-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 28 Oct 2015 22:17:00 +0100 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-mysql php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source i386 all Version: 5.3.3.1-7+squeeze28 Distribution: squeeze-lts Urgency: high Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-imap - IMAP module for php5 php5-interbase - interbase/firebird module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mcrypt - MCrypt module for php5 php5-mysql - MySQL module for php5 php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Changes: php5 (5.3.3.1-7+squeeze28) squeeze-lts; urgency=high . * Non-maintainer upload by the Squeeze LTS Team. * CVE-2015-6831 Use after free vulnerability was found in unserialize() function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize() will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute arbitrary code remotely. * CVE-2015-6832 Dangling pointer in the unserialization of ArrayObject items. * CVE-2015-6833 Files extracted from archive may be placed outside of destination directory * CVE-2015-6834 Use after free vulnerability was found in unserialize() function. We can create ZVAL and free it via Serializable::unserialize. However the unserialize() will still allow to use R: or r: to set references to that already freed memory. It is possible to use-after-free attack and execute arbitrary code remotely. * CVE-2015-6836 A type confusion occurs within SOAP serialize_function_call due to an insufficient validation of the headers field. In the SoapClient's __call method, the verify_soap_headers_array check is applied only to headers retrieved from zend_parse_parameters; problem is that a few lines later, soap_headers could be updated or even replaced with values from the __default_headers object fields. * CVE-2015-6837 The XSLTProcessor class misses a few checks on the input from the libxslt library. The valuePop() function call is able to return NULL pointer and php does not check that. * CVE-2015-6838 The XSLTProcessor class misses a few checks on the input from the libxslt library. The valuePop() function call is able to return NULL pointer and php does not check that. * CVE-2015-7803 A NULL pointer dereference flaw was found in the way PHP's Phar extension parsed Phar archives. A specially crafted archive could cause PHP to crash. * CVE-2015-7804 An uninitialized pointer use flaw was found in the phar_make_dirstream() function of PHP's Phar extension. A specially crafted phar file in the ZIP format with a directory entry with a file name "/ZIP" could cause a PHP application function to crash. Checksums-Sha1: 9545a77ff101c512459daf0de9bc7fa0185c191b 3324 php5_5.3.3.1-7+squeeze28.dsc 626df6e5c07d431f834580b646228b3d3e01f2a7 14867926 php5_5.3.3.1-7+squeeze28.tar.gz a2a1da7958f01c5ae501c613682f57f2f1da9eb3 559782 php5-common_5.3.3.1-7+squeeze28_i386.deb c66806c7e23298dd54c8dfcc376f2cdeb4948251 2891836 libapache2-mod-php5_5.3.3.1-7+squeeze28_i386.deb 97f0e5841e6799737addc9a6aaced213016b9474 2891082 libapache2-mod-php5filter_5.3.3.1-7+squeeze28_i386.deb 32837b393f5b7aa9b119a3f35ca62a0a16116d4e 