Accepted php5 5.4.45-0+deb7u7 (source amd64 all) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 26 Jan 2017 23:00:20 -0500
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm libphp5-embed php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source amd64 all
Version: 5.4.45-0+deb7u7
Distribution: wheezy-security
Urgency: high
Maintainer: Debian PHP Maintainers <pkg-php-maint@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module)
libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo
libphp5-embed - HTML-embedded scripting language (Embedded SAPI library)
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (metapackage)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dbg - Debug symbols for PHP5
php5-dev - Files for PHP5 module development
php5-enchant - Enchant module for php5
php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary)
php5-gd - GD module for php5
php5-gmp - GMP module for php5
php5-imap - IMAP module for php5
php5-interbase - interbase/firebird module for php5
php5-intl - internationalisation module for php5
php5-ldap - LDAP module for php5
php5-mcrypt - MCrypt module for php5
php5-mysql - MySQL module for php5
php5-mysqlnd - MySQL module for php5 (Native Driver)
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-pspell - pspell module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-tidy - tidy module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Changes:
php5 (5.4.45-0+deb7u7) wheezy-security; urgency=high
.
[ Raphaƫl Hertzog ]
* Non-maintainer upload by the Debian LTS Team.
* Switch source package to "3.0 (quilt)" to be able to include
binary files in updates (useful for backported tests).
* CVE-2016-2554
Stack-based buffer overflow in ext/phar/tar.c allows remote attackers to
cause a denial of service (application crash) or possibly have unspecified
other impact via a crafted TAR archive.
* CVE-2016-3141
Use-after-free vulnerability in wddx.c in the WDDX extension allows remote
attackers to cause a denial of service (memory corruption and application
crash) or possibly have unspecified other impact by triggering a
wddx_deserialize call on XML data containing a crafted var element.
* Add some files which are missing for tests:
- ext/phar/tests/bug69720.phar
- ext/phar/tests/bug70433.zip
- ext/phar/tests/bug71331.tar
- ext/phar/tests/bug71488.tar
- ext/phar/tests/tar/files/bug64343.tar
.
[ Roberto C. Sanchez ]
* CVE-2016-3142
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP
before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain
sensitive information from process memory or cause a denial of service
(out-of-bounds read and application crash) by placing a PK\x05\x06 signature
at an invalid location.
* CVE-2016-4342
ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x
before 7.0.3 mishandles zero-length uncompressed data, which allows remote
attackers to cause a denial of service (heap memory corruption) or possibly
have unspecified other impact via a crafted (1) TAR, (2) ZIP, or (3) PHAR
archive.
* CVE-2016-9934
ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows remote
attackers to cause a denial of service (NULL pointer dereference) via crafted
serialized data in a wddxPacket XML document, as demonstrated by a PDORow
string.
* CVE-2016-9935
The php_wddx_push_element function in ext/wddx/wddx.c in PHP before 5.6.29
and 7.x before 7.0.14 allows remote attackers to cause a denial of service
(out-of-bounds read and memory corruption) or possibly have unspecified other
impact via an empty boolean element in a wddxPacket XML document.
* CVE-2016-10158
The exif_convert_any_to_int function in ext/exif/exif.c in PHP before
5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote attackers
to cause a denial of service (application crash) via crafted EXIF data that
triggers an attempt to divide the minimum representable negative integer by
-1.
* CVE-2016-10159
Integer overflow in the phar_parse_pharfile function in ext/phar/phar.c in
PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a
denial of service (memory consumption or application crash) via a truncated
manifest entry in a PHAR archive.
* CVE-2016-10160
Off-by-one error in the phar_parse_pharfile function in ext/phar/phar.c in
PHP before 5.6.30 and 7.0.x before 7.0.15 allows remote attackers to cause a
denial of service (memory corruption) or possibly execute arbitrary code via a
crafted PHAR archive with an alias mismatch.
* CVE-2016-10161
The object_common1 function in ext/standard/var_unserializer.c in PHP
before 5.6.30, 7.0.x before 7.0.15, and 7.1.x before 7.1.1 allows remote
attackers to cause a denial of service (buffer over-read and application
crash) via crafted serialized data that is mishandled in a finish_nested_data
call.
