability in the phpinfo function; CVE-2005-3388 - Resolves a vulnerability in the parse_str function whereby a remote attacker can fool PHP into turning on register_globals, thus making applications vulnerable to global variable injections; CVE-2005-3389 - Resolves a vulnerability in the RFC1867 file upload feature where, if register_globals is enabled, a remote attacker can modify the GLOBALS array with a multipart/form-data POST request; see CVE-2005-3390 - Resolves numerous safe_mode and open_basedir bypasses; CVE-2005-3391 - Resolves INI settings leaks in the apache2 SAPI, leading to safe_mode and open_basedir bypasses between virtual hosts; CVE-2005-3392 - Resolves a CRLF injection vulnerability in the mb_send_mail function, allowing injection of arbitrary mail headers; see CVE-2005-3883 * Bump libdb build-dep from 4.2 to 4.3, matching apache (closes: #343399) * Bump our MySQL build-dep to 5.0's libmysqlclient15-dev (closes: #343791) * Automate the process of getting the list of built-in modules into the package descriptions, so it stays fresh in the future (see: #341867) * Create 056-mime_magic_strings.patch, making the mime_magic extension more liberal about what mime-types is accepts, as well as making it skip over ones it dislikes, rather than disabling itself (see: #335674) * Add 057-no_apache_installed.patch, to stop spewing a mess of errors in configure because we don't have the apache binaries in the build chroot. * Fix small typo in the php4-xslt package description (see: #344816) Files: c30822bc794b738318164dce3cbd2813 1791 web optional php4_4.4.2-1.dsc a7ae7ed8f2edf1592bd94eab91c634fa 5461440 web optional php4_4.4.2.orig.tar.gz 34f22a7d636ee5633e9d4bf1f359f700 98122 web optional php4_4.4.2-1.diff.gz f998715b32c378f3bf807f615a4af7b4 173814 web optional php4-common_4.4.2-1_i386.deb 0cd21985bca4226e533c9a4731994397 1601042 web optional libapache-mod-php4_4.4.2-1_i386.deb 8b5a78625cdc4d4bb2a303904a54ca46 1598430 web optional libapache2-mod-php4_4.4.2-1_i386.deb 602fd72bae58292412d62c1acf0f57e4 3182264 web optional php4-cgi_4.4.2-1_i386.deb 6c622e3396abfa063d157a4337c35d6d 1598306 web optional php4-cli_4.4.2-1_i386.deb 1e57f095a587a7f74ec14bba5b6a6778 201146 devel optional php4-dev_4.4.2-1_i386.deb 6d4f480b9e3e37068bc721b0e467da5e 19074 web optional php4-curl_4.4.2-1_i386.deb dd9fc2d0ead5371d973f5f7705351953 38808 web optional php4-domxml_4.4.2-1_i386.deb ffc438a188862049f180de60edc5e0c3 33182 web optional php4-gd_4.4.2-1_i386.deb 06d007059020c6de7d0d2d90a15f4256 20714 web optional php4-ldap_4.4.2-1_i386.deb 7e6496393a8325dd7aefcd7aa8c34eed 17656 web optional php4-mcal_4.4.2-1_i386.deb 2d70d0fee6300a5d53bc11dda3fc8c49 8800 web optional php4-mhash_4.4.2-1_i386.deb 1094ad0bdb7d8eae5ba36929db6747af 22084 web optional php4-mysql_4.4.2-1_i386.deb 68a5c49262af6f869f6ea25206376db8 28126 web optional php4-odbc_4.4.2-1_i386.deb 3ac3eaa6f73a1925d9d6bba0d0df09e0 37050 web optional php4-pgsql_4.4.2-1_i386.deb 18f3ff80db3a44ae73ad9ceb45bc117d 8496 web optional php4-recode_4.4.2-1_i386.deb f200925fa384c1269f0aec042c5b4577 14104 web optional php4-snmp_4.4.2-1_i386.deb 15c2e244fbd5c5b60a9bff4b2d11dc72 21530 web optional php4-sybase_4.4.2-1_i386.deb 55f8951b13a84e15bd6a1806f232d43c 17006 web optional php4-xslt_4.4.2-1_i386.deb 51b8a4bd2bb5892cb072ca3740529212 1154 web optional php4_4.4.2-1_all.deb 69d6a539bce90b2f35d9740fbb7827aa 1168 web optional php4-pear_4.4.2-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFDzjXzvjztR8bOoMkRAj8RAKDMLdBIx7pVMkP19wDX7qe5t9g0XACgwelS KLrU8n+63+EODSHclBawMkQ= =hvuD -----END PGP SIGNATURE----- Accepted: libapache-mod-php4_4.4.2-1_i386.deb to pool/main/p/php4/libapache-mod-php4_4.4.2-1_i386.deb libapache2-mod-php4_4.4.2-1_i386.deb to pool/main/p/php4/libapache2-mod-php4_4.4.2-1_i386.deb php4-cgi_4.4.2-1_i386.deb to pool/main/p/php4/php4-cgi_4.4.2-1_i386.deb php4-cli_4.4.2-1_i386.deb to pool/main/p/php4/php4-cli_4.4.2-1_i386.deb php4-common_4.4.2-1_i386.deb to pool/main/p/php4/php4-common_4.4.2-1_i386.deb php4-curl_4.4.2-1_i386.deb to pool/main/p/php4/php4-curl_4.4.2-1_i386.deb php4-dev_4.4.2-1_i386.deb to pool/main/p/php4/php4-dev_4.4.2-1_i386.deb php4-domxml_4.4.2-1_i386.deb to pool/main/p/php4/php4-domxml_4.4.2-1_i386.deb php4-gd_4.4.2-1_i386.deb to pool/main/p/php4/php4-gd_4.4.2-1_i386.deb php4-ldap_4.4.2-1_i386.deb to pool/main/p/php4/php4-ldap_4.4.2-1_i386.deb php4-mcal_4.4.2-1_i386.deb to pool/main/p/php4/php4-mcal_4.4.2-1_i386.deb php4-mhash_4.4.2-1_i386.deb to pool/main/p/php4/php4-mhash_4.4.2-1_i386.deb php4-mysql_4.4.2-1_i386.deb to pool/main/p/php4/php4-mysql_4.4.2-1_i386.deb php4-odbc_4.4.2-1_i386.deb to pool/main/p/php4/php4-odbc_4.4.2-1_i386.deb php4-pear_4.4.2-1_all.deb to pool/main/p/php4/php4-pear_4.4.2-1_all.deb php4-pgsql_4.4.2-1_i386.deb to pool/main/p/php4/php4-pgsql_4.4.2-1_i386.deb php4-recode_4.4.2-1_i386.deb to pool/main/p/php4/php4-recode_4.4.2-1_i386.deb php4-snmp_4.4.2-1_i386.deb to pool/main/p/php4/php4-snmp_4.4.2-1_i386.deb php4-sybase_4.4.2-1_i386.deb to pool/main/p/php4/php4-sybase_4.4.2-1_i386.deb php4-xslt_4.4.2-1_i386.deb to pool/main/p/php4/php4-xslt_4.4.2-1_i386.deb php4_4.4.2-1.diff.gz to pool/main/p/php4/php4_4.4.2-1.diff.gz php4_4.4.2-1.dsc to pool/main/p/php4/php4_4.4.2-1.dsc php4_4.4.2-1_all.deb to pool/main/p/php4/php4_4.4.2-1_all.deb php4_4.4.2.orig.tar.gz to pool/main/p/php4/php4_4.4.2.orig.tar.gz