5723922 php5-cgi_5.3.3.1-7+squeeze28_i386.deb f6f754e4d9d71688668b43ddc1ec3f06b114c89c 2861810 php5-cli_5.3.3.1-7+squeeze28_i386.deb 3b2f26cbb3cbf4c336bf1a6be1996d30611e819d 409508 php5-dev_5.3.3.1-7+squeeze28_i386.deb 281cd34e8062b6823feb435be3a6b06f8068c172 10473208 php5-dbg_5.3.3.1-7+squeeze28_i386.deb 7a6c2cb2fd69f1a6b663b702000baf7e4d734b9e 25578 php5-curl_5.3.3.1-7+squeeze28_i386.deb 3da1db5fe1bb915ccb5197dd497db0ccee83045f 7816 php5-enchant_5.3.3.1-7+squeeze28_i386.deb 8b57ca844f212cc0621af509cdb3f69ba0b2c5c9 34822 php5-gd_5.3.3.1-7+squeeze28_i386.deb a2aedde54222b39a645e636e76e5d3fe004c3fdf 14176 php5-gmp_5.3.3.1-7+squeeze28_i386.deb 52ac8bddacf4c0cecee734bce789640b0cab6fa5 31792 php5-imap_5.3.3.1-7+squeeze28_i386.deb d3353278f3d18947b9155b82a7ecc9b7f6383734 46516 php5-interbase_5.3.3.1-7+squeeze28_i386.deb 7e09ee323888897e113c51e981d037a863df68b4 54044 php5-intl_5.3.3.1-7+squeeze28_i386.deb d830390d7d8fe9dadd6b7ee5c6d052b7c5190c00 17550 php5-ldap_5.3.3.1-7+squeeze28_i386.deb 94a7b262a21b5bec678834bf088dde11cc44ee2a 13546 php5-mcrypt_5.3.3.1-7+squeeze28_i386.deb bdfa0977ed8d24aeb0597dab3799748bfab5b3ac 66426 php5-mysql_5.3.3.1-7+squeeze28_i386.deb 29eb8a20bab63e1208bc99feb8cbcb7a2c950927 31354 php5-odbc_5.3.3.1-7+squeeze28_i386.deb 46f856e56aec687494d67fdd1db2388c8be4181e 54950 php5-pgsql_5.3.3.1-7+squeeze28_i386.deb 7479c87279129fed759964c2eefcc5eb314688d7 7324 php5-pspell_5.3.3.1-7+squeeze28_i386.deb b2abe69c9270a16a5c3242c7e079940b0deeece0 4094 php5-recode_5.3.3.1-7+squeeze28_i386.deb d8fa9fed3def12b6138727d04ad702f30ad7e6cb 10224 php5-snmp_5.3.3.1-7+squeeze28_i386.deb 620b9265acb9a52c0d32d7d39ee18ecebd2e7345 48094 php5-sqlite_5.3.3.1-7+squeeze28_i386.deb bd937cfbd59f55376cf3e3c65ff9a7c528c0a224 23260 php5-sybase_5.3.3.1-7+squeeze28_i386.deb c84aa252c6fa7fb537f69b3d02788b8f4590a076 16416 php5-tidy_5.3.3.1-7+squeeze28_i386.deb abfafb0b611129bc2b6825fe905dae1ba48e1def 31906 php5-xmlrpc_5.3.3.1-7+squeeze28_i386.deb f3456d8fe658bb0a3ad85590b04c87097390255b 12994 php5-xsl_5.3.3.1-7+squeeze28_i386.deb ffac6725805b1c526b20a5953172436ff4afc5bb 1062 php5_5.3.3.1-7+squeeze28_all.deb 51e5379bc7ad66f9570749b3ba05281e8b222bf2 360432 php-pear_5.3.3.1-7+squeeze28_all.deb Checksums-Sha256: 152ac4e87164d8653b4d4102744bf0993e8969993d01ff03b846a2d5391d3b7c 3324 php5_5.3.3.1-7+squeeze28.dsc 89da799f582a79388225924d6c80fe0ea5ee1c1d07486cc1e03a49d37fac373e 14867926 php5_5.3.3.1-7+squeeze28.tar.gz e0745df18593fc4f7b4ff21060b1f8f9f8f5f643ece8aad911d788c87f671e0b 559782 php5-common_5.3.3.1-7+squeeze28_i386.deb 2b50d45c53fd38de17e6592d26fd8893e1a950116ad8b40a3c4101c50be78612 2891836 libapache2-mod-php5_5.3.3.1-7+squeeze28_i386.deb d41a9281986d84943b57cbc917804d55f45c71b95c978ffb84c9bb02569daac5 2891082 libapache2-mod-php5filter_5.3.3.1-7+squeeze28_i386.deb 10053f7207d298d28bbea9ea4f3a6723ab89bdc6457057f9f2918c76e0074df1 5723922 php5-cgi_5.3.3.1-7+squeeze28_i386.deb 2984e740914ec508041f992156f7079f682399f74cf651fef79ab211bf8dca00 2861810 php5-cli_5.3.3.1-7+squeeze28_i386.deb cb42aca41733d30c67b596dd7ed0a82ab2a4b7c1145a72d073128f10da887a0a 409508 php5-dev_5.3.3.1-7+squeeze28_i386.deb 