* BUG-71323.patch
Output of stream_get_meta_data can be falsified by its input
* BUG-70979.patch
Crash on bad SOAP request
* BUG-71039.patch
exec functions ignore length but look for NULL termination
* BUG-71459.patch
Integer overflow in iptcembed()
* BUG-71391.patch
NULL Pointer Dereference in phar_tar_setupmetadata()
* BUG-71335.patch
Type confusion vulnerability in WDDX packet deserialization
* Add some files which are missing for tests:
- ext/phar/tests/bug71498.zip
- ext/phar/tests/bug71354.tar
- ext/exif/tests/bug73737.tiff
- ext/phar/tests/bug73764.phar
- ext/phar/tests/bug73768.phar
- ext/phar/tests/bug71391.tar
Checksums-Sha1:
d58b24fdcda995a12ff025707c9878d78e61afdb 4426 php5_5.4.45-0+deb7u7.dsc
690d1ccaea4282f3d10fa9c2c6e3f04fcdaf58b5 241641 php5_5.4.45-0+deb7u7.debian.tar.gz
4628a4aa0cc163e64b9f8f396f52030d810fe13e 635938 php5-common_5.4.45-0+deb7u7_amd64.deb
583af19cadc3e8fa96ce08d1d44d98d4223696ff 2710756 libapache2-mod-php5_5.4.45-0+deb7u7_amd64.deb
1febffa83aaf6784890e9b36cd066d7b37e9bcf0 2709772 libapache2-mod-php5filter_5.4.45-0+deb7u7_amd64.deb
c288af2f95d749394f602083d3e40740f27a1398 5184728 php5-cgi_5.4.45-0+deb7u7_amd64.deb
c48c958f68b83dd502e8b6ee8c62516ca28aa29b 2601012 php5-cli_5.4.45-0+deb7u7_amd64.deb
3e31da1067c8541949fe1463b0d770a839ca71b6 2634392 php5-fpm_5.4.45-0+deb7u7_amd64.deb
d1bfbd3d5190eb7b172f70430f39330776476ff5 2708460 libphp5-embed_5.4.45-0+deb7u7_amd64.deb
925537a719f17c7f394f9d6fa41c60d0415db71d 500272 php5-dev_5.4.45-0+deb7u7_amd64.deb
89b1f3746768d7b79769154e7711bc965a25c7d9 16132152 php5-dbg_5.4.45-0+deb7u7_amd64.deb
83661ce3b22cc2dc03febd872e738242cdbcfd74 29490 php5-curl_5.4.45-0+deb7u7_amd64.deb
434d95953c8f37ea301b0dc10f04cabd4d0d5cfd 9898 php5-enchant_5.4.45-0+deb7u7_amd64.deb
0a9ade580d9318dcb6ed924b0ef0623b972c8a2f 35700 php5-gd_5.4.45-0+deb7u7_amd64.deb
68cab959024e6a5585c4be5758dc2d784dc181a8 17014 php5-gmp_5.4.45-0+deb7u7_amd64.deb
e04c5745e7876f2e77a96ba2f63252f8e92653fc 35592 php5-imap_5.4.45-0+deb7u7_amd64.deb
67a105c320114ed00d7a41a383b67b2652057f52 49582 php5-interbase_5.4.45-0+deb7u7_amd64.deb
9b3407c0327c80273b8ce4f0bbc077375e075068 72354 php5-intl_5.4.45-0+deb7u7_amd64.deb
3550b2988dfdcb3ba60af75a3c293cad8a6a0f38 23882 php5-ldap_5.4.45-0+deb7u7_amd64.deb
3309619e2180b6d2519559c20da5cfdc6a591345 16144 php5-mcrypt_5.4.45-0+deb7u7_amd64.deb
9786bf00e634ef7b9e315f72a757b1955dd011e1 80852 php5-mysql_5.4.45-0+deb7u7_amd64.deb
a99cdb6df1d218350c972b47d31d362a653289ce 164588 php5-mysqlnd_5.4.45-0+deb7u7_amd64.deb
a1a6e800f918a4c3ef49e31f4b5e82697690e6bd 36880 php5-odbc_5.4.45-0+deb7u7_amd64.deb
19ed7a6f30c232f6d7771a8fb4bdc4f6b1fa3f06 64328 php5-pgsql_5.4.45-0+deb7u7_amd64.deb
00541500b636a05d710a2da220a594ac0efbcc0e 8908 php5-pspell_5.4.45-0+deb7u7_amd64.deb
