Change log for php5 package in Debian
1 → 75 of 250 results | First • Previous • Next • Last |
Published in jessie-release |
php5 (5.6.33+dfsg-0+deb8u1) jessie-security; urgency=high * Add support for signed upstream tarballs * Make d/copyright machine readable * Remove repack.sh script in favour of uscan repacking * Update Vcs-* links to salsa.d.o * New upstream version 5.6.33+dfsg * Rebase patches on top of new upstream releases. -- Ondřej Surý <email address hidden> Fri, 05 Jan 2018 13:31:37 +0000
Superseded in jessie-release |
php5 (5.6.30+dfsg-0+deb8u1) jessie-security; urgency=medium * Allow relaxed ; priority=<num> parsing (Closes: #783246) * New upstream version 5.6.30+dfsg - [CVE-2016-10158] FPE when parsing a tag format. - [CVE-2016-10159] Crash while loading hostile phar archive - [CVE-2016-10160] Memory corruption when loading hostile phar - [CVE-2016-10161] Heap out of bounds read on unserialize in finish_nested_data() * Rebase patches on top of PHP 5.6.30 -- Ondřej Surý <email address hidden> Wed, 25 Jan 2017 15:19:43 +0100
Superseded in jessie-release |
php5 (5.6.29+dfsg-0+deb8u1) jessie-security; urgency=high * Imported Upstream version 5.6.29+dfsg * Rebase patches on top of PHP 5.6.29 release * Change Build-Depend from libsystemd-daemon-dev to libsystemd-dev -- Ondřej Surý <email address hidden> Tue, 13 Dec 2016 16:11:43 +0100
Deleted in sid-release (Reason: None provided.) |
php5 (5.6.26+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.26+dfsg * Rebase patches on top of PHP 5.6.26+dfsg release -- Ondřej Surý <email address hidden> Sun, 18 Sep 2016 10:59:09 +0200
Superseded in jessie-release |
php5 (5.6.24+dfsg-0+deb8u1) jessie-security; urgency=high * Imported Upstream version 5.6.24+dfsg * Rebase patches on top of 5.6.24+dfsg release -- Ondřej Surý <email address hidden> Tue, 26 Jul 2016 10:09:22 +0200
Superseded in sid-release |
php5 (5.6.24+dfsg-1) unstable; urgency=medium * Move -ignore_session_path to be the first argument (Closes: #830792) * Imported Upstream version 5.6.24+dfsg * Rebase patches on top of 5.6.24+dfsg release -- Ondřej Surý <email address hidden> Tue, 26 Jul 2016 09:08:21 +0200
Superseded in sid-release |
php5 (5.6.23+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.23+dfsg * Rebase patches on top of 5.6.23+dfsg * Adjust tidy extension for tidy-html5 -- Ondřej Surý <email address hidden> Fri, 24 Jun 2016 09:53:25 +0200
php5 (5.6.22+dfsg-2) unstable; urgency=medium * Silence errors from find caused by time race (Closes: #827370) -- Ondřej Surý <email address hidden> Wed, 15 Jun 2016 18:02:46 +0200
Superseded in jessie-release |
php5 (5.6.20+dfsg-0+deb8u1) jessie-security; urgency=medium * Imported Upstream version 5.6.20+dfsg * Rebase patches on top of 5.6.20+dfsg release -- Ondřej Surý <email address hidden> Wed, 27 Apr 2016 13:17:22 +0200
php5 (5.6.22+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.22+dfsg * Add Provides: php5-mysql to php5-mysqlnd (Closes: #820451) -- Ondřej Surý <email address hidden> Thu, 26 May 2016 14:18:04 +0200
php5 (5.6.21+dfsg-2) unstable; urgency=medium [ Santiago Vila ] * Make src:php5 compatible with source-only uploads (Closes: #823954) -- Ondřej Surý <email address hidden> Wed, 11 May 2016 15:55:22 +0200
php5 (5.6.21+dfsg-1) unstable; urgency=medium * Update Vcs-* to point at pkg-php/php5.git * Imported Upstream version 5.6.21+dfsg * Rebase patches on top of 5.6.21+dfsg release * Add patch to make opcache lockfile path configurable * Replace the while loop with for loop to prevent launching subshell in the sessionclean script -- Ondřej Surý <email address hidden> Wed, 04 May 2016 11:44:55 +0200
php5 (5.6.20+dfsg-1) unstable; urgency=medium * Allow multiple whitespace in php5-fpm init script (Closes: #818102) * Improve conffile parsing ini the init.d script * Imported Upstream version 5.6.20+dfsg * Rebase patches on top of 5.6.20+dfsg release -- Ondřej Surý <email address hidden> Thu, 31 Mar 2016 16:51:18 +0200