38528c3a18a3c60840631efa22f52eb40f798b31fce204e43248533ead50edbe 10473208 php5-dbg_5.3.3.1-7+squeeze28_i386.deb 60cce5e0af4389b8d434cdb2c5c25fa4985e2190c52e1d60a9f69b5b3ca8b1cb 25578 php5-curl_5.3.3.1-7+squeeze28_i386.deb a6efb1a86c87a6d9426f2a4ed9edcc9d45be26609aec309aa580ae0589150f32 7816 php5-enchant_5.3.3.1-7+squeeze28_i386.deb 56c584a2b6b8e7d5dcc4d1dbe06804c96161326765db031c15163701f18fb3a9 34822 php5-gd_5.3.3.1-7+squeeze28_i386.deb a203e1d70c00cbffa7b81eadbf9dae6198ea97ce6bec7cfdf01e26aeea300959 14176 php5-gmp_5.3.3.1-7+squeeze28_i386.deb a7876d043e6628fdc7e7ad4a0dd58ecc9d4793fc88321eb362510427eec47168 31792 php5-imap_5.3.3.1-7+squeeze28_i386.deb a802798e36fd06e8b8be5a460610b83127ee3fdb18efe4b5c7e3a9e23c0c7346 46516 php5-interbase_5.3.3.1-7+squeeze28_i386.deb 35c56585c4aa41abdc27f2a75b24a4a3dd53245b44f304cc35a3a955f44fcb3d 54044 php5-intl_5.3.3.1-7+squeeze28_i386.deb f20093a07c55dce3237f1e2164e77207381072cd0f9e245f51194c713587cf32 17550 php5-ldap_5.3.3.1-7+squeeze28_i386.deb ae270825609686e80bbda0e15637a78bc63f931eb81bddd75c969513da1c8a82 13546 php5-mcrypt_5.3.3.1-7+squeeze28_i386.deb 76dea18a8eebcb883c4c5b0f03da702bc95cdc850bd333432a36ab9c63b983a4 66426 php5-mysql_5.3.3.1-7+squeeze28_i386.deb 9a804468739ed2cb5cbbf1100bc086d982a47866b60143aa1c44c0f34e2fe968 31354 php5-odbc_5.3.3.1-7+squeeze28_i386.deb 80e8e169f7af10e7d0f97bb154d2cff22e5784c0447fae92c33d9949846a051b 54950 php5-pgsql_5.3.3.1-7+squeeze28_i386.deb b1481b63da5387f85ab0c217d2df2fff02913d147d3937ef83bd8b30d963908f 7324 php5-pspell_5.3.3.1-7+squeeze28_i386.deb eb5da4d40679f27dd74001711f000cffca7112babfeed352f1e8b7418914fcdc 4094 php5-recode_5.3.3.1-7+squeeze28_i386.deb 37dbaf34e85a7a7c34cd0d25e3444ca0433912d1c2cc6ce8b873cddcfe973ef4 10224 php5-snmp_5.3.3.1-7+squeeze28_i386.deb 129140660c44b88ed16fa9dba09be621695413fd2bf00f983f0e6e0072f6f410 48094 php5-sqlite_5.3.3.1-7+squeeze28_i386.deb 60168b71d82c69a7f03d451c5d91d9ad02d0ef24cc546f5306cad818990eff8a 23260 php5-sybase_5.3.3.1-7+squeeze28_i386.deb 71ebbe846148d63dee905d6572190e9a362aebcf794fc349022af5888e66f62b 16416 php5-tidy_5.3.3.1-7+squeeze28_i386.deb a2d2ef88408f34e4d0fd03b0c9a0c4887f1b779cb46715eafce026f32a9b7e2b 31906 php5-xmlrpc_5.3.3.1-7+squeeze28_i386.deb d2710aaf195b540f8f2ff4ddf83d6113ca744609708c0e8a2976241e0d4421b2 12994 php5-xsl_5.3.3.1-7+squeeze28_i386.deb e80f1821163357bbe168b06e7b4c34a4997859a3e4251e84a1b88a885721cba6 1062 php5_5.3.3.1-7+squeeze28_all.deb f7d3895fa64bd11a7234cfc0672684f3d87ac5c6eb1cd829a080132db41e8650 360432 php-pear_5.3.3.1-7+squeeze28_all.deb Files: b23a2c6f13f1b6c2927aabf0b09faf27 3324 php optional php5_5.3.3.1-7+squeeze28.dsc 304b24cc9a0dc632d0606f1888c63c29 14867926 php optional php5_5.3.3.1-7+squeeze28.tar.gz 4db8590baa5c946e8f45d456722fc697 559782 php optional php5-common_5.3.3.1-7+squeeze28_i386.deb 0c9e7cca84a2bdafbf0d4ad11efb14b8 2891836 httpd optional libapache2-mod-php5_5.3.3.1-7+squeeze28_i386.deb 973819e020f3fe4305e5da67a741fe83 2891082 httpd optional libapache2-mod-php5filter_5.3.3.1-7+squeeze28_i386.deb 8816632fb2d84462c6f1853d441e7505 5723922 php optional php5-cgi_5.3.3.1-7+squeeze28_i386.deb 