929ede4abbd07f9a80c0ad4fdcfe02d4c8380fd1 5202 php5-recode_5.4.45-0+deb7u7_amd64.deb
ec4e124b714b6460a955129e7847a83de614b27e 21962 php5-snmp_5.4.45-0+deb7u7_amd64.deb
afea32ad9c625d49f894383ab5f76cecd17e6bcb 30804 php5-sqlite_5.4.45-0+deb7u7_amd64.deb
4368119f0bdd2905dcc6fa6b480d810004332f08 28944 php5-sybase_5.4.45-0+deb7u7_amd64.deb
2c8598c609b3b63a57966b703f3860bcd8b81ea6 19652 php5-tidy_5.4.45-0+deb7u7_amd64.deb
d14b1ec0cd19d8c417142af6f3e21e238efcf473 36484 php5-xmlrpc_5.4.45-0+deb7u7_amd64.deb
8927f22bc93f09a766d2e2901d66eb855700e5e3 15488 php5-xsl_5.4.45-0+deb7u7_amd64.deb
ecdfd3fc4a465c3e25ebef057091d43755a7e270 1024 php5_5.4.45-0+deb7u7_all.deb
c5a53d60d955a1de3fd68086283256134b99c86e 373440 php-pear_5.4.45-0+deb7u7_all.deb
Checksums-Sha256:
94a9ea18f2c5c765ed6af069e05ebd562ce7ca040d5860ac7d11c2f76b369260 4426 php5_5.4.45-0+deb7u7.dsc
891ce381c1513a4079e55f5cb01606ee350f8c7fd6392f0fa311dd0abe1a58ad 241641 php5_5.4.45-0+deb7u7.debian.tar.gz
dc455ce59bb88ef183b9ddcf0ef647ee7384c5703096dfd59c4e2746631d1e1e 635938 php5-common_5.4.45-0+deb7u7_amd64.deb
b604a6404ea18f870320b6aebbd631e297f6b71189f5422ba091d5d4e143cf7b 2710756 libapache2-mod-php5_5.4.45-0+deb7u7_amd64.deb
2bb7746f8861c53cabd4eec09b888d05aa82bccbdce7d4a0e2567c09c3bd6779 2709772 libapache2-mod-php5filter_5.4.45-0+deb7u7_amd64.deb
1981b3363326c6b6e2873594512d694c81b7eeb7338117985f8214c431c4aa4b 5184728 php5-cgi_5.4.45-0+deb7u7_amd64.deb
1dd0cf2b4b1a22608e5ea16fbaf4b9e65f085c4a9bb997c9157c6002ea909140 2601012 php5-cli_5.4.45-0+deb7u7_amd64.deb
13df5159dcf9fe707aa15a54f8f954e732412e1809be9b953a74792d3e04a201 2634392 php5-fpm_5.4.45-0+deb7u7_amd64.deb
88d92b38621dd31edfa04211a8c2cbbb89ec417d765b537bc96db3cdf3131b02 2708460 libphp5-embed_5.4.45-0+deb7u7_amd64.deb
0ee84bf5d9a5b80ca34f461573f21be7742075695f19a0d1aa9b84da2c5cd554 500272 php5-dev_5.4.45-0+deb7u7_amd64.deb
eb532a0c70e7bd21fce50c976ef1b61e2e43eb135ca9573ab95fefa018e3eabc 16132152 php5-dbg_5.4.45-0+deb7u7_amd64.deb
eb27af38b5bc6c4c8457b06cb0f26b9ef5b062b5aef325121181c86688cdea7a 29490 php5-curl_5.4.45-0+deb7u7_amd64.deb
c23f328d169611c1a3126c8ae957a6ca610988630e626937f844a280646dda13 9898 php5-enchant_5.4.45-0+deb7u7_amd64.deb
63ffdf90ada207ad875dc5c369f7cc3af687d6a45a871ed7bf7fd7f2cf2fe818 35700 php5-gd_5.4.45-0+deb7u7_amd64.deb
3801bfd1f1a880159115fa557c88dc341778325f5b9e2dd13b3163de1dcc25b4 17014 php5-gmp_5.4.45-0+deb7u7_amd64.deb
581fe80528bbe8ea2bd5fcaa2f6811122d8badb0882556768e670c0013536198 35592 php5-imap_5.4.45-0+deb7u7_amd64.deb
8ac53dce88d4b7ef21a991ce39907943ea4ba6c53ab0e0bcf128dc2cf0c0301f 49582 php5-interbase_5.4.45-0+deb7u7_amd64.deb
e5143cfa7c77ee0d1d1267bf079ce4ea2e3efd60a5e1b0d8de34ef0ba60718d3 72354 php5-intl_5.4.45-0+deb7u7_amd64.deb