Published in wheezy-release |
php5 (5.4.45-0+deb7u2) wheezy-security; urgency=high * Merge security updates from PHP 5.5.30 into PHP 5.4.45 - Phar: . Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). . Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"). * Add a notice about PHP 5.4 EOL to d/NEWS -- Ondřej Surý <email address hidden> Sun, 04 Oct 2015 17:12:28 +0200
Superseded in jessie-release |
php5 (5.6.19+dfsg-0+deb8u1) jessie-security; urgency=medium * Imported Upstream version 5.6.19+dfsg * Rebase patches on top of 5.6.19+dfsg release * Allow multiple whitespace in php5-fpm init script (Closes: #818102) -- Ondřej Surý <email address hidden> Mon, 07 Mar 2016 20:09:14 +0100
php5 (5.6.19+dfsg-2) unstable; urgency=medium * Return /usr/share/php to the default include_path that got dropped when we stopped building PEAR from this source package (Closes: #817769) -- Ondřej Surý <email address hidden> Fri, 11 Mar 2016 09:25:59 +0100
Superseded in sid-release |
php5 (5.6.19+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.19+dfsg * Rebase patches on top of 5.6.19+dfsg release * Stop building php-pear from src:php5 sources -- Ondřej Surý <email address hidden> Mon, 07 Mar 2016 21:09:11 +0100
Superseded in sid-release |
php5 (5.6.18+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.18+dfsg - Core: . Fixed bug #71039 (exec functions ignore length but look for NULL termination). . Fixed bug #71089 (No check to duplicate zend_extension). . Fixed bug #71201 (round() segfault on 64-bit builds). . Added support for new HTTP 451 code. . Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash). . Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input). . Fixed bug #71459 (Integer overflow in iptcembed()). - Apache2handler: . Fix >2G Content-Length headers in apache2handler. - FTP: . Implemented FR #55651 (Option to ignore the returned FTP PASV address). - Opcache: . Fixed bug #71127 (Define in auto_prepend_file is overwrite). . Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 on the same server). - Phar: . Fixed bug #71354 (Heap corruption in tar/zip/phar parser). . Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()). . Fixed bug #71488 (Stack overflow when decompressing tar archives). - Session: . Fixed bug #69111 (Crash in SessionHandler::read()). - SOAP: . Fixed bug #70979 (crash with bad soap request). - SPL: . Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading). - WDDX: . Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). * Rebase patches on top of 5.6.18 release * Add support for libtool >= 2.4.6 ltmain.sh location -- Ondřej Surý <email address hidden> Wed, 24 Feb 2016 16:30:24 +0100
Superseded in jessie-release |
php5 (5.6.17+dfsg-0+deb8u1) jessie; urgency=high * Imported Upstream version 5.6.17+dfsg - Core: . Fixed bug #66909 (configure fails utf8_to_mutf7 test). . Fixed bug #70958 (Invalid opcode while using ::class as trait method parameter default value). . Fixed bug #70957 (self::class can not be resolved with reflection for abstract class). . Fixed bug #70944 (try{ } finally{} can create infinite chains of exceptions). . Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol: php_register_internal_extensions). - FPM: . Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). - GD: . Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). - Mysqlnd: . Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction). - SOAP: . Fixed bug #70900 (SoapClient systematic out of memory error). - Standard: . Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number of parameters). - PDO_Firebird: . Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). - WDDX: . Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization). . Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability). - XMLRPC: . Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker()). * Rebase patches on top of 5.6.17+dfsg release * Make phar command versioned and use update-alternatives for 'phar' name to allow coinstallation with src:php7.0 packages -- Ondřej Surý <email address hidden> Fri, 08 Jan 2016 09:01:13 +0100
