Debian Package Tracker

From: sean finney <seanius@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted php4 4:4.3.10-20 (source i386 all)
Date: Wed, 22 Aug 2007 07:56:39 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 23 Apr 2007 18:19:17 +0200
Source: php4
Binary: php4-cgi php4-sybase php4-recode libapache-mod-php4 php4-cli php4-dev libapache2-mod-php4 php4-snmp php4-odbc php4-xslt php4-mysql php4-domxml php4-gd php4-ldap php4-imap php4-common php4-curl php4 php4-pear php4-mcal php4-mhash
Architecture: source i386 all
Version: 4:4.3.10-20
Distribution: oldstable-security
Urgency: high
Maintainer: Adam Conrad <adconrad@0c3.net>
Changed-By: sean finney <seanius@debian.org>
Description: 
 libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 module)
 libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 2.0 module)
 php4       - server-side, HTML-embedded scripting language (meta-package)
 php4-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php4-cli   - command-line interpreter for the php4 scripting language
 php4-common - Common files for packages built from the php4 source
 php4-curl  - CURL module for php4
 php4-dev   - Files for PHP4 module development
 php4-domxml - XMLv2 module for php4
 php4-gd    - GD module for php4
 php4-imap  - IMAP module for php4
 php4-ldap  - LDAP module for php4
 php4-mcal  - MCAL calendar module for php4
 php4-mhash - MHASH module for php4
 php4-mysql - MySQL module for php4
 php4-odbc  - ODBC module for php4
 php4-pear  - PEAR - PHP Extension and Application Repository
 php4-recode - Character recoding module for php4
 php4-snmp  - SNMP module for php4
 php4-sybase - Sybase / MS SQL Server module for php4
 php4-xslt  - XSLT module for php4
Changes: 
 php4 (4:4.3.10-20) oldstable-security; urgency=high
 .
   * NMU prepared for the security team by the package maintainer.
   * The following security issues are addressed with this update:
     - CVE-2007-0910/MOPB-32 session_decode() Double Free Vulnerability
       * note that this is an update to the previous version of the upstream
         fix for CVE-2007-0910, which introduced a seperate exploit path.
     - CVE-2007-1286/MOPB-04 unserialize() ZVAL Reference Counter Overflow
     - CVE-2007-1380/MOPB-10 php_binary Session Deserialization Information Leak
     - CVE-2007-1521/MOPB-22 session_regenerate_id() Double Free Vulnerability
     - CVE-2007-1583/MOPB-26 mb_parse_str() register_globals Activation Vuln.
     - CVE-2007-1777/MOPB-35 zip_entry_read() Integer Overflow Vulnerability
   * The other security issues resulting from the "Month of PHP bugs" either
     did not affect the version of php4 shipped in sarge, or did not merit
     a security update according to the established security policy for php
     in debian.  You are encouraged to verify that your configuration is not
     affected by any of the other vulnerabilities by visiting:
         http://www.php-security.org/
Files: 
 01afd17e8897a2ef890c00ab7946f4a6 1686 web optional php4_4.3.10-20.dsc
 73f5d1f42e34efa534a09c6091b5a21e 4892209 web optional php4_4.3.10.orig.tar.gz
 0cd90e33b3c9b935e2a70ccb52c00b31 530810 web optional php4_4.3.10-20.diff.gz
 a70cf71baca4b197ba846b20926ec90a 168646 web optional php4-common_4.3.10-20_i386.deb
 0788c4bf41dee1f9cac03ef7536d7468 1614290 web optional libapache-mod-php4_4.3.10-20_i386.deb
 64c56e2e2bcb4ba34652ab4638c64ece 17896 web optional php4-curl_4.3.10-20_i386.deb
 33ba55c445cbb037d599c4409840494a 37234 web optional php4-domxml_4.3.10-20_i386.deb
