-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 08 Mar 2007 00:14:07 +0100
Source: php4
Binary: php4-sybase php4-recode php4-pspell php4-cgi libapache-mod-php4 php4-interbase php4-mcrypt php4-cli php4-dev php4-snmp libapache2-mod-php4 php4-odbc php4-xslt php4-mysql php4-domxml php4-gd php4-ldap php4-imap php4-common php4 php4-curl php4-pear php4-mcal php4-pgsql php4-mhash
Architecture: source i386 all
Version: 6:4.4.4-8+etch1
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: sean finney <seanius@debian.org>
Description:
libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 module)
libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 2 module)
php4 - server-side, HTML-embedded scripting language (meta-package)
php4-cgi - server-side, HTML-embedded scripting language (CGI binary)
php4-cli - command-line interpreter for the php4 scripting language
php4-common - Common files for packages built from the php4 source
php4-curl - CURL module for php4
php4-dev - Files for PHP4 module development
php4-domxml - XMLv2 module for php4
php4-gd - GD module for php4
php4-imap - IMAP module for php4
php4-interbase - interbase/firebird module for php4
php4-ldap - LDAP module for php4
php4-mcal - MCAL calendar module for php4
php4-mcrypt - MCrypt module for php4
php4-mhash - MHASH module for php4
php4-mysql - MySQL module for php4
php4-odbc - ODBC module for php4
php4-pear - PHP Extension and Application Repository (transitional package)
php4-pgsql - PostgreSQL module for php4
php4-pspell - pspell module for php4
php4-recode - Character recoding module for php4
php4-snmp - SNMP module for php4
php4-sybase - Sybase / MS SQL Server module for php4
php4-xslt - XSLT module for php4
Changes:
php4 (6:4.4.4-8+etch1) testing-proposed-updates; urgency=high
.
[ sean finney ]
* Backport from 4.4.4-9 in sid targeted at etch.
* The following security issues are addressed with this update:
- CVE-2007-0906: Multiple buffer overflows in various code:
* session (addressed in patch for CVE-2007-0910 below)
* imap (062-CVE-2007-0906-imap.patch)
* str_replace: (064-CVE-2007-0906-strreplace.patch)
* interbase: (063-CVE-2007-0906-interbase.patch)
* the zip, sqlite, stream filters, and mail related vulnerabilities
in this CVE do not affect the debian sarge php4 source package.
- CVE-2007-0907: sapi_header_op buffer underflow (065-CVE-2007-0907.patch)
- CVE-2007-0908: wddx information disclosure (066-CVE-2007-0908.patch)
- CVE-2007-0909: More buffer overflows:
* the odbc_result_all function (067-CVE-2007-0909-odbc.patch)
* various formatted print functions (068-CVE-2007-0909-printf.patch)
- CVE-2007-0910: Clobbering of super-globals (069-CVE-2007-0910.patch)
- CVE-2007-0988: 64bit unserialize DoS (070-CVE-2007-0988.patch)
* The package maintainers would like to thank Joe Orton from redhat and
Martin Pitt from ubuntu for their help in preparation of this update.
* Update package information to say simply "Apache 2" instead
of "Apache 2.0".
* Update php4-gd Description to make more sense and mention
Freetype fonts.
* Add mention to README.Debian of needing to restart apache when
installing modules.
* high urgency due to numerous security fixes.
Files:
6a84bd95cf04eaf25149f93d48db27d0 2001 web optional php4_4.4.4-8+etch1.dsc
13d5f1988192db9cee14e0d8fbc95690 96962 web optional php4_4.4.4-8+etch1.diff.gz
220c1dac121866ca3434389a37a20f31 206442 web optional php4-common_4.4.4-8+etch1_i386.deb
40e347a45392d17e405d0726c52d1fc5 1595102 web optional libapache-mod-php4_4.4.4-8+etch1_i386.deb
9ed4fb37bbec273f05aaea07c8591b21 1596752 web optional libapache2-mod-php4_4.4.4-8+etch1_i386.deb
c488aac22ead9f750dc12ed497581022 3175568 web optional php4-cgi_4.4.4-8+etch1_i386.deb
e54e54e94b562295d525606c939d2643 1596612 web optional php4-cli_4.4.4-8+etch1_i386.deb
bb39153238e8ca7eac1e585979004dc0 201170 devel optional php4-dev_4.4.4-8+etch1_i386.deb
5698fe28117434b28e00bcc47ac23538 15916 web optional php4-curl_4.4.4-8+etch1_i386.deb
17b2c46e02fb3bcb205c3b3e65fab51f 35030 web optional php4-domxml_4.4.4-8+etch1_i386.deb