php5 (5.6.17+dfsg-3) unstable; urgency=medium * Fail gracefully when other PHP module is enabled in Apache2 * php5-maintscript-helper needs update for phpdbg to fix postinst failure -- Ondřej Surý <email address hidden> Fri, 15 Jan 2016 09:53:46 +0100
php5 (5.6.17+dfsg-1) unstable; urgency=medium * Build-Depend just on libpng-dev * Imported Upstream version 5.6.17+dfsg * Rebase patches on top of 5.6.17 release -- Ondřej Surý <email address hidden> Fri, 08 Jan 2016 08:18:37 +0100
Superseded in sid-release |
php5 (5.6.16+dfsg-4) unstable; urgency=medium * Make phar command versioned and use update-alternatives for 'phar' name to allow src:php5 packages to be co-installed with src:php7.0 -- Ondřej Surý <email address hidden> Mon, 04 Jan 2016 15:21:55 +0100
Superseded in sid-release |
php5 (5.6.16+dfsg-3) unstable; urgency=medium * Remove invalid patch to not reset packagingroot inside PEAR/Command/Install.php * Revert PEAR version to last working version from PHP 5.6.14 (Closes: #805222) -- Ondřej Surý <email address hidden> Thu, 31 Dec 2015 14:48:43 +0100
Deleted in experimental-release (Reason: None provided.) |
php5 (7.0) experimental; urgency=low * Convert the src:php5 package to produce transitional dummy packages -- Ondřej Surý <email address hidden> Tue, 29 Dec 2015 09:27:34 +0100
php5 (5.6.16+dfsg-2) unstable; urgency=medium [ Jan Wagner ] * Adding 'PHP_INI_SCAN_DIR=/etc/php5/${conf_dir}/conf.d/' to session cleanup script when calling php [ Ondřej Surý ] * Add patch to not reset packagingroot inside PEAR/Command/Install.php (Closes: #805222) -- Ondřej Surý <email address hidden> Mon, 07 Dec 2015 17:15:51 +0100
php5 (5.6.16+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.16+dfsg - Core: . Fixed bug #70828 (php-fpm 5.6 with opcache crashes when referencing a non-existent constant). . Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l). - Mysqlnd: . Fixed bug #68344 (MySQLi does not provide way to disable peer certificate validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag. - OCI8: . Fixed bug #68298 (OCI int overflow). - PDO_DBlib: . Fixed bug #69757 (Segmentation fault on nextRowset). - SOAP: . Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace attribute). - SPL: . Fixed bug #70852 (Segfault getting NULL offset of an ArrayObject). * Rebase patches on top of 5.6.16+dfsg release -- Ondřej Surý <email address hidden> Tue, 01 Dec 2015 13:21:11 +0100
php5 (5.6.15+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.15+dfsg - Core: . Fixed bug #70681 (Segfault when binding $this of internal instance method to null). . Fixed bug #70685 (Segfault for getClosure() internal method rebind with invalid $this). - Date: . Fixed bug #70619 (DateTimeImmutable segfault). - Mcrypt: . Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was specified under RC4). - Mysqlnd: . Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server). . Fixed bug #70572 segfault in mysqlnd_connect. - Opcache: . Fixed bug #70632 (Third one of segfault in gc_remove_from_buffer). . Fixed bug #70631 (Another Segfault in gc_remove_from_buffer()). . Fixed bug #70601 (Segfault in gc_remove_from_buffer()). . Fixed compatibility with Windows 10 (see also bug #70652). * Rebase patches on top of 5.6.15+dfsg -- Ondřej Surý <email address hidden> Wed, 11 Nov 2015 12:00:46 +0100
