-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Tue, 27 Feb 2007 00:51:22 +0100 Source: php4 Binary: php4-sybase php4-recode php4-pspell php4-cgi libapache-mod-php4 php4-interbase php4-mcrypt php4-cli php4-dev php4-snmp libapache2-mod-php4 php4-odbc php4-xslt php4-mysql php4-domxml php4-gd php4-ldap php4-imap php4-common php4 php4-curl php4-pear php4-mcal php4-pgsql php4-mhash Architecture: source i386 all Version: 6:4.4.4-9 Distribution: unstable Urgency: high Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> Changed-By: sean finney <seanius@debian.org> Description: libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 module) libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 2 module) php4 - server-side, HTML-embedded scripting language (meta-package) php4-cgi - server-side, HTML-embedded scripting language (CGI binary) php4-cli - command-line interpreter for the php4 scripting language php4-common - Common files for packages built from the php4 source php4-curl - CURL module for php4 php4-dev - Files for PHP4 module development php4-domxml - XMLv2 module for php4 php4-gd - GD module for php4 php4-imap - IMAP module for php4 php4-interbase - interbase/firebird module for php4 php4-ldap - LDAP module for php4 php4-mcal - MCAL calendar module for php4 php4-mcrypt - MCrypt module for php4 php4-mhash - MHASH module for php4 php4-mysql - MySQL module for php4 php4-odbc - ODBC module for php4 php4-pear - PHP Extension and Application Repository (transitional package) php4-pgsql - PostgreSQL module for php4 php4-pspell - pspell module for php4 php4-recode - Character recoding module for php4 php4-snmp - SNMP module for php4 php4-sybase - Sybase / MS SQL Server module for php4 php4-xslt - XSLT module for php4 Closes: 400306 Changes: php4 (6:4.4.4-9) unstable; urgency=high . [ sean finney ] * The following security issues are addressed with this update: - CVE-2007-0906: Multiple buffer overflows in various code: * session (addressed in patch for CVE-2007-0910 below) * imap (062-CVE-2007-0906-imap.patch) * str_replace: (064-CVE-2007-0906-strreplace.patch) * interbase: (063-CVE-2007-0906-interbase.patch) * the zip, sqlite, stream filters, and mail related vulnerabilities in this CVE do not affect the debian sarge php4 source package. - CVE-2007-0907: sapi_header_op buffer underflow (065-CVE-2007-0907.patch) - CVE-2007-0908: wddx information disclosure (066-CVE-2007-0908.patch) - CVE-2007-0909: More buffer overflows: * the odbc_result_all function (067-CVE-2007-0909-odbc.patch) * various formatted print functions (068-CVE-2007-0909-printf.patch) - CVE-2007-0910: Clobbering of super-globals (069-CVE-2007-0910.patch) - CVE-2007-0988: 64bit unserialize DoS (070-CVE-2007-0988.patch) * The package maintainers would like to thank Joe Orton from redhat and Martin Pitt from ubuntu for their help in preparation of this update. * Update package information to say simply "Apache 2" instead of "Apache 2.0" (closes: #400306). * Update php4-gd Description to make more sense and mention Freetype fonts. * Add mention to README.Debian of needing to restart apache when installing modules. * high urgency due to numerous security fixes. Files: 4df66e08083db0bf318752bbd664fa48 1989 web optional php4_4.4.4-9.dsc cd51a123843da7e404a6a12a3651b83c 96890 web optional php4_4.4.4-9.diff.gz e7ad2e5d9e4ee29f423d8af8d2a5724e 206400 web optional php4-common_4.4.4-9_i386.deb 3324e7588316794f2d370f00c8580934 1595124 web optional libapache-mod-php4_4.4.4-9_i386.deb ff4ee923682862451cf7bf0d4ee6f1d6 1596746 web optional libapache2-mod-php4_4.4.4-9_i386.deb 7288ba63428d2d7cf2c66f3e799af047 3175442 web optional php4-cgi_4.4.4-9_i386.deb cca89ac23709c452eed7ba6b8e1b4c49 1596574 web optional php4-cli_4.4.4-9_i386.deb