-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Jul 2015 18:17:00 +0200 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source i386 all Version: 5.3.3.1-7+squeeze27 Distribution: squeeze-lts Urgency: high Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-imap - IMAP module for php5 php5-interbase - interbase/firebird module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mcrypt - MCrypt module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.3.3.1-7+squeeze27) squeeze-lts; urgency=high . * Non-maintainer upload by the Squeeze LTS Team. * CVE-2015-3307 The phar_parse_metadata function in ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allows remote attackers to cause a denial of service (heap metadata corruption) or possibly have unspecified other impact via a crafted tar archive. * CVE-2015-3411 + CVE-2015-3412 Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions) * CVE-2015-4021 The phar_parse_tarfile function in ext/phar/tar.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 does not verify that the first character of a filename is different from the \0 character, which allows remote attackers to cause a denial of service (integer underflow and memory corruption) via a crafted entry in a tar archive. * CVE-2015-4022 Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. * CVE-2015-4025 PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character in certain situations, which allows remote attackers to bypass intended extension restrictions and access files or directories with unexpected names via a crafted argument to (1) set_include_path, (2) tempnam, (3) rmdir, or (4) readlink. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. * CVE-2015-4026 The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 truncates a pathname upon encountering a \x00 character, which might allow remote attackers to bypass intended extension restrictions and execute files with unexpected names via a crafted first argument. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-7243. * CVE-2015-4147 The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that __default_headers is an array, which allows remote attackers to execute arbitrary code by providing crafted serialized data with an unexpected data type, related to a "type confusion" issue. * CVE-2015-4148 The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, 5.5.x before 5.5.23, and 5.6.x before 5.6.7 does not verify that the uri property is a string, which allows remote attackers to obtain sensitive information by providing crafted serialized data with an int data type, related to a "type confusion" issue. * CVE-2015-4598 Incorrect handling of paths with NULs * CVE-2015-4599 Type confusion vulnerability in exception::getTraceAsString * CVE-2015-4600 + CVE-2015-4601 Added type checks * CVE-2015-4602 Type Confusion Infoleak Vulnerability in unserialize() with SoapFault * CVE-2015-4604 + CVE-2015-4605 denial of service when processing a crafted file with Fileinfo (already fixed in CVE-2015-temp-68819.patch) * CVE-2015-4643 Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow) * CVE-2015-4644 Fixed bug #69667 (segfault in php_pgsql_meta_data) * CVE-2015-5589 Segfault in Phar::convertToData on invalid file * CVE-2015-5590 Buffer overflow and stack smashing error