php5 (5.6.14+dfsg-1) unstable; urgency=medium * Imported Upstream version 5.6.14+dfsg - Core: . Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions). - CLI server: . Fixed bug #68291 (404 on urls with '+'). - DOM: . Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity encoding). - Mysqlnd: . Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to a server). - OpenSSL: . Fixed bug #55259 (openssl extension does not get the DH parameters from DH key resource). . Fixed bug #70395 (Missing ARG_INFO for openssl_seal()). . Fixed bug #60632 (openssl_seal fails with AES). . Fixed bug #68312 (Lookup for openssl.cnf causes a message box). - PDO: . Fixed bug #70389 (PDO constructor changes unrelated variables). - Phar: . Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()). . Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/"). - Phpdbg: . Fix phpdbg_break_next() sometimes not breaking. - Standard: . Fixed bug #67131 (setcookie() conditional for empty values not met). - Streams: . Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections). - Zip: . Fixed bug #70322 (ZipArchive::close() doesn't indicate errors). * Rebase patches on top of PHP 5.6.14+dfsg -- Ondřej Surý <email address hidden> Sun, 04 Oct 2015 17:52:54 +0200
php5 (5.6.13+dfsg-2) unstable; urgency=medium [ Justin Pasher ] * Improve sessionclean script to handle tiered and symlinked directories [ Bernat Arlandis ] * Fix the bug where sessionclean doesn't touch session files -- Ondřej Surý <email address hidden> Thu, 17 Sep 2015 10:11:18 +0200
Superseded in sid-release |
php5 (5.6.13+dfsg-1) unstable; urgency=medium * New upstream version 5.6.13+dfsg * Refresh patches on top of 5.6.13+dfsg release -- Ondřej Surý <email address hidden> Mon, 07 Sep 2015 11:54:24 +0200
Superseded in wheezy-release |
php5 (5.4.44-0+deb7u1) wheezy-security; urgency=medium * New upstream version 5.4.44 - Core: . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls). . Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). . Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref). - OpenSSL: . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). - Phar: . Improved fix for bug #69441. . Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). - SOAP: . Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions). - SPL: . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). * New upstream version 5.4.43 - Core: . Fixed bug #69768 (escapeshell*() doesn't cater to !). . Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. - Mysqlnd: . Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152). - Phar: . Fixed bug #69958 (Segfault in Phar::convertToData on invalid file). . Fixed bug #69923 (Buffer overflow and stack smashing error in phar_fix_filepath). * Rebase patches on top of 5.4.44 release -- Ondřej Surý <email address hidden> Sun, 16 Aug 2015 11:44:10 +0200
php5 (5.6.12+dfsg-1) unstable; urgency=medium * Drop explicit support for upstart (Closes: #792892) * Imported Upstream version 5.6.12+dfsg * Rebase patches using gbp pq on top of PHP 5.6.12+dfsg * Silence the MySQL library mismatch warning (Closes: #794191) -- Ondřej Surý <email address hidden> Sun, 16 Aug 2015 10:34:01 +0200
php5 (5.6.11+dfsg-1) unstable; urgency=medium * New upstream version 5.6.11+dfsg * Finish the transition to libsystemd, but allow backports (Closes: #779780) * Refresh patches using gbp pq rebase/export -- Ondřej Surý <email address hidden> Wed, 15 Jul 2015 12:47:39 +0200
php5 (5.6.9+dfsg-1) unstable; urgency=medium * New upstream version 5.6.9+dfsg - Core: . Fixed bug #69467 (Wrong checked for the interface by using Trait). . Fixed bug #69420 (Invalid read in zend_std_get_method). . Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). . Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). . Fixed bug #68652 (segmentation fault in destructor). . Fixed bug #69419 (Returning compatible sub generator produces a warning). . Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). . Fixed bug #69522 (heap buffer overflow in unpack()). - FTP: . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). - ODBC: . Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). . Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). . Fixed bug #69381 (out of memory with sage odbc driver). - OpenSSL: . Fixed bug #69402 (Reading empty SSL stream hangs until timeout). - PCNTL: . Fixed bug #68598 (pcntl_exec() should not allow null char). - PCRE . Upgraded pcrelib to 8.37. - Phar: . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). * Rebased patches on top of 5.6.9+dfsg version -- Ondřej Surý <email address hidden> Fri, 22 May 2015 09:35:03 +0200
