-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: php5 Binary: php5, php5-common, libapache2-mod-php5, libapache2-mod-php5filter, php5-cgi, php5-cli, php5-phpdbg, php5-fpm, libphp5-embed, php5-dev, php5-dbg, php-pear, php5-curl, php5-enchant, php5-gd, php5-gmp, php5-imap, php5-interbase, php5-intl, php5-ldap, php5-mcrypt, php5-readline, php5-mysql, php5-mysqlnd, php5-odbc, php5-pgsql, php5-pspell, php5-recode, php5-snmp, php5-sqlite, php5-sybase, php5-tidy, php5-xmlrpc, php5-xsl Architecture: any all Version: 5.6.13+dfsg-0+deb8u1 Maintainer: Debian PHP Maintainers <[email protected]> Uploaders: Ondřej Surý <[email protected]>, Thijs Kinkhorst <[email protected]>, Lior Kaplan <[email protected]> Homepage: http://www.php.net/ Standards-Version: 3.9.6 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-php/php.git Vcs-Git: git://anonscm.debian.org/pkg-php/php.git Testsuite: autopkgtest Build-Depends: apache2-dev (>= 2.4), dh-apache2, dh-systemd (>= 1.3), libsystemd-daemon-dev [linux-any], autoconf (>= 2.63), automake (>= 1.11) | automake1.11, bison, chrpath, debhelper (>= 9), dpkg-dev (>= 1.16.1~), firebird-dev [!hurd-any !m68k !hppa !ppc64] | firebird2.5-dev [!hurd-any !m68k !hppa !ppc64] | firebird2.1-dev [!hurd-any !m68k !hppa !ppc64], flex, freetds-dev, libapr1-dev (>= 1.2.7-8), libbz2-dev, libc-client-dev, libcurl4-openssl-dev | libcurl-dev, libdb-dev, libedit-dev (>= 2.11-20080614-4), libenchant-dev, libevent-dev (>= 1.4.11), libexpat1-dev (>= 1.95.2-2.1), libfreetype6-dev, libgcrypt11-dev, libgd-dev (>= 2.1.0) | libgd2-dev, libglib2.0-dev, libgmp3-dev, libicu-dev, libjpeg-dev | libjpeg62-dev, libkrb5-dev, libldap2-dev, libmagic-dev, libmcrypt-dev, libmhash-dev (>= 0.8.8), libmysqlclient-dev | libmysqlclient15-dev, libonig-dev, libpam0g-dev, libpcre3-dev (>= 6.6), libpng-dev | libpng12-dev, libpq-dev, libpspell-dev, libqdbm-dev, librecode-dev, libsasl2-dev, libsnmp-dev, libsqlite3-dev, libssl-dev, libtidy-dev, libtool (>= 2.2), libwrap0-dev, libxmltok1-dev, libxml2-dev, libvpx-dev, libxslt1-dev (>= 1.0.18), systemtap-sdt-dev [amd64 i386 powerpc armel armhf ia64], locales-all | language-pack-de, mysql-server | virtual-mysql-server, netbase, netcat-traditional, re2c, unixodbc-dev, zlib1g-dev, tzdata, libapparmor-dev Build-Conflicts: bind-dev Package-List: libapache2-mod-php5 deb httpd optional arch=any libapache2-mod-php5filter deb httpd extra arch=any libphp5-embed deb php optional arch=any php-pear deb php optional arch=all php5 deb php optional arch=all php5-cgi deb php optional arch=any php5-cli deb php optional arch=any php5-common deb php optional arch=any php5-curl deb php optional arch=any php5-dbg deb debug extra arch=any php5-dev deb php optional arch=any php5-enchant deb php optional arch=any php5-fpm deb php optional arch=any php5-gd deb php optional arch=any php5-gmp deb php optional arch=any php5-imap deb php optional arch=any php5-interbase deb php optional arch=linux-any,kfreebsd-any php5-intl deb php optional arch=any php5-ldap deb php optional arch=any php5-mcrypt deb php optional arch=any php5-mysql deb php optional arch=any php5-mysqlnd deb php extra arch=any php5-odbc deb php optional arch=any php5-pgsql deb php optional arch=any php5-phpdbg deb php optional arch=any php5-pspell deb php optional arch=any php5-readline deb php optional arch=any php5-recode deb php optional arch=any