-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: php5 Binary: php5, php5-common, libapache2-mod-php5, libapache2-mod-php5filter, php5-cgi, php5-cli, php5-phpdbg, php5-fpm, libphp5-embed, php5-dev, php5-dbg, php-pear, php5-curl, php5-enchant, php5-gd, php5-gmp, php5-imap, php5-interbase, php5-intl, php5-ldap, php5-mcrypt, php5-readline, php5-mysql, php5-mysqlnd, php5-odbc, php5-pgsql, php5-pspell, php5-recode, php5-snmp, php5-sqlite, php5-sybase, php5-tidy, php5-xmlrpc, php5-xsl Architecture: any all Version: 5.6.9+dfsg-0+deb8u1 Maintainer: Debian PHP Maintainers <[email protected]> Uploaders: Ondřej Surý <[email protected]>, Thijs Kinkhorst <[email protected]>, Lior Kaplan <[email protected]> Homepage: http://www.php.net/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-php/php.git Vcs-Git: git://anonscm.debian.org/pkg-php/php.git Testsuite: autopkgtest Build-Depends: apache2-dev (>= 2.4), dh-apache2, dh-systemd (>= 1.3), libsystemd-daemon-dev [linux-any], autoconf (>= 2.63), automake (>= 1.11) | automake1.11, bison, chrpath, debhelper (>= 9), dpkg-dev (>= 1.16.1~), firebird-dev [!hurd-any !m68k !hppa !ppc64] | firebird2.5-dev [!hurd-any !m68k !hppa !ppc64] | firebird2.1-dev [!hurd-any !m68k !hppa !ppc64], flex, freetds-dev, libapr1-dev (>= 1.2.7-8), libbz2-dev, libc-client-dev, libcurl4-openssl-dev | libcurl-dev, libdb-dev, libedit-dev (>= 2.11-20080614-4), libenchant-dev, libevent-dev (>= 1.4.11), libexpat1-dev (>= 1.95.2-2.1), libfreetype6-dev, libgcrypt11-dev, libgd-dev (>= 2.1.0) | libgd2-dev, libglib2.0-dev, libgmp3-dev, libicu-dev, libjpeg-dev | libjpeg62-dev, libkrb5-dev, libldap2-dev, libmagic-dev, libmcrypt-dev, libmhash-dev (>= 0.8.8), libmysqlclient-dev | libmysqlclient15-dev, libonig-dev, libpam0g-dev, libpcre3-dev (>= 6.6), libpng-dev | libpng12-dev, libpq-dev, libpspell-dev, libqdbm-dev, librecode-dev, libsasl2-dev, libsnmp-dev, libsqlite3-dev, libssl-dev, libtidy-dev, libtool (>= 2.2), libwrap0-dev, libxmltok1-dev, libxml2-dev, libvpx-dev, libxslt1-dev (>= 1.0.18), systemtap-sdt-dev [amd64 i386 powerpc armel armhf ia64], locales-all | language-pack-de, mysql-server | virtual-mysql-server, netbase, netcat-traditional, re2c, unixodbc-dev, zlib1g-dev, tzdata, libapparmor-dev Build-Conflicts: bind-dev Package-List: libapache2-mod-php5 deb httpd optional arch=any libapache2-mod-php5filter deb httpd extra arch=any libphp5-embed deb php optional arch=any php-pear deb php optional arch=all php5 deb php optional arch=all php5-cgi deb php optional arch=any php5-cli deb php optional arch=any php5-common deb php optional arch=any php5-curl deb php optional arch=any php5-dbg deb debug extra arch=any php5-dev deb php optional arch=any php5-enchant deb php optional arch=any php5-fpm deb php optional arch=any php5-gd deb php optional arch=any php5-gmp deb php optional arch=any php5-imap deb php optional arch=any php5-interbase deb php optional arch=linux-any,kfreebsd-any php5-intl deb php optional arch=any php5-ldap deb php optional arch=any php5-mcrypt deb php optional arch=any php5-mysql deb php optional arch=any php5-mysqlnd deb php extra arch=any php5-odbc deb php optional arch=any php5-pgsql deb php optional arch=any php5-phpdbg deb php optional arch=any php5-pspell deb php optional arch=any php5-readline deb php optional arch=any php5-recode deb php optional arch=any php5-snmp deb php optional arch=any php5-sqlite deb php optional arch=any php5-sybase deb php optional arch=any php5-tidy deb php optional arch=any php5-xmlrpc deb php optional arch=any php5-xsl deb php optional arch=any Checksums-Sha1: 1567c69b53e3297e7e66a15f4aea4bbc1983754f 11479356 php5_5.6.9+dfsg.orig.tar.xz 9d55418e250e2fe9d89ad2cc3457383d6ef8d74d 121640 php5_5.6.9+dfsg-0+deb8u1.debian.tar.xz Checksums-Sha256: f08927dd1bd9d3cf8036dd8564346d38c2fe9e6958b30f3779317f4257e05a0c 11479356 php5_5.6.9+dfsg.orig.tar.xz a9f4960a611aa2dd21f469e1b58aaa27717424c2c5e84f06fb42888f2552b9aa 121640 php5_5.6.9+dfsg-0+deb8u1.debian.tar.xz Files: 85d0750d97175e496749cdfeb01b9b66 11479356 php5_5.6.9+dfsg.orig.tar.xz a2333f44a083eb11971193cb51c3c98a 121640 php5_5.6.9+dfsg-0+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJVcYYRXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHsWAP/RQGRFYnkq4MOUQCgwctFcBr W29jZi8xywBxbZVJIAlu/HUiXyUgQADUeMIGlE0676IbcP74+rAQ1JLyDcLoCwW0 qLX6ya2jere1R2KoGubbewFZTFFy0GeTA7UAEWyh834viYXY0xIqpfoSWtgCBv60 SAzJyDu25mrMMwAbRc2O9ptE5UlHUFQDfVra7ktHTBlyQK6C0FVIcWE3VsFGFEBL 8mi0p3+cECrZQLY7UnuG9WlAJG7ukpxbqX3m4IuE9OuRgfkrku/7xcXC9hqbXM4r PqUtozk76rw17yIhkcZXZYRxg+qsFnwltmFGDIyqdHhLfLHuT3p7gb8K3bEcpUVJ fU4EMFCE8qAuCXgZ2co9CNoevFDTAuQ9j0qCW02P8673eqUJfFb7SCLtyb1Hklm4 eNS/HDSfsQOtvsdMebX/LNkDX97jbQswNzHMjPUaPd2/OR6FH5ZkwF/TXuDgFhYz orGmn1/AL5xPYFYltJwxH6trEqGcCG1b3ldJksqafmxf2jjSpj/qtYhbQ7LyejnQ YalCI22k7PO6no+pSQT6qUxYIQhrQIKIHgrP6FM/sR/RX9aChKwZ7aOpx/4sdDev cuEabjSagsVltuQYRPcXNBV59wBm0MiV7a4MllWMZ+HRPwIzMkdCgJdoL2Jf245G i6CMVVEQLn0K+6VKSZQ1 =VFYh -----END PGP SIGNATURE----- Changes: php5 (5.6.9+dfsg-0+deb8u1) jessie-security; urgency=medium * Update gbp.conf for jessie branch * New upstream version 5.6.9+dfsg - Core: . Fixed bug #69467 (Wrong checked for the interface by using Trait). . Fixed bug #69420 (Invalid read in zend_std_get_method). . Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). . Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). . Fixed bug #68652 (segmentation fault in destructor). . Fixed bug #69419 (Returning compatible sub generator produces a warning). . Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). . Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). . Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). . Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). . Fixed bug #69522 (heap buffer overflow in unpack()). - FTP: . Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). - ODBC: . Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). . Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). . Fixed bug #69381 (out of memory with sage odbc driver). - OpenSSL: . Fixed bug #69402 (Reading empty SSL stream hangs until timeout). - PCNTL: . Fixed bug #68598 (pcntl_exec() should not allow null char). - PCRE . Upgraded pcrelib to 8.37. - Phar: . Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). * Rebased patches on top of 5.6.9+dfsg version * New upstream version 5.6.8+dfsg - Core: . Fixed bug #66609 (php crashes with __get() and ++ operator in some cases). (Dmitry, Laruence) . Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters). (Tjerk) . Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai) . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski) . Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString). (Stas) . Fixed bug #69210 (serialize function return corrupted data when sleep has non-string values). (Juan Basso) . Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing). (Nikita) . Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator). (Nikita) . Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability). (Stas) . Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions). (Stas) - Apache2handler: . Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler). (Gerrit Venema) - cURL: . Implemented FR#69278 (HTTP2 support). (Masaki Kagaya) . Fixed bug #68739 (Missing break / control flow). (Laruence) . Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER). (Laruence) - Date: . Fixed bug #69336 (Issues with "last day of <monthname>"). (Derick Rethans) - Enchant: . Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds). (Anatol) - Ereg: . Fixed bug #68740 (NULL Pointer Dereference). (Laruence) - Fileinfo: . Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault). (Anatol Belski) - Filter: . Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used). (Jeff Welch) . Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff Welch) - OPCache: . Fixed bug #69297 (function_exists strange behavior with OPCache on disabled function). (Laruence) . Fixed bug #69281 (opcache_is_script_cached no longer works). (danack) . Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence) - OpenSSL . Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling in stream_select() contexts) (Chris Wright) . Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly) (Daniel Lowrey) . Fixed bug #69215 (Crypto servers should send client CA list) (Daniel Lowrey) . Add a check for RAND_egd to allow compiling against LibreSSL (Leigh) - Phar: . Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar). (Mike) . Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike) . Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike) . Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar"). (Mike) . Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (Stas) . Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode). (Stas) - Postgres: . Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence) - SPL: . Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc). (adam dot scarr at 99designs dot com) - SOAP: . Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)). (Laruence) - Sqlite3: . Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception). (Dan Ackroyd) . Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol) . Fixed bug #66550 (SQLite prepared statement use-after-free). (Sean Heelan) * Update d/gbp.conf to new config style * Update patches for 5.6.8 release * Switch to gbp pq patch management -- Ondřej Surý <[email protected]> Sat, 02 May 2015 10:01:38 +0200