7403f4c9af7f0cc343ca1a9d04ed9cf1c42576f1d686cf257e375b88549ee255 23882 php5-ldap_5.4.45-0+deb7u7_amd64.deb
85bd6121e97144fb94f60709b45c04e2fae75fdfdcc805b109cfdbd2e917b4e1 16144 php5-mcrypt_5.4.45-0+deb7u7_amd64.deb
b8a0a77536449eb3bac1df1209d0d3ef6d1ea7f47a288b6d4fee1c50c39ea508 80852 php5-mysql_5.4.45-0+deb7u7_amd64.deb
a9b117df5678819cbc85812beca0f3b4c07aac10d3822d3cfe131d0bbc005d6a 164588 php5-mysqlnd_5.4.45-0+deb7u7_amd64.deb
5c4c9e863f69718777577d9aca124438b8b81997c8acc12ce7c0afb0ea233630 36880 php5-odbc_5.4.45-0+deb7u7_amd64.deb
797c4c9bf6a8c0c574de9f552f9a5b9bb1b886efc1a6e7b7d54e3c8456db508c 64328 php5-pgsql_5.4.45-0+deb7u7_amd64.deb
4e32df56238201d4ee1bccbaa987bef8f5790bcc0b44f0151bf5d18a5c85e087 8908 php5-pspell_5.4.45-0+deb7u7_amd64.deb
8b4b95c176402de5f7d5737fe3752f48bb9baf12896f186cdc6b196e12db8653 5202 php5-recode_5.4.45-0+deb7u7_amd64.deb
f786f4f5dbc8ef156cddd85518cc3c71e5a9650505f53d897af5e1f76fe1358b 21962 php5-snmp_5.4.45-0+deb7u7_amd64.deb
2f3a9b93470470d94ed420548dac613cbb70ee63728fec2eabb81ebb2f1649f6 30804 php5-sqlite_5.4.45-0+deb7u7_amd64.deb
12487b8e4357a0c86b08b23ac4a2ad5b403fa5bc38a72fc460c10bd13739a2a0 28944 php5-sybase_5.4.45-0+deb7u7_amd64.deb
6246ec63325428b6ee76ded7e94f8e38392718002908f63f2c21817762a30efa 19652 php5-tidy_5.4.45-0+deb7u7_amd64.deb
f4f24fe4897228c971c7d643ac74e1eeaeade78db7307327d87a0a680f4d514c 36484 php5-xmlrpc_5.4.45-0+deb7u7_amd64.deb
e3dfa9a45812f47cc7c2ee0197d1668ecb33ca3733e71be38d9f3b3ea64003e7 15488 php5-xsl_5.4.45-0+deb7u7_amd64.deb
7c80aaf6d7f8e7a3ac815d5378461f869f6285d2527ce39cab0de401159643ba 1024 php5_5.4.45-0+deb7u7_all.deb
0bd22b0f2060b0d0d5eb002dc2267d744d65a6cdd3205be6995f85e778e3b0f9 373440 php-pear_5.4.45-0+deb7u7_all.deb
Files:
4198e65d04344282aaac7446d634166e 4426 php optional php5_5.4.45-0+deb7u7.dsc
8eaaed01632bf89a1b9ef99c4c9993ac 241641 php optional php5_5.4.45-0+deb7u7.debian.tar.gz
f0082432f27a6a7f13cf4722292fcdf7 635938 php optional php5-common_5.4.45-0+deb7u7_amd64.deb
5e7fb3b2c076507a0d87e464236a2916 2710756 httpd optional libapache2-mod-php5_5.4.45-0+deb7u7_amd64.deb
c7c586ce75acab7cbc5bbb0b591e52f8 2709772 httpd extra libapache2-mod-php5filter_5.4.45-0+deb7u7_amd64.deb
bc2b34edc5914cc2f960fdd262e70eef 5184728 php optional php5-cgi_5.4.45-0+deb7u7_amd64.deb
f6e1a8d5f5200385ac4990cd3ce6dab9 2601012 php optional php5-cli_5.4.45-0+deb7u7_amd64.deb
8d156328e6a6b5443d15f56a1fa128a3 2634392 php optional php5-fpm_5.4.45-0+deb7u7_amd64.deb
31e9d8d54b39b7d0cf36c6df9dc95cac 2708460 php optional libphp5-embed_5.4.45-0+deb7u7_amd64.deb
9cf4131228ac462abbd6f57060256dbc 500272 php optional php5-dev_5.4.45-0+deb7u7_amd64.deb
0e1258405f2bfe026c47604ad41e363a 16132152 debug extra php5-dbg_5.4.45-0+deb7u7_amd64.deb
829e3189d62d9679f337f81cfdafffed 29490 php optional php5-curl_5.4.45-0+deb7u7_amd64.deb
