1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 3117-1] php5 security update

    From Salvatore Bonaccorso@1:229/2 to All on Wed Dec 31 15:50:01 2014
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-3117-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso December 31, 2014 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php5
    CVE ID : CVE-2014-8142

    Several vulnerabilities were found in PHP, a general-purpose scripting
    language commonly used for web application development.

    As announced in DSA 3064-1 it has been decided to follow the stable
    5.4.x releases for the Wheezy php5 packages. Consequently the
    vulnerabilities are addressed by upgrading PHP to a new upstream version 5.4.36, which includes additional bug fixes, new features and possibly incompatible changes. Please refer to the upstream changelog for more information:

    http://php.net/ChangeLog-5.php#5.4.36

    Two additional patches were applied on top of the imported new upstream version. An out-of-bounds read flaw was fixed which could lead php5-cgi
    to crash. Moreover a bug with php5-pgsql in combination with PostgreSQL
    9.1 was fixed (Debian Bug #773182).

    For the stable distribution (wheezy), these problems have been fixed in
    version 5.4.36-0+deb7u1.

    We recommend that you upgrade your php5 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1

    iQIcBAEBCgAGBQJUpAw8AAoJEAVMuPMTQ89EyLcQAI/Hwcf8nmK0dxuGNpN33Vhx knelAzGeQW/kzmNPCTQAu4R7ncSB/S/oXaSvRayK6dIdf53oJop6819IEUhqh4AB MNEu3oqMdTiE7w6uAZnRahKEEN/GZ4rm4Vppt8ByvtxR36y9u0AOBQgVZB0zQV/1 p8ewLenSx4SoRVVP630Jc1CUj8AwcgvYUOoLXNmuu5U3PvEPXAVT83i3BHD02Vh9 IyBD9JvRmvX13CaAFC19UuGzzVw7BRrTMQh3E6zoze+dKxadW8N/opr0tBZagqNy 0Lhv7GeldcQBze3O1ZiQvKvXGiDgzJtl4bYy6LMe2nShCXuSkWLOF1UiVbPqHh2N NRhptHPPFb3nETRdQhIW7ZyLLFMR1ZKhwc4YUNuy/f8SFRddynE1QtVENxDtRmzy 6piuVYNl9fvgolGH3I33hK6O7lRhuXxggIgTEJCSkj3GVc+D6UuUx3njTK5Qac7Y MT3TTMGuKJYpylCveT372mBkRdvMUVT7yDC3I0PMcWCkZDOUxb8XM6WqkHHa1hWV rLD76rLBQNxVXaDRmX5/R5d4uzTy17Uio1PYaIr534+LF4HHWiINZVulEbJzN+JY XUWb9kxZKIcI/Af2xzDhDfXAaAiRZjfSrQ+xczu5aj/1w+9xAIx1eChx2yM0J3GA GrmtFP6vEovwwGUziHlF
    =bK9J
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)