php5 (5.6.7+dfsg-1) unstable; urgency=medium * New upstream version 5.6.7+dfsg - Core: . Fixed bug #69174 (leaks when unused inner class use traits precedence). . Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). . Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). . Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). . Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). . Fixed bug #68166 (Exception with invalid character causes segv). . Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). . Fixed bug #68976 (Use After Free Vulnerability in unserialize()) (CVE-2015-0231). . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). . Fixed bug #69207 (move_uploaded_file allows nulls in path). - CGI: . Fixed bug #69015 (php-cgi's getopt does not see $argv). - CLI: . Fixed bug #67741 (auto_prepend_file messes up __LINE__). - cURL: . Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). . Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. - Ereg: . Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305). - FPM: . Fixed bug #68822 (request time is reset too early). - ODBC: . Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). - Opcache: . Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function). . Fixed bug #69125 (Array numeric string as key). . Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). - OpenSSL: . Fixed bug #68912 (Segmentation fault at openssl_spki_new). . Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). . Fixed bug #68920 (use strict peer_fingerprint input checks) . Fixed bug #68879 (IP Address fields in subjectAltNames not used) . Fixed bug #68265 (SAN match fails with trailing DNS dot) . Fixed bug #67403 (Add signatureType to openssl_x509_parse) . Fixed bug (#69195 Inconsistent stream crypto values across versions) - pgsql: . Fixed bug #68638 (pg_update() fails to store infinite values). - Readline: . Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). - SOAP: . Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). - SPL: . Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). . Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). - ZIP: . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). * Refresh patches for 5.6.7 release * Pull a patch to fix SQL_DESC_OCTET_LENGTH not supported by ADS ODBC driver (PHP#68350) from Debian wheezy PHP 5.4 branch * Fix PHP segfault in zend_hash_find (PHP#68486) * Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ as it's not a quilt patch -- Ondřej Surý <email address hidden> Tue, 24 Mar 2015 11:19:21 +0100
php5 (5.6.6+dfsg-2) unstable; urgency=medium * Fix use after free in 'opcache' component of PHP (CVE-2015-1351) * Fix NULL Pointer Deference in pgsql (CVE-2015-1352) (Closes: #777033) -- Ondřej Surý <email address hidden> Tue, 24 Feb 2015 07:54:59 +0100
Superseded in sid-release |
php5 (5.6.6+dfsg-1) unstable; urgency=medium * New upstream version 5.6.6+dfsg * Pull patch from DragonFly BSD Project to limit the pattern space to avoid a 32-bit overflow in Henry Spencer regular expressions (regex) library (Closes: #778389) * Update patches for 5.6.6 release -- Ondřej Surý <email address hidden> Fri, 20 Feb 2015 10:08:13 +0100
php5 (5.6.5+dfsg-2) unstable; urgency=high * Add patch to revert upstream commit on feof that broke Horde and others (Courtesy of Mike Gabriel) (Closes: #778374) -- Ondřej Surý <email address hidden> Tue, 17 Feb 2015 09:39:33 +0100
php5 (5.6.5+dfsg-1) unstable; urgency=medium * New upstream version 5.6.5+dfsg * Security vulnerabilities fixed: + Core - Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()). (CVE-2015-0231) + CGI: - Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427) + EXIF: - Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232) * Update patches for 5.6.5 release -- Ondřej Surý <email address hidden> Mon, 26 Jan 2015 12:00:58 +0100
