Back to hhvm PTS page

Accepted hhvm 3.12.1+dfsg-1 (source amd64) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted hhvm 3.12.1+dfsg-1 (source amd64) into unstable
From: Faidon Liambotis <paravoid@debian.org>
Date: Thu, 24 Mar 2016 16:02:51 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1aj7il-0002zY-Lo@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 23 Mar 2016 16:04:42 +0200
Source: hhvm
Binary: hhvm hhvm-dbg hhvm-dev
Architecture: source amd64
Version: 3.12.1+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian HHVM packaging team <pkg-hhvm-team@lists.alioth.debian.org>
Changed-By: Faidon Liambotis <paravoid@debian.org>
Description:
 hhvm       - HipHop Virtual Machine, a JIT replacement for PHP - main runtime
 hhvm-dbg   - HipHop Virtual Machine, a JIT replacement for PHP - debugging sym
 hhvm-dev   - HipHop Virtual Machine, a JIT replacement for PHP - development f
Closes: 818831
Changes:
 hhvm (3.12.1+dfsg-1) unstable; urgency=medium
 .
   [ Faidon Liambotis ]
   * New upstream minor release, multiple security fixes:
     - XSLTProcessor NULL Pointer dereference (PHP bug #69782, CVE-2015-6838)
     - HAVAL gives wrong hashes in specific cases (PHP bug #70312)
     - ZipArchive::extractTo allows for directory traversal when creating
       directories (PHP bug #70350)
     - Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32
       bytes (PHP bug #70385)
     - php_url_parse_ex() buffer overflow read (PHP bug #70480)
     - Make FileUitls::Canonicalize return the empty string if it encounters a
       path with a null byte (CVE-2016-1552)
     - Disallow null bytes in more path-type arguments (CVE-2016-1552)
     - Explicitly check for null bytes in more cases (CVE-2016-1552)
     - Run __wakeup() on unserialized objects at end of unserialization in
       iptcembed
     - Fix heap overflow(s) in iptcembed
   * Backport upstream fix for isnan/isinf that should fix an FTBFS with glibc
     2.23 (currently in experimental). (Closes: #818831)
 .
   [ Giuseppe Lavagetto ]
   * Trivial fix to the upstart script.
Checksums-Sha1:
 bf3d2759ae11b57f55435162bb06037932ae318d 2912 hhvm_3.12.1+dfsg-1.dsc
 c8670b0ffff545f044bf59dba2bbc7db45d40272 26406840 hhvm_3.12.1+dfsg.orig.tar.gz
 0138b1d41a37f4fa0ef4c56276cce158f8fd34d6 27228 hhvm_3.12.1+dfsg-1.debian.tar.xz
 4c7dfa57f81e632ba5ca760375b08dd95c6a1607 387776378 hhvm-dbg_3.12.1+dfsg-1_amd64.deb
 f35e3b54932d6e24799bfe8513c54341f0ea464b 2581108 hhvm-dev_3.12.1+dfsg-1_amd64.deb
 ba2fab29bc13efaf8bdd5ed562ae93eee39b726b 10577554 hhvm_3.12.1+dfsg-1_amd64.deb
Checksums-Sha256:
 4e7e19f55ac3d6de19b04d78daaa136f1228196fcccf98632f01855ec39c730b 2912 hhvm_3.12.1+dfsg-1.dsc
 113eb6a7a38ade14472381cadec4e5edced15b426a540db4f0cf0ad26bd7bcdf 26406840 hhvm_3.12.1+dfsg.orig.tar.gz
 78e7cedde9df30a149d9176601608af4b775b40f6ec3b20e699e6041968c0c30 27228 hhvm_3.12.1+dfsg-1.debian.tar.xz
 1fccf1a58ee4488fdce9a1c9a711b4d6e2428f9fcda261becd8352c6dd943be5 387776378 hhvm-dbg_3.12.1+dfsg-1_amd64.deb
 0590261c597b11862d3beb587bee13477b1415df32dfa9560f9c6940d3e355f8 2581108 hhvm-dev_3.12.1+dfsg-1_amd64.deb
 a139e14dfc539875b67ee7ba6eb1a1f44ebfad44acde798df950e592914da9ed 10577554 hhvm_3.12.1+dfsg-1_amd64.deb
Files:
 521bbab12cf2eb245aa4324866127f47 2912 php optional hhvm_3.12.1+dfsg-1.dsc
 a09a113a0d78883f2b531f243b7c33be 26406840 php optional hhvm_3.12.1+dfsg.orig.tar.gz
 9641434074622c2337a0e9b668dbfd35 27228 php optional hhvm_3.12.1+dfsg-1.debian.tar.xz
 2a2e02fae793b66c4c141d09d4a3249f 387776378 debug extra hhvm-dbg_3.12.1+dfsg-1_amd64.deb
 0a55fa955dafc593ad3ff48c5610129e 2581108 libdevel extra hhvm-dev_3.12.1+dfsg-1_amd64.deb
 0eb80ef7281badf21b754d891fa47498 10577554 php optional hhvm_3.12.1+dfsg-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJW8/VHAAoJEJ0LXlse7I8OKCEP/AlStJeyTn3ky51BM7T6vB7I
RfpSqoLSoEnrgm669YmAitCLinn+x7CKivSAWTIS7RI248+wHxwrnqlT928qphXU
7DY960y00s2ChDdw6/Iq9wTBKgXbSN2stYlY/d8tDSEvhQ3sku4ZtOwpAD6p9lo6
CYyDecExJDFv1Rj0GazlBADwzXCUQdStlhCLz7yATxKsvaXdIStMHUmJxA7gVhDN
zJczKfP0uU7iiqifT8LOPrTJFQDG7br8X0QTHdDB4MiLugOh6ZL94bslSl4iboNy
ccHuAeZKqWiPdRCpJJnvRsk0dGg1Kxad3qQEe+jsJO5LLMRsJWfkVC2wKMWZ5S7C
UU6iywUiYLpUcwfei0yhTD6PnaeA4/KHzriOvF8x1WV0RkX9BegA09wYTo3j4Xs7
usOmqtCFIteVCOMPebe/v+c2ybI+PL/CIFYV9JiW418lnl2HuHXaba5v/KQSomuT
kcRXWxtOKzWe3LEXveawZCSCewqa1+JxKhIWoPIPpSiYiHNOpaSk6+FaFwl2rozg
OyYJAVlJwYA+YFaBboO2zfwlxuwl8qXQTJxsWfZH9DCr+EHYD5HzMn6GkfUJPX59
qwQjvLDLd96fboZzMehSshUie709biIw17D5PyeWZKH31mqeylV/kwBdxKsvL0qR
Qe8PYiCaKs1BAkNEZrwU
=tiYu
-----END PGP SIGNATURE-----