in phar_fix_filepath Checksums-Sha1: 7e9917754d1cefae077ab9000616d8cc673a6296 3324 php5_5.3.3.1-7+squeeze27.dsc 5766661aeb72cfd1e7d6d723339dbd3988a23e62 14836699 php5_5.3.3.1-7+squeeze27.tar.gz 867e915d85a0bc74861bef155cfd5fa21474155a 559460 php5-common_5.3.3.1-7+squeeze27_i386.deb 7fa55cc5ccfdefab08c2ea18aee262e0401c7949 2891838 libapache2-mod-php5_5.3.3.1-7+squeeze27_i386.deb eefd06d547862e13f456159180c447374138b8bf 2890894 libapache2-mod-php5filter_5.3.3.1-7+squeeze27_i386.deb e86e8d5c87403794eb30b06e5560794221bf077b 5722922 php5-cgi_5.3.3.1-7+squeeze27_i386.deb 1b19e11d5bbd5733454240a87a34a1edb207a1f3 2861504 php5-cli_5.3.3.1-7+squeeze27_i386.deb f679e7aa1fdd867e314f31177c0d848d0aabf21a 409592 php5-dev_5.3.3.1-7+squeeze27_i386.deb eaa510f32a15815cadce8de031899cdf88a8bd4e 10472480 php5-dbg_5.3.3.1-7+squeeze27_i386.deb b40b902749a8adb65c47c2124d17d2eae6925e3a 25574 php5-curl_5.3.3.1-7+squeeze27_i386.deb d2a034de930a9e24c4f9103d2a4ef4be1e03e996 7816 php5-enchant_5.3.3.1-7+squeeze27_i386.deb 5bab09f216cf9cf13d77a3665baf3df9a00be70a 34812 php5-gd_5.3.3.1-7+squeeze27_i386.deb 555e8dabe641a361a1364a78a48b133cdda04c9b 14172 php5-gmp_5.3.3.1-7+squeeze27_i386.deb 952d30797c7cd8d5f97b29b0e7597391f6b1a6eb 31786 php5-imap_5.3.3.1-7+squeeze27_i386.deb 9fe61dabe782509e0a060ab0e6726a995041caa4 46510 php5-interbase_5.3.3.1-7+squeeze27_i386.deb db93f7312861059ca7a382a3f09c736d8d3179c9 54032 php5-intl_5.3.3.1-7+squeeze27_i386.deb 2561c53e7388fe8bfc6cc2caeffa5e163b6e65cd 17544 php5-ldap_5.3.3.1-7+squeeze27_i386.deb 289acf5bc4bb8d6e5d56e6d72367d394b2a6060d 13534 php5-mcrypt_5.3.3.1-7+squeeze27_i386.deb 3dbe9b668a10f549215696af35038d5c90a0ae61 66418 php5-mysql_5.3.3.1-7+squeeze27_i386.deb c0121e46bc1e20da0b011ff508a3aa910fbedfc2 31354 php5-odbc_5.3.3.1-7+squeeze27_i386.deb ebe7291e266c57efa7ec3bfd47c372bc9e04b25f 54946 php5-pgsql_5.3.3.1-7+squeeze27_i386.deb 0f90129cb26c46531d6abc54197bda2586dec5b0 7320 php5-pspell_5.3.3.1-7+squeeze27_i386.deb ff50fc17754e3635ccba6994dbb1d85a0682bdd5 4088 php5-recode_5.3.3.1-7+squeeze27_i386.deb 565205cff53553087a33bdcf394298b6345c4cbe 10216 php5-snmp_5.3.3.1-7+squeeze27_i386.deb edc6aafe34e7acd1cf7aceca6a5921f54a30c14d 48090 php5-sqlite_5.3.3.1-7+squeeze27_i386.deb fd767c7cffb737fc4bf9ba6316098bbdcc033faa 23246 php5-sybase_5.3.3.1-7+squeeze27_i386.deb da9855842b857fc70926b3ac1b4c7e2101f66515 16398 php5-tidy_5.3.3.1-7+squeeze27_i386.deb f57492e0f0d75ddbf0022873d8815b35993872b2 31890 php5-xmlrpc_5.3.3.1-7+squeeze27_i386.deb 370ff50996e4beead98ddbec02927dfe4330e009 12986 php5-xsl_5.3.3.1-7+squeeze27_i386.deb b93e6b7930272009b6b733cc572e881f4b47d197 1062 php5_5.3.3.1-7+squeeze27_all.deb a3787eb42aec55cccce503d67c41452a39e7efd4 360404 php-pear_5.3.3.1-7+squeeze27_all.deb Checksums-Sha256: 0f1d2e407ec6d9b620db6a494da2d7ac7279aec5fab3d8858e4908867ce9cbd3 3324 php5_5.3.3.1-7+squeeze27.dsc 99fe749206314344481e88918c1219be6c826950d5eda7bcbcb41bf5dfe5c711 14836699 php5_5.3.3.1-7+squeeze27.tar.gz 4389d8fd7a45d55fd58df14cb612d3dc2b7151bb1ac0e5be1ca577dfafb5cd4b 559460 php5-common_5.3.3.1-7+squeeze27_i386.deb 4f88135f37bd663561531427391b726c2393205d0f2218ebb5f0538a5f0ab3e0 2891838 libapache2-mod-php5_5.3.3.1-7+squeeze27_i386.deb 0ee3cd9f750926ea1c680ec90f06048988b6e5e920c38219a722910aaed8b952 2890894 libapache2-mod-php5filter_5.3.3.1-7+squeeze27_i386.deb 