Superseded in wheezy-release |
php5 (5.4.36-0+deb7u1) wheezy-security; urgency=high * New upstream version 5.4.36 + Core: - Upgraded crypt_blowfish to version 1.3. - Fixed bug #68545 (NULL pointer dereference in unserialize.c). - Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) + Mcrypt: - Fixed possible read after end of buffer and use after free. * Update patches for 5.4.36 release * Download missing install-pear-nozlib.phar and add it as a quilt patch * Remove extra INI file patch that added duplicate lines * Fix lo_export to check for invalid return value (Closes: #773182) * Fix out of bounds read that crashes php-cgi -- Ondřej Surý <email address hidden> Sun, 21 Dec 2014 20:51:11 +0100
php5 (5.6.4+dfsg-4) unstable; urgency=medium * Disable tests on ppc64* to workaround crashing mysql-server on ppc64el (Workaround: #774795) -- Ondřej Surý <email address hidden> Thu, 08 Jan 2015 15:41:29 +0100
Deleted in experimental-release (Reason: None provided.) |
php5 (5.6.4+dfsg-3+exp1) experimental; urgency=medium * Disable tests on ppc64* to workaround crashing mysql-server on ppc64el -- Ondřej Surý <email address hidden> Thu, 08 Jan 2015 15:41:29 +0100
Superseded in sid-release |
php5 (5.6.4+dfsg-3) unstable; urgency=medium * Use noawait variants for deb-triggers to break the dependency loop (Closes: #774559) -- Ondřej Surý <email address hidden> Mon, 05 Jan 2015 14:27:19 +0100
Superseded in sid-release |
php5 (5.6.4+dfsg-2) unstable; urgency=medium * Pull upstream fixes for severe performance issues on pathological input in ext/fileinfo/libmagic/ copy (CVE-2014-8116, CVE-2014-8117) * Use ${misc:Pre-Depends} instead of hardcoded pre-dependency on dpkg -- Ondřej Surý <email address hidden> Tue, 30 Dec 2014 22:12:33 +0100
php5 (5.6.4+dfsg-1) unstable; urgency=medium * New upstream version 5.6.4+dfsg * Update patches for 5.6.4+dfsg release -- Ondřej Surý <email address hidden> Sun, 21 Dec 2014 19:11:08 +0100
Superseded in sid-release |
php5 (5.6.3+dfsg-1) unstable; urgency=medium * New upstream version 5.6.3+dfsg * Update patches for 5.6.3+dfsg release * Fix couple of PHP-FPM bugs unsuitable for release + Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). + Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). + Fixed bug #68423 (PHP-FPM will no longer load all pools). + Fixed bug #68428 (listen.allowed_clients is IPv4 only). + Fixed bug #68381 (fpm_unix_init_main ignores log_level). * Apply patch from PHP#68104 to fix segfaults in Zend OpCache (Closes: #754432) -- Ondřej Surý <email address hidden> Wed, 19 Nov 2014 12:11:38 +0100
Superseded in wheezy-release |
php5 (5.4.4-14+deb7u14) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Install sessionclean script into /usr/lib/php5/ Thanks to Daniel Néri (Closes: #758774) -- Salvatore Bonaccorso <email address hidden> Thu, 21 Aug 2014 10:15:08 +0200
php5 (5.6.2+dfsg-1) unstable; urgency=medium [ Thijs Kinkhorst ] * Checked for policy 3.9.6, no changes. [ Ondřej Surý ] * New upstream version 5.6.2+dfsg * Update patches for 5.6.2+dfsg release -- Ondřej Surý <email address hidden> Fri, 17 Oct 2014 16:22:47 +0200
Superseded in sid-release |
php5 (5.6.1+dfsg-1) unstable; urgency=medium * New upstream version 5.6.1+dfsg -- Thijs Kinkhorst <email address hidden> Wed, 15 Oct 2014 13:25:54 +0000
php5 (5.6.0+dfsg-1) unstable; urgency=medium * New upstream version 5.6.0+dfsg * Drop debian/patches/gdIOCtx.patch as it's no longer needed * Use printf instead of echo to print all SAPIS (https://wiki.ubuntu.com/DashAsBinSh#echo) -- Ondřej Surý <email address hidden> Thu, 28 Aug 2014 14:47:48 +0200
php5 (5.6.0~rc4+dfsg-4) unstable; urgency=medium * Remove unnoticed bashism from sessionclean script -- Ondřej Surý <email address hidden> Tue, 19 Aug 2014 17:10:40 +0200
Superseded in sid-release |