2d50c24c0c5ae4759d388bad38ad4412 29638 web optional php4-gd_4.4.4-8+etch1_i386.deb
04f42dd7f26dcde23e5baa61fff378fe 33232 web optional php4-imap_4.4.4-8+etch1_i386.deb
7223632068d4684e3f856083675669ee 23148 web optional php4-interbase_4.4.4-8+etch1_i386.deb
be57d7e181c9e329ebecd04b5a214780 17052 web optional php4-ldap_4.4.4-8+etch1_i386.deb
1edafa37551a478c98e10d8d2157556c 14060 web optional php4-mcal_4.4.4-8+etch1_i386.deb
8c42bffeeccab37b5b2d6d31316f988f 13152 web optional php4-mcrypt_4.4.4-8+etch1_i386.deb
2d69ba04fec2c3e9b36648b03a8000e2 5036 web optional php4-mhash_4.4.4-8+etch1_i386.deb
fa7b9f523af01b31ff159a336d4bf239 18544 web optional php4-mysql_4.4.4-8+etch1_i386.deb
df280c2c0d152b61f76a9f193aedd921 24546 web optional php4-odbc_4.4.4-8+etch1_i386.deb
4eb1ac737df57c52743d0ca68e6261e9 33828 web optional php4-pgsql_4.4.4-8+etch1_i386.deb
10a5d7e0e2a3aba769662058611b297a 8428 web optional php4-pspell_4.4.4-8+etch1_i386.deb
46c894f6ef78415f7cdf241f215fc6c2 4754 web optional php4-recode_4.4.4-8+etch1_i386.deb
b6b879f70dcbc31924e0c5d4b5c58aac 10256 web optional php4-snmp_4.4.4-8+etch1_i386.deb
726d8c7cbbfe33cab67ebc3ddd77d43f 18056 web optional php4-sybase_4.4.4-8+etch1_i386.deb
9ab2d3677a837ee1b59072a108a6e8e4 13192 web optional php4-xslt_4.4.4-8+etch1_i386.deb
09b3123b3fccf22894d89627ad129ba4 1166 web optional php4_4.4.4-8+etch1_all.deb
02750392454cbd7034e25b78435aa858 1180 web optional php4-pear_4.4.4-8+etch1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFF71J+ynjLPm522B0RArs6AJ4kkP3Q6r2pNSxbYyj2RFU1cow0LACaAugN
owiyXs11R7LR//jpQdan2+c=
=TUYl
-----END PGP SIGNATURE-----
Accepted:
libapache-mod-php4_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/libapache-mod-php4_4.4.4-8+etch1_i386.deb
libapache2-mod-php4_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/libapache2-mod-php4_4.4.4-8+etch1_i386.deb
php4-cgi_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-cgi_4.4.4-8+etch1_i386.deb
php4-cli_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-cli_4.4.4-8+etch1_i386.deb
php4-common_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-common_4.4.4-8+etch1_i386.deb
php4-curl_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-curl_4.4.4-8+etch1_i386.deb
php4-dev_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-dev_4.4.4-8+etch1_i386.deb
php4-domxml_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-domxml_4.4.4-8+etch1_i386.deb
php4-gd_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-gd_4.4.4-8+etch1_i386.deb
php4-imap_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-imap_4.4.4-8+etch1_i386.deb
php4-interbase_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-interbase_4.4.4-8+etch1_i386.deb
php4-ldap_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-ldap_4.4.4-8+etch1_i386.deb
php4-mcal_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-mcal_4.4.4-8+etch1_i386.deb
php4-mcrypt_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-mcrypt_4.4.4-8+etch1_i386.deb
php4-mhash_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-mhash_4.4.4-8+etch1_i386.deb
php4-mysql_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-mysql_4.4.4-8+etch1_i386.deb
php4-odbc_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-odbc_4.4.4-8+etch1_i386.deb
php4-pear_4.4.4-8+etch1_all.deb
to pool/main/p/php4/php4-pear_4.4.4-8+etch1_all.deb
php4-pgsql_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-pgsql_4.4.4-8+etch1_i386.deb
php4-pspell_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-pspell_4.4.4-8+etch1_i386.deb
php4-recode_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-recode_4.4.4-8+etch1_i386.deb
php4-snmp_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-snmp_4.4.4-8+etch1_i386.deb
php4-sybase_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-sybase_4.4.4-8+etch1_i386.deb
php4-xslt_4.4.4-8+etch1_i386.deb
to pool/main/p/php4/php4-xslt_4.4.4-8+etch1_i386.deb
php4_4.4.4-8+etch1.diff.gz
to pool/main/p/php4/php4_4.4.4-8+etch1.diff.gz
php4_4.4.4-8+etch1.dsc
to pool/main/p/php4/php4_4.4.4-8+etch1.dsc
php4_4.4.4-8+etch1_all.deb
to pool/main/p/php4/php4_4.4.4-8+etch1_all.deb