 2b24494070d5041e13095442cb3dd2f9 32390 web optional php4-gd_4.3.10-20_i386.deb
 d312b15f47de9f7521439203085af0aa 37404 web optional php4-imap_4.3.10-20_i386.deb
 b113e121c9bf8984f6217e3d88991fb4 19956 web optional php4-ldap_4.3.10-20_i386.deb
 ca34f5559bf2aad0eab530168eefdc86 17680 web optional php4-mcal_4.3.10-20_i386.deb
 e91216b621640a5df9ad47757b54f0ed 8034 web optional php4-mhash_4.3.10-20_i386.deb
 3cac7bcfe64475759d6b50cb6dddbc05 21212 web optional php4-mysql_4.3.10-20_i386.deb
 74e421f406597033ad808a2e9553436b 27142 web optional php4-odbc_4.3.10-20_i386.deb
 867b4b6e92180463b56c066b97b9d21f 7700 web optional php4-recode_4.3.10-20_i386.deb
 18212307871b1b99ad053037c90d45c1 16396 web optional php4-xslt_4.3.10-20_i386.deb
 e6bcc87e86606fbcab7c2a661752808e 13150 web optional php4-snmp_4.3.10-20_i386.deb
 e6eb33691768a6f9511d44e6f0095a76 21376 web optional php4-sybase_4.3.10-20_i386.deb
 2e4481e12f311f835a8f77161922e087 3209678 web optional php4-cgi_4.3.10-20_i386.deb
 5321cb8b52491099bbe3d7602df8500e 1609694 web optional php4-cli_4.3.10-20_i386.deb
 2c32c61bb1c731518b39d645c09ffc72 325172 devel optional php4-dev_4.3.10-20_i386.deb
 519f180dddbb4e625c31541e7d043aaa 1612106 web optional libapache2-mod-php4_4.3.10-20_i386.deb
 a6884d893fc7798b47cd32601d71351c 1140 web optional php4_4.3.10-20_all.deb
 044f2497171ee49cb5e8ad9e72c9ebcf 249996 web optional php4-pear_4.3.10-20_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFGLPGmXm3vHE4uyloRAgK+AJ9vOUn3XNcyC9EJMrOMrYIplmfCiACfcsOi
/h+TPD+oJaimxoXjFVgmJ6s=
=K1Fj
-----END PGP SIGNATURE-----


Accepted:
libapache-mod-php4_4.3.10-20_i386.deb
  to pool/main/p/php4/libapache-mod-php4_4.3.10-20_i386.deb
libapache2-mod-php4_4.3.10-20_i386.deb
  to pool/main/p/php4/libapache2-mod-php4_4.3.10-20_i386.deb
php4-cgi_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-cgi_4.3.10-20_i386.deb
php4-cli_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-cli_4.3.10-20_i386.deb
php4-common_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-common_4.3.10-20_i386.deb
php4-curl_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-curl_4.3.10-20_i386.deb
php4-dev_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-dev_4.3.10-20_i386.deb
php4-domxml_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-domxml_4.3.10-20_i386.deb
php4-gd_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-gd_4.3.10-20_i386.deb
php4-imap_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-imap_4.3.10-20_i386.deb
php4-ldap_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-ldap_4.3.10-20_i386.deb
php4-mcal_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-mcal_4.3.10-20_i386.deb
php4-mhash_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-mhash_4.3.10-20_i386.deb
php4-mysql_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-mysql_4.3.10-20_i386.deb
php4-odbc_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-odbc_4.3.10-20_i386.deb
php4-pear_4.3.10-20_all.deb
  to pool/main/p/php4/php4-pear_4.3.10-20_all.deb
php4-recode_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-recode_4.3.10-20_i386.deb
php4-snmp_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-snmp_4.3.10-20_i386.deb
php4-sybase_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-sybase_4.3.10-20_i386.deb
php4-xslt_4.3.10-20_i386.deb
  to pool/main/p/php4/php4-xslt_4.3.10-20_i386.deb
php4_4.3.10-20.diff.gz
  to pool/main/p/php4/php4_4.3.10-20.diff.gz
php4_4.3.10-20.dsc
  to pool/main/p/php4/php4_4.3.10-20.dsc
php4_4.3.10-20_all.deb
  to pool/main/p/php4/php4_4.3.10-20_all.deb
News for package php4