b7bae56d6768dd4cc13eb40b3517881d 201152 devel optional php4-dev_4.4.4-9_i386.deb cb70a48c2670a8390bbf29985f4e14b3 15918 web optional php4-curl_4.4.4-9_i386.deb ec33ba9c269607b6a04ee5e2f5890399 35028 web optional php4-domxml_4.4.4-9_i386.deb ef43a12c07a605888e87dc0fc3682019 29644 web optional php4-gd_4.4.4-9_i386.deb be04a78ae6f3e21518df762e7a6c5220 33230 web optional php4-imap_4.4.4-9_i386.deb 8482780734360b6769415a2d3c4a032d 23144 web optional php4-interbase_4.4.4-9_i386.deb 6a50093df53bfeff1f5c80ea2680c5f2 17046 web optional php4-ldap_4.4.4-9_i386.deb c553a43f9c324dbadead36bbfdfc93e4 14054 web optional php4-mcal_4.4.4-9_i386.deb 159ad5a24fdaea83469b96e22eecc115 13150 web optional php4-mcrypt_4.4.4-9_i386.deb 71d5db1290ab79d92d034617356be08c 5034 web optional php4-mhash_4.4.4-9_i386.deb 3802e9ccc127fab1315d618ce3cd069a 18540 web optional php4-mysql_4.4.4-9_i386.deb 35b6c885fa1fd2fa6e465abeb99f0dc5 24542 web optional php4-odbc_4.4.4-9_i386.deb 59da6c16196e9acfcb40002bd2d6b9e5 33828 web optional php4-pgsql_4.4.4-9_i386.deb dd6f844e8de6edba2fb86785c9ada51b 8426 web optional php4-pspell_4.4.4-9_i386.deb 359bab9a544660fa726f5cdcc31146a8 4746 web optional php4-recode_4.4.4-9_i386.deb ea78ed271642cb04cbd69cbecdca3ea3 10254 web optional php4-snmp_4.4.4-9_i386.deb 1d0c77c5d08815a2c21d046e6585698b 18040 web optional php4-sybase_4.4.4-9_i386.deb 7f489876713c295c6a2a41da30940615 13194 web optional php4-xslt_4.4.4-9_i386.deb d3b241f1b674e08de7a3b1c76a086643 1160 web optional php4_4.4.4-9_all.deb 3a7a283aca70efe0142aabc285258baf 1174 web optional php4-pear_4.4.4-9_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF6sItynjLPm522B0RAgiTAKCEml4CYBAyUgqHdTkSFIT3IDw17ACdHMV9 5IqvgOCY324yU7q42iqwGIs= =W/TF -----END PGP SIGNATURE----- Accepted: libapache-mod-php4_4.4.4-9_i386.deb to pool/main/p/php4/libapache-mod-php4_4.4.4-9_i386.deb libapache2-mod-php4_4.4.4-9_i386.deb to pool/main/p/php4/libapache2-mod-php4_4.4.4-9_i386.deb php4-cgi_4.4.4-9_i386.deb to pool/main/p/php4/php4-cgi_4.4.4-9_i386.deb php4-cli_4.4.4-9_i386.deb to pool/main/p/php4/php4-cli_4.4.4-9_i386.deb php4-common_4.4.4-9_i386.deb to pool/main/p/php4/php4-common_4.4.4-9_i386.deb php4-curl_4.4.4-9_i386.deb to pool/main/p/php4/php4-curl_4.4.4-9_i386.deb php4-dev_4.4.4-9_i386.deb to pool/main/p/php4/php4-dev_4.4.4-9_i386.deb php4-domxml_4.4.4-9_i386.deb to pool/main/p/php4/php4-domxml_4.4.4-9_i386.deb php4-gd_4.4.4-9_i386.deb to pool/main/p/php4/php4-gd_4.4.4-9_i386.deb php4-imap_4.4.4-9_i386.deb to pool/main/p/php4/php4-imap_4.4.4-9_i386.deb php4-interbase_4.4.4-9_i386.deb to pool/main/p/php4/php4-interbase_4.4.4-9_i386.deb php4-ldap_4.4.4-9_i386.deb to pool/main/p/php4/php4-ldap_4.4.4-9_i386.deb php4-mcal_4.4.4-9_i386.deb to pool/main/p/php4/php4-mcal_4.4.4-9_i386.deb php4-mcrypt_4.4.4-9_i386.deb to pool/main/p/php4/php4-mcrypt_4.4.4-9_i386.deb php4-mhash_4.4.4-9_i386.deb to pool/main/p/php4/php4-mhash_4.4.4-9_i386.deb php4-mysql_4.4.4-9_i386.deb to pool/main/p/php4/php4-mysql_4.4.4-9_i386.deb php4-odbc_4.4.4-9_i386.deb to pool/main/p/php4/php4-odbc_4.4.4-9_i386.deb php4-pear_4.4.4-9_all.deb to pool/main/p/php4/php4-pear_4.4.4-9_all.deb php4-pgsql_4.4.4-9_i386.deb to pool/main/p/php4/php4-pgsql_4.4.4-9_i386.deb php4-pspell_4.4.4-9_i386.deb to pool/main/p/php4/php4-pspell_4.4.4-9_i386.deb php4-recode_4.4.4-9_i386.deb to pool/main/p/php4/php4-recode_4.4.4-9_i386.deb php4-snmp_4.4.4-9_i386.deb to pool/main/p/php4/php4-snmp_4.4.4-9_i386.deb php4-sybase_4.4.4-9_i386.deb to pool/main/p/php4/php4-sybase_4.4.4-9_i386.deb php4-xslt_4.4.4-9_i386.deb to pool/main/p/php4/php4-xslt_4.4.4-9_i386.deb php4_4.4.4-9.diff.gz to pool/main/p/php4/php4_4.4.4-9.diff.gz php4_4.4.4-9.dsc to pool/main/p/php4/php4_4.4.4-9.dsc php4_4.4.4-9_all.deb to pool/main/p/php4/php4_4.4.4-9_all.deb