php5-snmp deb php optional arch=any php5-sqlite deb php optional arch=any php5-sybase deb php optional arch=any php5-tidy deb php optional arch=any php5-xmlrpc deb php optional arch=any php5-xsl deb php optional arch=any Checksums-Sha1: 439857e050857b5cc3670d6eeccfd6b04861f693 11547512 php5_5.6.13+dfsg.orig.tar.xz af104545a9c9b8195da7f67d0ec7ac8a283c50fb 123964 php5_5.6.13+dfsg-0+deb8u1.debian.tar.xz Checksums-Sha256: 47e41286ab3502a1a7e2ad325a0fe1603f5907c1e174658de8408b9780133a47 11547512 php5_5.6.13+dfsg.orig.tar.xz c274734724cf07f92f9e92b1d7852d872e39f41db701692035a186291a95d7d5 123964 php5_5.6.13+dfsg-0+deb8u1.debian.tar.xz Files: c043b514bf00a8bd1123955f3d7f66af 11547512 php5_5.6.13+dfsg.orig.tar.xz c5ebc60b4e8c984d2f7bf09eb14c3238 123964 php5_5.6.13+dfsg-0+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQJ8BAEBCgBmBQJV7sm3XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHBm0P/1viPZ5bvDkDFgdXdnmxAgrM W5SEx3wzF7M5qJ17c6aqp7YU1wjIbrzhXzmY7tVjlYES9N1d1lizQjx5kX5ruI79 epUzVOi4UYvGqiqOdDhCLIwusb9N+qqZw+15FqBowCYjkXNdXkCschP9VJP1up/w D7GydNYLdBT7Sr84/C4D+6B4/27ZXT6gUNq+Z2Ltnr9xm2M3ARr/cMSU/fHGmDHi WCZNMBixqLOz1v2V2obzlY4i2WxS9VJAiQ81IAn2noGKjTbFeQ828MJ8juTeNG6k 47Id8+kZiyyXw7+BoAgkxIEM5rs41ueWqarBozP1BZXtllxQQqL74s1iLegV10Ki TE8nB3AL8BCQ3TksLCZcrhNEdQxTmuUaf2c/IaMJYooZMh0KNOLM7P3DimYTVE1M zKIo9y+90Ze+IzMiWU61SH48np9ECSqExjli5SO4EAnNJJeJUecOf4a+unlEQAEJ s/+gA3Pkm8SMvdASK4OFLa7pLN4mXiW1BeFIe01iHjylaDLiZgWeNtbhJ1dSjSpZ Kie+V2ahMC3zbhzvHdEnubKXTK7PA9uexRYIyG+UYT8Yjf7kW2ljvAYqB2Cj1K8j XGvUHdPUkbw4V4ZiNsKPH2CjUxGvxurheUMXw0PNR/1hghFy7slAUdo99XOhqvET xZQxhpqCqZRO7KqE/sbT =J5F0 -----END PGP SIGNATURE----- Changes: php5 (5.6.13+dfsg-0+deb8u1) jessie-security; urgency=medium * Imported Upstream version 5.6.13+dfsg - Core: . Fixed bug #69900 (Too long timeout on pipes). . Fixed bug #69487 (SAPI may truncate POST data). . Fixed bug #70198 (Checking liveness does not work as expected). . Fixed bug #70172 (Use After Free Vulnerability in unserialize()). . Fixed bug #70219 (Use after free vulnerability in session deserializer). - CLI server: . Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). . Fixed bug #70264 (CLI server directory traversal). - Date: . Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). . Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). - EXIF: . Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). - hash: . Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). - MCrypt: . Fixed bug #69833 (mcrypt fd caching not working). - Opcache: . Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled). - PCRE: . Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). . Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). - SOAP: . Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). - SPL: . Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start). . Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). . Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). . Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). - Standard: . Fixed bug #70052 (getimagesize() fails for very large and very small WBMP). . Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED). - XSLT: . Fixed bug #69782 (NULL pointer dereference). - ZIP: . Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). * Refresh patches on top of 5.6.13+dfsg release -- Ondřej Surý <[email protected]> Mon, 07 Sep 2015 13:52:45 +0200
