-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: php5 Binary: php5, php5-common, libapache2-mod-php5, libapache2-mod-php5filter, php5-cgi, php5-cli, php5-phpdbg, php5-fpm, libphp5-embed, php5-dev, php5-dbg, php-pear, php5-curl, php5-enchant, php5-gd, php5-gmp, php5-imap, php5-interbase, php5-intl, php5-ldap, php5-mcrypt, php5-readline, php5-mysql, php5-mysqlnd, php5-odbc, php5-pgsql, php5-pspell, php5-recode, php5-snmp, php5-sqlite, php5-sybase, php5-tidy, php5-xmlrpc, php5-xsl Architecture: any all Version: 5.6.12+dfsg-0+deb8u1 Maintainer: Debian PHP Maintainers <[email protected]> Uploaders: Ondřej Surý <[email protected]>, Thijs Kinkhorst <[email protected]>, Lior Kaplan <[email protected]> Homepage: http://www.php.net/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-php/php.git Vcs-Git: git://anonscm.debian.org/pkg-php/php.git Testsuite: autopkgtest Build-Depends: apache2-dev (>= 2.4), dh-apache2, dh-systemd (>= 1.3), libsystemd-daemon-dev [linux-any], autoconf (>= 2.63), automake (>= 1.11) | automake1.11, bison, chrpath, debhelper (>= 9), dpkg-dev (>= 1.16.1~), firebird-dev [!hurd-any !m68k !hppa !ppc64] | firebird2.5-dev [!hurd-any !m68k !hppa !ppc64] | firebird2.1-dev [!hurd-any !m68k !hppa !ppc64], flex, freetds-dev, libapr1-dev (>= 1.2.7-8), libbz2-dev, libc-client-dev, libcurl4-openssl-dev | libcurl-dev, libdb-dev, libedit-dev (>= 2.11-20080614-4), libenchant-dev, libevent-dev (>= 1.4.11), libexpat1-dev (>= 1.95.2-2.1), libfreetype6-dev, libgcrypt11-dev, libgd-dev (>= 2.1.0) | libgd2-dev, libglib2.0-dev, libgmp3-dev, libicu-dev, libjpeg-dev | libjpeg62-dev, libkrb5-dev, libldap2-dev, libmagic-dev, libmcrypt-dev, libmhash-dev (>= 0.8.8), libmysqlclient-dev | libmysqlclient15-dev, libonig-dev, libpam0g-dev, libpcre3-dev (>= 6.6), libpng-dev | libpng12-dev, libpq-dev, libpspell-dev, libqdbm-dev, librecode-dev, libsasl2-dev, libsnmp-dev, libsqlite3-dev, libssl-dev, libtidy-dev, libtool (>= 2.2), libwrap0-dev, libxmltok1-dev, libxml2-dev, libvpx-dev, libxslt1-dev (>= 1.0.18), systemtap-sdt-dev [amd64 i386 powerpc armel armhf ia64], locales-all | language-pack-de, mysql-server | virtual-mysql-server, netbase, netcat-traditional, re2c, unixodbc-dev, zlib1g-dev, tzdata, libapparmor-dev Build-Conflicts: bind-dev Package-List: libapache2-mod-php5 deb httpd optional arch=any libapache2-mod-php5filter deb httpd extra arch=any libphp5-embed deb php optional arch=any php-pear deb php optional arch=all php5 deb php optional arch=all php5-cgi deb php optional arch=any php5-cli deb php optional arch=any php5-common deb php optional arch=any php5-curl deb php optional arch=any php5-dbg deb debug extra arch=any php5-dev deb php optional arch=any php5-enchant deb php optional arch=any php5-fpm deb php optional arch=any php5-gd deb php optional arch=any php5-gmp deb php optional arch=any php5-imap deb php optional arch=any php5-interbase deb php optional arch=linux-any,kfreebsd-any php5-intl deb php optional arch=any php5-ldap deb php optional arch=any php5-mcrypt deb php optional arch=any php5-mysql deb php optional arch=any php5-mysqlnd deb php extra arch=any php5-odbc deb php optional arch=any php5-pgsql deb php optional arch=any php5-phpdbg deb php optional arch=any php5-pspell deb php optional arch=any php5-readline deb php optional arch=any php5-recode deb php optional arch=any php5-snmp deb php optional arch=any php5-sqlite deb php optional arch=any php5-sybase deb php optional arch=any php5-tidy deb php optional arch=any php5-xmlrpc deb php optional arch=any php5-xsl deb php optional arch=any Checksums-Sha1: c0c0d495bf92cc69ff838be27888730f5f739b8c 11553256 php5_5.6.12+dfsg.orig.tar.xz 65dd0146e0b4cc9f14e02d93aa3918a89d138c2d 123368 php5_5.6.12+dfsg-0+deb8u1.debian.tar.xz Checksums-Sha256: eb852ac21d172abe7d81f20c11190a50f850c126a17b690ce0dd40b5b64c077e 11553256 php5_5.6.12+dfsg.orig.tar.xz 6f92b49210f78c42958446170d5811be63843b66def936aae4c89dd74e37a96c 123368 php5_5.6.12+dfsg-0+deb8u1.debian.tar.xz Files: 1a36256118ccaad3f8c53c239b265be8 11553256 php5_5.6.12+dfsg.orig.tar.xz 5063b4138c8a42abc93d77590392c00b 123368 php5_5.6.12+dfsg-0+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJV3X5uXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHKlUP/1hNvsIp7vRmyS+qRnovDf6O