6412b1d3c505113077bd401f87897f14 2861810 php optional php5-cli_5.3.3.1-7+squeeze28_i386.deb 977f70006bb0292765d4754cfc16b465 409508 php optional php5-dev_5.3.3.1-7+squeeze28_i386.deb 681c0e036184186d0fb9437cd724cf05 10473208 debug extra php5-dbg_5.3.3.1-7+squeeze28_i386.deb 65c36ee6c7e43e9d400d783669bcdac4 25578 php optional php5-curl_5.3.3.1-7+squeeze28_i386.deb 1c8731ca9de09240b73b368da89a77f4 7816 php optional php5-enchant_5.3.3.1-7+squeeze28_i386.deb b572b38b77a96468ebb3e7e0a622cd2f 34822 php optional php5-gd_5.3.3.1-7+squeeze28_i386.deb 884cae5dc92f83316994a3d18157d398 14176 php optional php5-gmp_5.3.3.1-7+squeeze28_i386.deb 36083809e839c13fa31c39ee5bb826a7 31792 php optional php5-imap_5.3.3.1-7+squeeze28_i386.deb 880e3eba69411d716de6a8ff6bf194e5 46516 php optional php5-interbase_5.3.3.1-7+squeeze28_i386.deb b800769304a7812c6bfc31f08272592b 54044 php optional php5-intl_5.3.3.1-7+squeeze28_i386.deb e038efae0f6e147630348bc1564a7c25 17550 php optional php5-ldap_5.3.3.1-7+squeeze28_i386.deb 219deeee7d61fd5cb01768d15de2954b 13546 php optional php5-mcrypt_5.3.3.1-7+squeeze28_i386.deb beb048b06778a9d8744be36e9d7a0ce0 66426 php optional php5-mysql_5.3.3.1-7+squeeze28_i386.deb d14f6bac7e0f56f66ba1597811e065ca 31354 php optional php5-odbc_5.3.3.1-7+squeeze28_i386.deb 44438052bc222cba1c03f24ac8e14a7c 54950 php optional php5-pgsql_5.3.3.1-7+squeeze28_i386.deb 93855099d22f4a24c3d0d6b70c57e569 7324 php optional php5-pspell_5.3.3.1-7+squeeze28_i386.deb a3b995e9e339b0e3e28d1207e75540ad 4094 php optional php5-recode_5.3.3.1-7+squeeze28_i386.deb 8b801efa2b4b776ee2b11380c0d4b682 10224 php optional php5-snmp_5.3.3.1-7+squeeze28_i386.deb 15d26560bec18f8bc1cfe28cd0822383 48094 php optional php5-sqlite_5.3.3.1-7+squeeze28_i386.deb 17e9f46e4fd86e401c741f3034bc4352 23260 php optional php5-sybase_5.3.3.1-7+squeeze28_i386.deb 8003f24bd7f646ba6d7c0ee8df3d3350 16416 php optional php5-tidy_5.3.3.1-7+squeeze28_i386.deb 37690b93b6a665aa3ab35f02e5bb59fb 31906 php optional php5-xmlrpc_5.3.3.1-7+squeeze28_i386.deb f66b2924e4f0ebc48fb864f8e5d07666 12994 php optional php5-xsl_5.3.3.1-7+squeeze28_i386.deb 599b30b5a04a69f99cd235453e247394 1062 php optional php5_5.3.3.1-7+squeeze28_all.deb bdbd0d9ec89f41d7e62e72f6b517fc76 360432 php optional php-pear_5.3.3.1-7+squeeze28_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJWP4rsXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHAdQQAJRRlGXDbUIxwTeqv5q4/NkJ Uw8L6tHtB5yV1sgWb2APeeo5DVXZJPEdTYEWZFMKZmGcU+DZw4agLv78yFHhIm1G 9/AOVtIf9ClgGzRIdudRAV1gpGtN2vxPsGy6Ka5uCxwfdumKLjJSsYK121iiJM3H kvza14Wmu2f7g3rau0UqMGuN1W4eNDhu+uSWU7/tFNbJQ6LImc6TIMp9xYAE7QCL Xb9Q3dmMpymgThU+GK0WLKyUvWzPXkf9dUQ931yfFAaE64zeJD5rgHuFetPH3LRC HcP/lv/1HsrH00VNG7NN48PplbOJd2+dMhcrccGOXwdutCuswbGOCmJisyCHuMVx vxbyp33PW0yD66zyaGZmeshSePh8TMDGDH97QasiASveNsbtLF+K5r4uW4F98Kx6 CJ1Afu9yK8R2JbCdCFsbEoJpgCQhad2IsYr/R8bHMJEWXm8VAcGa6eTKUceNtTtx lMUsEfwrzo6ADvg3BY5oFRuyz6pVM93OLBA4XZzXNfj5LohhCcLmkNn5qCEpDRuy U/IT/1PuuY/kJQSni4lG1tsgiydgW0nJO/g2EDKA1KSksdDQa6Xotb4VLybOBntP gdlZiymjrC6G3qeNdX9Ow6FotztlioYXr66opM5iGhm4+pXAycefc6DLkyo319IM wdX3eiYkZqHFQqJ5CJLp =4gzl -----END PGP SIGNATURE-----