8ff8c9ffdf4edff9535bc9c647e870ef 9898 php optional php5-enchant_5.4.45-0+deb7u7_amd64.deb
d0d156fecd9afcdc7dd9246a0a35590c 35700 php optional php5-gd_5.4.45-0+deb7u7_amd64.deb
3cc1b9250a0161415c65c770792801df 17014 php optional php5-gmp_5.4.45-0+deb7u7_amd64.deb
0213070fb302823705586687368b5716 35592 php optional php5-imap_5.4.45-0+deb7u7_amd64.deb
13b59596d1ee391331932d3f7b2fd792 49582 php optional php5-interbase_5.4.45-0+deb7u7_amd64.deb
bbfb5c632586cf044505eb08a1234906 72354 php optional php5-intl_5.4.45-0+deb7u7_amd64.deb
e27ac5f12f859bbb67d3c196222476bf 23882 php optional php5-ldap_5.4.45-0+deb7u7_amd64.deb
6991c94ba97cb1f4606e867d6661bcfc 16144 php optional php5-mcrypt_5.4.45-0+deb7u7_amd64.deb
a73e4041f7e9c2241a464cd8dd2b4c99 80852 php optional php5-mysql_5.4.45-0+deb7u7_amd64.deb
252cb005a2515b01d91354437963acfb 164588 php extra php5-mysqlnd_5.4.45-0+deb7u7_amd64.deb
1d1c29d321e809a86b76b836c23ec747 36880 php optional php5-odbc_5.4.45-0+deb7u7_amd64.deb
1c6977477508c868d8ba182c99ecc411 64328 php optional php5-pgsql_5.4.45-0+deb7u7_amd64.deb
d322f29e088cacd9885fa4ef21ea24a3 8908 php optional php5-pspell_5.4.45-0+deb7u7_amd64.deb
eacb058c2891ad266aa9f9799a49f90f 5202 php optional php5-recode_5.4.45-0+deb7u7_amd64.deb
5fdb98ab165cb7f1e718fee1913dc618 21962 php optional php5-snmp_5.4.45-0+deb7u7_amd64.deb
beaf442315f06253343ac060ccbec4b9 30804 php optional php5-sqlite_5.4.45-0+deb7u7_amd64.deb
9d9ad2058e71a2529e4b5dc8af3ea9ea 28944 php optional php5-sybase_5.4.45-0+deb7u7_amd64.deb
360e76854b699db0dfb1de06f3a50c81 19652 php optional php5-tidy_5.4.45-0+deb7u7_amd64.deb
6f2f0f2305d2686e7c4cf9acc251d136 36484 php optional php5-xmlrpc_5.4.45-0+deb7u7_amd64.deb
bc135e3c552dff88a89f1f40097e181b 15488 php optional php5-xsl_5.4.45-0+deb7u7_amd64.deb
46bf61824770fa09535fc4e8c1cdec67 1024 php optional php5_5.4.45-0+deb7u7_all.deb
4bb7bac1159248a5a33f37e8032f02bb 373440 php optional php-pear_5.4.45-0+deb7u7_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJYmeimAAoJECzXeF7dp7IPajgP/0bHt44lBD/5XhsjcGVm7r4Z
tmN5O8SoOomrUTlWdU1VmjGZHB+4EcE0TJCxXOHblURsdZpALsxpA6SReFzbWTwp
2K1ogYvm5iWFuBKbwSnQNMKu6G633U684Fv704OjT5MSM4vpL/nXjJ6JAaRtSoh8
IQLln+OQMkh14cpn8Mx54Lu0UUr+0X00b/57Q0tr21ZhPivqJfaKqgq5sFxYDJEN
kP3RppUBFLKVYmxephrlp1URMB8r9/QFm0v51hVGX0QXk9mJX8eNWlAy1LEV2I0J
Q8C3MED/Rlu0HQW58gxLHDAq588xCQqX4+BocXDymMmkQjJkzbzbfrdYkNy7UP+A
o9ysF4PhKtpPR9SI4hmNcL9VIL6ynlbPvyeUPBDUuE0yIRv+yMFl1F6aEDUr17pk
Cm3QP9ZLlwDjWbGU+KGw0S0mgNF6RBONUiOIsACWcQhCTVb8X/0BV29PmIWnPCFt
NHy/MfCOriResii6ysPlzek9xTxIDRpsOfyysxw/y2WDxVZITjEnczcZ7y0KEOXL
PMcSNjmNL/CTv3zGa3CEFr4Dyg/4kTjC6b/8v8ZZjsO7GMQn6Gc8sYADe4mArG+2
x34fo0nfrVG2Vie/GmvpUN2bnttu0SPq1UrYMZ7M50b2KumLgde/HwI/1grQ4Bjq
DzBpcedgzJNEtG7+1O1L
=FjR/
-----END PGP SIGNATURE-----