* SECURITY UPDATE: denial of service and possible memory corruption via
negative size in HTTP chunked encoding stream
- debian/patches/CVE-2010-1866.patch: prevent chunk_size from
overflowing in ext/standard/filters.c.
- CVE-2010-1866
* SECURITY UPDATE: arbitrary code execution via empty SQL query
- debian/patches/CVE-2010-1868.patch: use ecalloc instead of emalloc in
ext/sqlite/sqlite.c.
- CVE-2010-1868
* SECURITY UPDATE: denial of service via fnmatch stack consumption
- debian/patches/CVE-2010-1917.patch: limit size of pattern in
ext/standard/file.c.
- CVE-2010-1917
* SECURITY UPDATE: arbitrary memory disclosure and possible code
execution via phar extension
- debian/patches/CVE-2010-2094.patch: use correct format string in
ext/phar/dirstream.c, ext/phar/stream.c.
- CVE-2010-2094
- CVE-2010-2950
* SECURITY UPDATE: sensitive information disclosure or arbitrary code
execution via use-after-free in SplObjectStorage unserializer
- debian/patches/CVE-2010-2225.patch: fix logic in
ext/spl/spl_observer.c, ext/standard/{php_var.h,var_unserializer.*},
add tests to ext/spl/tests.
- CVE-2010-2225
* SECURITY UPDATE: sensitive information disclosure via error messages
- debian/patches/CVE-2010-2531.patch: don't display data when flushing
output buffer in ext/standard/{var.c,php_var.h}, fix tests in
ext/standard/tests/general_functions.
- CVE-2010-2531
* SECURITY UPDATE: arbitrary session variable modification via crafted
session variable name
- debian/patches/CVE-2010-3065.patch: handle PS_UNDEF_MARKER marker in
ext/session/session.c.
- CVE-2010-3065
* debian/patches/lp564920-fix-big-files.patch: Fix downloading of large
files (LP: #564920)
-- Marc Deslauriers <email address hidden> Fri, 17 Sep 2010 08:14:26 -0400
This bug was fixed in the package php5 - 5.3.2-1ubuntu4.5
---------------
php5 (5.3.2-1ubuntu4.5) lucid-security; urgency=low
* SECURITY UPDATE: denial of service and possible memory corruption via patches/ CVE-2010- 1866.patch: prevent chunk_size from filters. c. patches/ CVE-2010- 1868.patch: use ecalloc instead of emalloc in sqlite/ sqlite. c. patches/ CVE-2010- 1917.patch: limit size of pattern in standard/ file.c. patches/ CVE-2010- 2094.patch: use correct format string in phar/dirstream. c, ext/phar/stream.c. patches/ CVE-2010- 2225.patch: fix logic in spl/spl_ observer. c, ext/standard/ {php_var. h,var_unseriali zer.*}, patches/ CVE-2010- 2531.patch: don't display data when flushing {var.c, php_var. h}, fix tests in standard/ tests/general_ functions. patches/ CVE-2010- 3065.patch: handle PS_UNDEF_MARKER marker in session/ session. c. patches/ lp564920- fix-big- files.patch: Fix downloading of large
negative size in HTTP chunked encoding stream
- debian/
overflowing in ext/standard/
- CVE-2010-1866
* SECURITY UPDATE: arbitrary code execution via empty SQL query
- debian/
ext/
- CVE-2010-1868
* SECURITY UPDATE: denial of service via fnmatch stack consumption
- debian/
ext/
- CVE-2010-1917
* SECURITY UPDATE: arbitrary memory disclosure and possible code
execution via phar extension
- debian/
ext/
- CVE-2010-2094
- CVE-2010-2950
* SECURITY UPDATE: sensitive information disclosure or arbitrary code
execution via use-after-free in SplObjectStorage unserializer
- debian/
ext/
add tests to ext/spl/tests.
- CVE-2010-2225
* SECURITY UPDATE: sensitive information disclosure via error messages
- debian/
output buffer in ext/standard/
ext/
- CVE-2010-2531
* SECURITY UPDATE: arbitrary session variable modification via crafted
session variable name
- debian/
ext/
- CVE-2010-3065
* debian/
files (LP: #564920)
-- Marc Deslauriers <email address hidden> Fri, 17 Sep 2010 08:14:26 -0400