-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 23 Mar 2016 16:04:42 +0200 Source: hhvm Binary: hhvm hhvm-dbg hhvm-dev Architecture: source amd64 Version: 3.12.1+dfsg-1 Distribution: unstable Urgency: medium Maintainer: Debian HHVM packaging team <pkg-hhvm-team@lists.alioth.debian.org> Changed-By: Faidon Liambotis <paravoid@debian.org> Description: hhvm - HipHop Virtual Machine, a JIT replacement for PHP - main runtime hhvm-dbg - HipHop Virtual Machine, a JIT replacement for PHP - debugging sym hhvm-dev - HipHop Virtual Machine, a JIT replacement for PHP - development f Closes: 818831 Changes: hhvm (3.12.1+dfsg-1) unstable; urgency=medium . [ Faidon Liambotis ] * New upstream minor release, multiple security fixes: - XSLTProcessor NULL Pointer dereference (PHP bug #69782, CVE-2015-6838) - HAVAL gives wrong hashes in specific cases (PHP bug #70312) - ZipArchive::extractTo allows for directory traversal when creating directories (PHP bug #70350) - Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes (PHP bug #70385) - php_url_parse_ex() buffer overflow read (PHP bug #70480) - Make FileUitls::Canonicalize return the empty string if it encounters a path with a null byte (CVE-2016-1552) - Disallow null bytes in more path-type arguments (CVE-2016-1552) - Explicitly check for null bytes in more cases (CVE-2016-1552) - Run __wakeup() on unserialized objects at end of unserialization in iptcembed - Fix heap overflow(s) in iptcembed * Backport upstream fix for isnan/isinf that should fix an FTBFS with glibc 2.23 (currently in experimental). (Closes: #818831) . [ Giuseppe Lavagetto ] * Trivial fix to the upstart script. Checksums-Sha1: bf3d2759ae11b57f55435162bb06037932ae318d 2912 hhvm_3.12.1+dfsg-1.dsc c8670b0ffff545f044bf59dba2bbc7db45d40272 26406840 hhvm_3.12.1+dfsg.orig.tar.gz 0138b1d41a37f4fa0ef4c56276cce158f8fd34d6 27228 hhvm_3.12.1+dfsg-1.debian.tar.xz 4c7dfa57f81e632ba5ca760375b08dd95c6a1607 387776378 hhvm-dbg_3.12.1+dfsg-1_amd64.deb f35e3b54932d6e24799bfe8513c54341f0ea464b 2581108 hhvm-dev_3.12.1+dfsg-1_amd64.deb ba2fab29bc13efaf8bdd5ed562ae93eee39b726b 10577554 hhvm_3.12.1+dfsg-1_amd64.deb Checksums-Sha256: 4e7e19f55ac3d6de19b04d78daaa136f1228196fcccf98632f01855ec39c730b 2912 hhvm_3.12.1+dfsg-1.dsc 113eb6a7a38ade14472381cadec4e5edced15b426a540db4f0cf0ad26bd7bcdf 26406840 hhvm_3.12.1+dfsg.orig.tar.gz 78e7cedde9df30a149d9176601608af4b775b40f6ec3b20e699e6041968c0c30 27228 hhvm_3.12.1+dfsg-1.debian.tar.xz 1fccf1a58ee4488fdce9a1c9a711b4d6e2428f9fcda261becd8352c6dd943be5 387776378 hhvm-dbg_3.12.1+dfsg-1_amd64.deb 0590261c597b11862d3beb587bee13477b1415df32dfa9560f9c6940d3e355f8 2581108 hhvm-dev_3.12.1+dfsg-1_amd64.deb a139e14dfc539875b67ee7ba6eb1a1f44ebfad44acde798df950e592914da9ed 10577554 hhvm_3.12.1+dfsg-1_amd64.deb Files: 521bbab12cf2eb245aa4324866127f47 2912 php optional hhvm_3.12.1+dfsg-1.dsc a09a113a0d78883f2b531f243b7c33be 26406840 php optional hhvm_3.12.1+dfsg.orig.tar.gz 9641434074622c2337a0e9b668dbfd35 27228 php optional hhvm_3.12.1+dfsg-1.debian.tar.xz 2a2e02fae793b66c4c141d09d4a3249f 387776378 debug extra hhvm-dbg_3.12.1+dfsg-1_amd64.deb 0a55fa955dafc593ad3ff48c5610129e 2581108 libdevel extra hhvm-dev_3.12.1+dfsg-1_amd64.deb 0eb80ef7281badf21b754d891fa47498 10577554 php optional hhvm_3.12.1+dfsg-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJW8/VHAAoJEJ0LXlse7I8OKCEP/AlStJeyTn3ky51BM7T6vB7I RfpSqoLSoEnrgm669YmAitCLinn+x7CKivSAWTIS7RI248+wHxwrnqlT928qphXU 7DY960y00s2ChDdw6/Iq9wTBKgXbSN2stYlY/d8tDSEvhQ3sku4ZtOwpAD6p9lo6 CYyDecExJDFv1Rj0GazlBADwzXCUQdStlhCLz7yATxKsvaXdIStMHUmJxA7gVhDN zJczKfP0uU7iiqifT8LOPrTJFQDG7br8X0QTHdDB4MiLugOh6ZL94bslSl4iboNy ccHuAeZKqWiPdRCpJJnvRsk0dGg1Kxad3qQEe+jsJO5LLMRsJWfkVC2wKMWZ5S7C UU6iywUiYLpUcwfei0yhTD6PnaeA4/KHzriOvF8x1WV0RkX9BegA09wYTo3j4Xs7 usOmqtCFIteVCOMPebe/v+c2ybI+PL/CIFYV9JiW418lnl2HuHXaba5v/KQSomuT kcRXWxtOKzWe3LEXveawZCSCewqa1+JxKhIWoPIPpSiYiHNOpaSk6+FaFwl2rozg OyYJAVlJwYA+YFaBboO2zfwlxuwl8qXQTJxsWfZH9DCr+EHYD5HzMn6GkfUJPX59 qwQjvLDLd96fboZzMehSshUie709biIw17D5PyeWZKH31mqeylV/kwBdxKsvL0qR Qe8PYiCaKs1BAkNEZrwU =tiYu -----END PGP SIGNATURE-----
