-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 24 Mar 2015 11:19:21 +0100 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-phpdbg php5-fpm libphp5-embed php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-readline php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source all Version: 5.6.7+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo libphp5-embed - HTML-embedded scripting language (Embedded SAPI library) php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary) php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-imap - IMAP module for php5 php5-interbase - interbase/firebird module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mcrypt - MCrypt module for php5 php5-mysql - MySQL module for php5 php5-mysqlnd - MySQL module for php5 (Native Driver) php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-phpdbg - server-side, HTML-embedded scripting language (PHPDBG binary) php5-pspell - pspell module for php5 php5-readline - Readline module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.6.7+dfsg-1) unstable; urgency=medium . * New upstream version 5.6.7+dfsg - Core: . Fixed bug #69174 (leaks when unused inner class use traits precedence). . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). . Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). . Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). . Fixed bug #68166 (Exception with invalid character causes segv). . Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). . Fixed bug #68976 (Use After Free Vulnerability in unserialize()) (CVE-2015-0231). . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). . Fixed bug #69207 (move_uploaded_file allows nulls in path). - CGI: . Fixed bug #69015 (php-cgi's getopt does not see $argv). - CLI: . Fixed bug #67741 (auto_prepend_file messes up __LINE__). - cURL: . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. - Ereg: . Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305). - FPM: . Fixed bug #68822 (request time is reset too early). - ODBC: . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). - Opcache: . Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function). . Fixed bug #69125 (Array numeric string as key). . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). - OpenSSL: . Fixed bug #68912 (Segmentation fault at openssl_spki_new). . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). . Fixed bug #68920 (use strict peer_fingerprint input checks) . Fixed bug #68879 (IP Address fields in subjectAltNames not used) . Fixed bug #68265 (SAN match fails with trailing DNS dot) . Fixed bug #67403 (Add signatureType to openssl_x509_parse) . Fixed bug (#69195 Inconsistent stream crypto values across versions) - pgsql: . Fixed bug #68638 (pg_update() fails to store infinite values). - Readline: . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). - SOAP: . Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). - SPL: . Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). - ZIP: . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). * Refresh patches for 5.6.7 release * Pull a patch to fix SQL_DESC_OCTET_LENGTH not supported by ADS ODBC driver (PHP#68350) from Debian wheezy PHP 5.4 branch * Fix PHP segfault in zend_hash_find (PHP#68486) * Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ as it's not a quilt patch Checksums-Sha1: 0e03f5f519ab6087744ddad1095351facfff94ac 5163 php5_5.6.7+dfsg-1.dsc 255384dba5ecd640a08a5a128887ddd5cdf5ea70 11241916 php5_5.6.7+dfsg.orig.tar.xz 5adaf3fb8d60fbcd3cd5c31f38e01884bc5e1064 120352 php5_5.6.7+dfsg-1.debian.tar.xz 48a73c3e784de553c6c8e74f7ff68e9cfaef0648 1308 php5_5.6.7+dfsg-1_all.deb 5bd8b8eb6767576997b6e1faeef2ebf8315bf468 268748 php-pear_5.6.7+dfsg-1_all.deb Checksums-Sha256: ee097465cf2d3ea801ae2998c660a0e656a19ad7b4c312558a74e1bfc9eb584d 5163 php5_5.6.7+dfsg-1.dsc fc03e96e3c2f32e3a1c5a4970465a03af65beea1e2f92de9e3a1709cd41ba2ae 11241916 php5_5.6.7+dfsg.orig.tar.xz 64977658815012be3e0da7add8f1639393eff5d75a750b2dd4297847accc62e7 120352 php5_5.6.7+dfsg-1.debian.tar.xz 5a1be3c9a581b42e50d20d71064b97201befd89f918b33f45544c8d14179d4af 1308 php5_5.6.7+dfsg-1_all.deb 48b2c47ea565991216d8f82e16829e7c99bc5854e354b0c6fe945d3b83726f1b 268748 php-pear_5.6.7+dfsg-1_all.deb Files: 9488ac1b4f4d1b8b1b108c04470ca1cc 5163 php optional php5_5.6.7+dfsg-1.dsc 135bf6e511c96faecd6c9caa34512e86 11241916 php optional php5_5.6.7+dfsg.orig.tar.xz 39292ebca6a1f15b26ea22cf373782c1 120352 php optional php5_5.6.7+dfsg-1.debian.tar.xz 37c4a9db811fb7d77ad0f83c5baef655 1308 php optional php5_5.6.7+dfsg-1_all.deb c9916dc39a8d128929f83e39c7edcb42 268748 php optional php-pear_5.6.7+dfsg-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJVEU83XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHUWMP/3sgZTbu1JLOywqbHewMSHpV MiCebdE3bqAABt0KljsEboaItFFdPoMXwyXCLbm0WDRCXtrVcUe57ojON4+6+Bt2 mFgHxwV0uzPkvlTPXTU7VUDETDhhqiDS/awPsFP//L3hPyH8vVLmNU4fyeCr2EWm OHE9rd37JT3n1P/aicbaX/Oug1UQ+kKQYDGIbQXo9ucCgXE/Vd15DlvzFWQYiYJH ocShuB9yPNz9ZOz7zaNX33SiFL7+ptv80gLjKEtv84WNDhH3CBiIgZ1qzLaty/J7 itToH+HtRB5JYVetL+rwuL9jjMgjAQouS8qOwPDaeL7P4KmDyaN+2NPMsAvyWqNR aftTE0+TJg7ZLjIrZS/qAVypZPMEBp2cehcqUVnj/HELjlvJNz0a1qRvNESNAZwA SnCMhsvYG3CIP3QFQ4rEaqjnxMjBHJy7OfP1V7WTCuoE0a495ES5aW6Zts0ZQlnS OV2TVHHeBV8Ml1JJoPbyZKFuXrzD9hzCpqWG5ZJVpNJ+1D6Cj/5lOwV9AAzwmUCK 1t92v6UM9f9M3XLvZR1QEDXB8vT/2QK5/3gNT+z5nI3LaUd58YnZYFKa9LwXeywg qMEUdXEoEifJfFasBpt5FpgwLz977k1slDgHhWKF+9u6uBxwxHEtaeOldWLArgJ1 edaZVo6G4TlX3YzBLgFy =UEpD -----END PGP SIGNATURE-----