0d69b3996b23358a3651887082ff012e3db338acc4700f19bb5593f8d8f83ec4 5722922 php5-cgi_5.3.3.1-7+squeeze27_i386.deb f95907f8cbe427f85cd28819fe23a449731e6d0be583cc8e85239ab5ded7332d 2861504 php5-cli_5.3.3.1-7+squeeze27_i386.deb d3e486581f886891aa9ff5fd9a32005c1d696a3b0b9d0c4ffd00e573ab370a8b 409592 php5-dev_5.3.3.1-7+squeeze27_i386.deb c8bffa87fd1c80012a269b43c76d08bbcea3fd8dd86b0322fe6c1837d3c2fada 10472480 php5-dbg_5.3.3.1-7+squeeze27_i386.deb 903b8457fe9d0ac1551115e8abb3f55a0a869bfff669302b69db64fab53aee3e 25574 php5-curl_5.3.3.1-7+squeeze27_i386.deb 66765944f8baca045e1c7953ba1610bb5d020d0d867ec881317a0e910a3b8d57 7816 php5-enchant_5.3.3.1-7+squeeze27_i386.deb a43523da169c3561fbd145c4ff1b2429ab2779d48947cb5b5fe0dbaaa9bf76cb 34812 php5-gd_5.3.3.1-7+squeeze27_i386.deb f5fda58b2c56f8fac9a1bd69c84ce3426cf3225b1cdeb6ba21dbf04ad991ff82 14172 php5-gmp_5.3.3.1-7+squeeze27_i386.deb 4b3dec5040b30d2dffae8b82d993f47a74d693040754b47d7b45a7f36a7574cb 31786 php5-imap_5.3.3.1-7+squeeze27_i386.deb 934ea42fbd162cdec05c43b4a2db29868a5c3f65c037ee9dce2b7b64c9aac6e7 46510 php5-interbase_5.3.3.1-7+squeeze27_i386.deb ecede20fd6f647778fc027d3972be6f5a4efca0a8d1106ca706730d11e0abd6e 54032 php5-intl_5.3.3.1-7+squeeze27_i386.deb 561e5d9c24da8a15c8777dffd1a22061d14e11efd3196f68fa96d1267d04f3ec 17544 php5-ldap_5.3.3.1-7+squeeze27_i386.deb 30ccff7d3735ff19d09667cff26ad42cd65809fe7cab2cee63df07936b808577 13534 php5-mcrypt_5.3.3.1-7+squeeze27_i386.deb ab4bc27d69542d61d06830c63463f6df0aedc9133b1562627c8091be1eca13d5 66418 php5-mysql_5.3.3.1-7+squeeze27_i386.deb 0a8016fc615de064b046e0c789a12e1c36bd0ec54f10db3f366c7f846397336b 31354 php5-odbc_5.3.3.1-7+squeeze27_i386.deb e6bb7dd187a3d640649cb87709d6279e6c8b1f183cdf7f8ddc7eca0f22ebf7e9 54946 php5-pgsql_5.3.3.1-7+squeeze27_i386.deb b4b894a839bea4fff50d443a6f1982c4468321505f059961fdde26c2a657ec74 7320 php5-pspell_5.3.3.1-7+squeeze27_i386.deb edafe4677c23f953843fc7cff332e9a180f9f44f512c83a2b898ffc6a3949e54 4088 php5-recode_5.3.3.1-7+squeeze27_i386.deb 49782c6543ddaad55b73e8ca089bc87d08ba303296d75d504b4b5171797675c4 10216 php5-snmp_5.3.3.1-7+squeeze27_i386.deb f161d2e9d5c3f3100f31057eae6afacb052a1737d12191c783c0a64d2cb0ce12 48090 php5-sqlite_5.3.3.1-7+squeeze27_i386.deb ff851477717b7b34d708751b71bfec2f7be5c4f6bad239e5fe6fb23a3de5e517 23246 php5-sybase_5.3.3.1-7+squeeze27_i386.deb 42feb0933d560498f858655233ca0cbba4891216106ef4c6c91f5fe262993dbf 16398 php5-tidy_5.3.3.1-7+squeeze27_i386.deb fb055c334aa846f84230287e263ebaf613c41e0be94c405ece52581580491906 31890 php5-xmlrpc_5.3.3.1-7+squeeze27_i386.deb 9819d52f120bfcb357f79d5ea363f3dd17f96ddd7bc9497cec72e44d90a7a09f 12986 php5-xsl_5.3.3.1-7+squeeze27_i386.deb 532a41bdc96717717c4018327c3e2720ae02a4d1b4d0fab49e2049360c89cac6 1062 php5_5.3.3.1-7+squeeze27_all.deb ab6edb1a0c655aff3ed3cc2739d417eee9b93d3808876b552994dae66cf18d6c 360404 php-pear_5.3.3.1-7+squeeze27_all.deb Files: 383aed0cb8ddf112ec791191070e486b 3324 php optional php5_5.3.3.1-7+squeeze27.dsc 8f018e2113769bced414e78da9db7890 14836699 php optional php5_5.3.3.1-7+squeeze27.tar.gz 00c93a3ac89f7a58e2861ce1c3810aae 559460 php optional php5-common_5.3.3.1-7+squeeze27_i386.deb 5d5153bde4e5c23d7761e8984300d612 2891838 httpd optional libapache2-mod-php5_5.3.3.1-7+squeeze27_i386.deb c86dd94fcad05b61f9c8b52c0ce7653a 