php5 (5.6.0~rc4+dfsg-3) unstable; urgency=medium * Even more fixes and improvements to session cleaning script -- Ondřej Surý <email address hidden> Tue, 19 Aug 2014 10:46:05 +0200
Superseded in sid-release |
php5 (5.6.0~rc4+dfsg-2) unstable; urgency=medium * Sanitize $PATH in php5-common postinst script (Closes: #758185) * Update the sessionclean script to only check for SAPI processes (Courtesy of Steve Kamerman) * Other various minor improvements in the session cleanup script -- Ondřej Surý <email address hidden> Mon, 18 Aug 2014 12:16:56 +0200
Superseded in sid-release |
php5 (5.6.0~rc4+dfsg-1) unstable; urgency=medium * New upstream version 5.6.0~rc4+dfsg * Update patches for 5.6.0~rc4+dfsg release * Don't Recommend php5-cli when Depending on it * Update /var/lib/php5 non-standard-dir-perm lintian override * Remove patch that reverted upstream patch that broke mod_fastcgi as this was fixed upstream -- Ondřej Surý <email address hidden> Thu, 14 Aug 2014 16:54:05 +0200
Superseded in sid-release |
php5 (5.6.0~rc3+dfsg-2) unstable; urgency=medium * Add WARNING about the need to modify the cron job if the session handling has been modified * Change the default session.save_path to /var/lib/php5/sessions * Clean session files sorted into subdirectories (Closes: #719982) * Make sessionclean script also respect session.save_path and session.save_handler (Closes: #720381) * Limit the session cleanup only to sess_* files to prevent accidental deletion of other files * Use \0 as a new line delimiter when reading the session directory list (Thanks Goswin Brederlow for review and tips) * Bump debhelper compat version to v9 (Closes: #696590) -- Ondřej Surý <email address hidden> Thu, 14 Aug 2014 15:04:08 +0200
php5 (5.6.0~rc3+dfsg-1) unstable; urgency=medium * Add dependency on libpcre3-dev in php5-dev package (PHP#67658) * New upstream version 5.6.0~rc3+dfsg * Refresh patches for 5.6.0~rc3+dfsg release -- Ondřej Surý <email address hidden> Fri, 01 Aug 2014 11:18:34 +0200
php5 (5.6.0~rc2+dfsg-5) unstable; urgency=medium * Fix null byte suffix after keys in getallheaders() result (Closes: #755115) -- Ondřej Surý <email address hidden> Sun, 20 Jul 2014 16:57:51 +0200
Published in squeeze-release |
php5 (5.3.3-7+squeeze19) squeeze-security; urgency=low * [CVE-2014-1943]: Fix segmentation fault in libmagic (Closes: #739012) -- Ondřej Surý <email address hidden> Mon, 17 Feb 2014 10:52:15 +0100
php5 (5.6.0~rc2+dfsg-4) unstable; urgency=medium [ Ondřej Surý ] * Fix invalid reportbug script directory in the php5 package (Closes: #754775) * Fix missing backslash that made php.ini-production empty (Closes: #755057) [ Andreas Schwab ] * Fix double free or corruption (!prev) on m68k (Closes: #714041) -- Ondřej Surý <email address hidden> Thu, 17 Jul 2014 12:46:05 +0200
Superseded in wheezy-release |
php5 (5.4.4-14+deb7u11) stable-security; urgency=high * [CVE-2014-4049]: Fix potential segfault in dns_get_record() -- Ondřej Surý <email address hidden> Fri, 13 Jun 2014 15:43:03 +0200
php5 (5.6.0~rc2+dfsg-3) unstable; urgency=medium * Remove Sean Finney from Uploaders; Thanks for all the hard work! * Revert upstream patch that broke mod_fastcgi (Closes: #754384) -- Ondřej Surý <email address hidden> Fri, 11 Jul 2014 09:29:36 +0200
Superseded in sid-release |
php5 (5.6.0~rc2+dfsg-2) unstable; urgency=medium * d/rules: Remove /usr from ./configure invocation to help multiarch * Add getallheaders() function to php5-fpm (Closes: #742497) * Install phar executable and its man page (Closes: #740876) * Move some php5-maintscript-helper messages to debug severity (Closes: #752102) * Disable expose_php in standard php.ini-production (Closes: #582204) -- Ondřej Surý <email address hidden> Wed, 09 Jul 2014 15:20:18 +0200