wf4Kf/eKXqpoJVf92SjTCOLVYwLUAWGWjFtp8WU6MNw2/MXcyNuho9WqDaSsfyr0 no/tfEG3dFd167uOZ6JMzCi81G+6J3DqPYBpVxp3j6SD0qkgjFi3KDpANYZZbtvX yqxZzg9q4SHXW9SLQ7e80vuIX7dvszd50nVWJrvBenG6Cruhzix3SvgZFSoo6kO7 i6J0ru10j7r+ufq+olJT0XfIu6eZY63IEBNiZ/0tkZ1OQrMpDlF3IUKRat3vS820 z9E1TH/j5G3GJJm0g/a+kA+Bq6u4Mb8c4enMdJRW7bIntUsLgwT3DiWEI8U/jkU7 CGUOmO/7397N9Ruau0srFNiRq+/apGsTcQcQ1aKCL8cyGLwsaa7RPWcb70B5Pueh nEU+/RMUAkFKiwmrlg0cY+M7UIWUurrxqN37hKe5Gm/ExBQ5bxH0pNjnc2Y4L1RH uE5TWwePNJwU+HV3dAFeSDKSmjqJ4IHjKWwgJ1hV9cBsXBOfAUoJkpU5P6pDH0kQ yg+3SOPBMy7bISvz/sJ7aP+mOkrlY4FdhcpEIY5mZ0bDW3heXkNlfHDleJvNOV32 E44CFyD0zzocIo+cz5uUamGt1v+gDSyb4xSrtsTFu8xyTAIATS6JhstBZIaRkFvB WwbncQVn2uW3+DPMVDIr =ChwW -----END PGP SIGNATURE----- Changes: php5 (5.6.12+dfsg-0+deb8u1) jessie-security; urgency=medium * New upstream version 5.6.12+dfsg - Core: . Fixed bug #70012 (Exception lost with nested finally block). . Fixed bug #70002 (TS issues with temporary dir handling). . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls). . Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). . Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref). - CLI server: . Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). . Fixed bug #64878 (304 responses return Content-Type header). - GD: . Fixed bug #53156 (imagerectangle problem with point ordering). . Fixed bug #66387 (Stack overflow with imagefilltoborder). . Fixed bug #70102 (imagecreatefromwebm() shifts colors). . Fixed bug #66590 (imagewebp() doesn't pad to even length). . Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). . Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). . Fixed bug #69024 (imagescale segfault with palette based image). . Fixed bug #53154 (Zero-height rectangle has whiskers). . Fixed bug #67447 (imagecrop() add a black line when cropping). . Fixed bug #68714 (copy 'n paste error). . Fixed bug #66339 (PHP segfaults in imagexbm). . Fixed bug #70047 (gd_info() doesn't report WebP support). - ODBC: . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns). - OpenSSL: . Fixed bug #69882 (OpenSSL error “key values mismatch” after openssl_pkcs12_read with extra cert) . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). - Phar: . Improved fix for bug #69441. . Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). - SOAP: . Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions). - SPL: . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). - Standard: . Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). * New upstream version 5.6.11 - Core: . Fixed bug #69768 (escapeshell*() doesn't cater to !). . Fixed bug #69703 (Use __builtin_clzl on PowerPC). . Fixed bug #69732 (can induce segmentation fault with basic php code). . Fixed bug #69642 (Windows 10 reported as Windows 8). . Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault). . Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"). . Fixed bug #69740 (finally in generator (yield) swallows exception in iteration). . Fixed bug #69835 (phpinfo() does not report many Windows SKUs). . Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). . Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. - GD: . Fixed bug #61221 (imagegammacorrect function loses alpha channel). - GMP: . Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP number). - Mysqlnd: . Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152). - PCRE: . Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string). . Fixed bug #69864 (Segfault in preg_replace_callback) - PDO_pgsql: . Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u). . Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote). . Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps). - SimpleXML: . Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name). - SPL: . Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error). . Fixed bug #67805 (SplFileObject setMaxLineLength). . Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()). - Sqlite3: . Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()). * Rebase d/patches on top of 5.6.12+dfsg release -- Ondřej Surý <[email protected]> Sun, 16 Aug 2015 14:02:47 +0200