2890894 httpd optional libapache2-mod-php5filter_5.3.3.1-7+squeeze27_i386.deb f4697ea16c274f7227b0f1543e338182 5722922 php optional php5-cgi_5.3.3.1-7+squeeze27_i386.deb ba2ced0499f41a1a6361ed5173f6b7fd 2861504 php optional php5-cli_5.3.3.1-7+squeeze27_i386.deb 31713c71802d46d3d92e7a943a6133e2 409592 php optional php5-dev_5.3.3.1-7+squeeze27_i386.deb a064a143919900ddba8e3f6f29fc9f15 10472480 debug extra php5-dbg_5.3.3.1-7+squeeze27_i386.deb 39702f95cee286df599f97477fe06ded 25574 php optional php5-curl_5.3.3.1-7+squeeze27_i386.deb 39b848f39cdbc3438ee5be023f1835b2 7816 php optional php5-enchant_5.3.3.1-7+squeeze27_i386.deb 1a06965cb6a8eb5da0f58ecab9b50050 34812 php optional php5-gd_5.3.3.1-7+squeeze27_i386.deb faa6b00b7541d3b4833b7fbe22b05247 14172 php optional php5-gmp_5.3.3.1-7+squeeze27_i386.deb b7c365bc7b968d9f9e75f920c1c4f526 31786 php optional php5-imap_5.3.3.1-7+squeeze27_i386.deb ff7d85b2d6b5a8957b531f5b24822fa1 46510 php optional php5-interbase_5.3.3.1-7+squeeze27_i386.deb 31886145cf86e91c14d3fa601fde6021 54032 php optional php5-intl_5.3.3.1-7+squeeze27_i386.deb e8e5908cade0ab601e906f4c8482263c 17544 php optional php5-ldap_5.3.3.1-7+squeeze27_i386.deb b4992eba15e1f326b913272f9e560ffe 13534 php optional php5-mcrypt_5.3.3.1-7+squeeze27_i386.deb c80b8345d239ab5419bc9e2de438d07a 66418 php optional php5-mysql_5.3.3.1-7+squeeze27_i386.deb e0ceaba3e488153ac40c8aa8147d1bf2 31354 php optional php5-odbc_5.3.3.1-7+squeeze27_i386.deb 36a987fe357888f7d35cf50202248f9e 54946 php optional php5-pgsql_5.3.3.1-7+squeeze27_i386.deb 82c7068ef9c497db110e02299d55b55f 7320 php optional php5-pspell_5.3.3.1-7+squeeze27_i386.deb da625b5dbca55fb6249e346c0a806f6e 4088 php optional php5-recode_5.3.3.1-7+squeeze27_i386.deb e9d44bed9c75214fbfd0272ee53a79b0 10216 php optional php5-snmp_5.3.3.1-7+squeeze27_i386.deb 14bd931d0f2aaf0bbfa0d9b54746f04f 48090 php optional php5-sqlite_5.3.3.1-7+squeeze27_i386.deb ae302df2b4ddbc4bcc5ccd7579464a7b 23246 php optional php5-sybase_5.3.3.1-7+squeeze27_i386.deb 28af334bbbf050dbfc5bf356d5450294 16398 php optional php5-tidy_5.3.3.1-7+squeeze27_i386.deb 66616091083a711cf624bf4669deda36 31890 php optional php5-xmlrpc_5.3.3.1-7+squeeze27_i386.deb 258be7f1a8aed785bfb68a56fd1ccabe 12986 php optional php5-xsl_5.3.3.1-7+squeeze27_i386.deb 205db437eb6a538b072f2557b024f108 1062 php optional php5_5.3.3.1-7+squeeze27_all.deb aa34c8a943ad138a8641e81b7e969280 360404 php optional php-pear_5.3.3.1-7+squeeze27_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJV7PJUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHRskQAKZsEtpqBr9FLIKi48CLV8kz mJnyaC2iNPwe505oYtLjZUjr6y14LJWX+GmYmjFM58IYlMSLbDuHVoCjP/T3d3QI XzSuXTRRCbW7CRyybaN6hheH8bNMefQqQbYfv2ApX1pcMTBRc45Bla0PRTPWsuAP a4456pN3X0TmgWs2RXBNpRnTB2wTnMhMurN4aL8nUVTManyGQga6V5NpxJfZLpSR C5oagVCjbLdd0jUKO2//OxMwNcTEAZpD3ZLJqJbdcpmhzc8/862Or0oG3qB1oOkC yO5LXEeo6D+Xt5AaJi7Ka2R2Bk96FCpyuBN20/d91Mr7ZJk3YmAN98Yxesog6qYT /gOHFxc7RLVuVeDOV9SIQopQDgmkPEMlbep+Rp3/IV0w8kH+3CDzOJ+87ST+CYTA hTHabTwH4QEoKo8jhN/6T7uceABBkx9oVeRpZBUjCMCGCgem7rtH6rq8vMz1i0C1 DG1HkA/zsKBdWBdDqmKOVaP5Fz+PhPC5b4X7nGJ1xU4mPF4ICpxmWbMAKM3fDWNz kNeuW7ZERGerXV2222Yy4uK3ntDK7qg/fjcRpdYaKz5D+nIvzG92hwBWPXbJXIFQ QYj3lmcy/wYHDezj7RcsbfISOxkZhupUsK9BB87YS0/yMOBT0L6GmPIExIGBV/WC YWxF6IfUCptskAcSgMM5 =zCvQ -----END PGP SIGNATURE-----