php5 (5.6.0~rc2+dfsg-1) unstable; urgency=medium * New upstream version 5.6.0~rc2+dfsg * Update patches for 5.6.0~rc2+dfsg release * Align our patches with Fedora packaging (Courtesy of Remi Collet) * Enable the tests again (Closes: #752099) * Use Apache 2.4 updated Allow/Deny directives (Closes: #738959) * Strip /usr from libedit, so the libedit is correctly found * Hack around the configure ordering that checks for phpdbg before checking for libedit (https://github.com/krakjoe/phpdbg/issues/103) * Add builtin extension list to phpdbg -- Ondřej Surý <email address hidden> Wed, 02 Jul 2014 15:50:39 +0200
Superseded in sid-release |
php5 (5.6.0~rc1+dfsg-3) unstable; urgency=medium * Add a duplicate signal handler to php5-fpm to issue reload on SIGHUP (Ubuntu#1242376) -- Ondřej Surý <email address hidden> Wed, 02 Jul 2014 11:48:34 +0200
Superseded in sid-release |
php5 (5.6.0~rc1+dfsg-2) unstable; urgency=medium * Pull upstream fix for phpinfo() Type Confusion Information Leak (PHP#67498) -- Ondřej Surý <email address hidden> Mon, 30 Jun 2014 09:28:23 +0200
php5 (5.6.0~rc1+dfsg-1) unstable; urgency=medium * New upstream version 5.6.0~rc1+dfsg * Add new phpdbg SAPI for easier PHP debugging * d/repack.sh: Switch the repack script to use dpt repack from pkg-perl-tools -- Ondřej Surý <email address hidden> Mon, 23 Jun 2014 14:16:54 +0200
php5 (5.6.0~beta4+dfsg-4) unstable; urgency=medium * Fixed regression introduced by patch for bug #67072 * Fix regression introduce in fix for bug #67118 -- Ondřej Surý <email address hidden> Wed, 18 Jun 2014 09:51:49 +0200
php5 (5.6.0~beta4+dfsg-3) unstable; urgency=high * [CVE-2014-4049]: Fix potential segfault in dns_get_record() -- Ondřej Surý <email address hidden> Fri, 13 Jun 2014 15:21:53 +0200
Superseded in sid-release |
php5 (5.6.0~beta4+dfsg-2) unstable; urgency=medium * Add UPGRADING document to php5-common and list backwards incompatible changes to d/NEWS (Closes: #750890) -- Ondřej Surý <email address hidden> Tue, 10 Jun 2014 14:08:57 +0200
Superseded in sid-release |
php5 (5.6.0~beta4+dfsg-1) unstable; urgency=medium [ Thijs Kinkhorst ] * Drop scary "DO NOT USE IT IN PRODUCTION" news entry. (Closes: #750682) [ Ondřej Surý ] * New upstream version 5.6.0~beta4+dfsg -- Ondřej Surý <email address hidden> Sat, 07 Jun 2014 10:07:44 +0200
php5 (5.6.0~beta3+dfsg-2) unstable; urgency=low * Remove extra wrong replacement from 5.5.0 to 5.6.0 * Drop the +lfs from phpapi we don't need it for transition anymore * Upload to unstable (start the transition period) -- Ondřej Surý <email address hidden> Wed, 28 May 2014 11:59:05 +0200
Deleted in experimental-release (Reason: None provided.) |
php5 (5.6.0~beta3+dfsg-1) experimental; urgency=medium * Set default listen.{owner,group} to www-data:www-data * Add more bash magick to the dfsg repack script * Merge some minor changes from Ubuntu + d/rules: export DEB_HOST_MULTIARCH properly + d/rules: stop mysql instance on clean just in case we failed in tests. + d/tests/{cgi,cli,mod-php}: dep8 tests for common use cases. * New upstream version 5.6.0~beta3+dfsg * Update patches for 5.6.0~beta3+dfsg release -- Ondřej Surý <email address hidden> Tue, 27 May 2014 16:56:30 +0200
php5 (5.5.12+dfsg-2) unstable; urgency=medium * Set default listen.{owner,group} to www-data:www-data (Closes: #747195) -- Ondřej Surý <email address hidden> Mon, 12 May 2014 14:22:52 +0200
php5 (5.5.12+dfsg-1) unstable; urgency=medium * New upstream version 5.5.12+dfsg + [CVE-2014-0185]: Fix possible privilege escalation due to insecure default configuration in php5-fpm. * Update patches for 5.5.12 release * Add a patch to fix zlib extension naming in LFS builds (Ubuntu#1315888) -- Ondřej Surý <email address hidden> Mon, 05 May 2014 10:20:28 +0200
Deleted in experimental-release (Reason: None provided.) |
php5 (5.6.0~beta2+dfsg-1) experimental; urgency=medium * Update patches for 5.6.0~beta2 release * New upstream version 5.6.0~beta2+dfsg * Import patch to fix zlib extension naming in LFS builds (Ubuntu#1315888) * Pull upstream patch to fix mysqli build when building against libmysqlclient -- Ondřej Surý <email address hidden> Mon, 05 May 2014 12:10:08 +0200
1 → 75 of 250 results | First • Previous • Next • Last |