Your message dated Sun, 22 Mar 2015 21:19:47 +0000 with message-id <e1yznhf-0002rz...@franck.debian.org> and subject line Bug#780713: fixed in php5 5.4.39-0+deb7u1 has caused the Debian Bug report #780713, regarding php5: CVE-2015-2331 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 780713: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780713 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: php5 Severity: grave Tags: security This has been assigned CVE-2015-2331: https://bugs.php.net/bug.php?id=69253 https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: php5 Source-Version: 5.4.39-0+deb7u1 We believe that the bug you reported is fixed in the latest version of php5, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 780...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý <ond...@debian.org> (supplier of updated php5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 20 Mar 2015 12:41:48 +0100 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm libphp5-embed php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source all amd64 Version: 5.4.39-0+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian PHP Maintainers <pkg-php-ma...@lists.alioth.debian.org> Changed-By: Ondřej Surý <ond...@debian.org> Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo libphp5-embed - HTML-embedded scripting language (Embedded SAPI library) php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary) php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-imap - IMAP module for php5 php5-interbase - interbase/firebird module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mcrypt - MCrypt module for php5 php5-mysql - MySQL module for php5 php5-mysqlnd - MySQL module for php5 (Native Driver) php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Closes: 780713 780764 780771 Changes: php5 (5.4.39-0+deb7u1) wheezy-security; urgency=high . * New upstream version 5.4.39 - Core: . Fixed bug #68976 (Use After Free Vulnerability in unserialize()) (CVE-2015-0231). . Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). . Fixed bug #69207 (move_uploaded_file allows nulls in path). - Ereg: . Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305). - SOAP: . Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). - ZIP: . Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). (Closes: #780713) * Refresh patches for 5.4.39 and remove already merged VU695940 * Start using git pq to manage patches in d/patches/ * Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ since it's not a quilt patch * Add newly assigned CVE identifiers to older d/changelog entries * New patches: - 0060-PHP-SegFault-zend_hash_find-PHP-68486.patch - 0061-Fix-use-after-free-in-phar_object.c-PHP-68901-CVE-20.patch (CVE-2015-2301) * Remove invalid curl patch that got pulled as part of CVE-2015-1352 (Closes: #780771, #780764) * Split upstream fixes for PHP#68740 and PHP#68741 into separate patches Checksums-Sha1: 165d52b5fb4c7b5ed23562961e2a144b9a40b2a3 4530 php5_5.4.39-0+deb7u1.dsc b5ca510c45ed39a06c04a95f6745d32e0270c7f8 15310419 php5_5.4.39.orig.tar.gz 787bbd214452dc1f6a10ca928855ec2a9cff9519 148792 php5_5.4.39-0+deb7u1.diff.gz 60131bdfa944fb44775f8f4fbc7a861271ac1d0e 1024 php5_5.4.39-0+deb7u1_all.deb 4004f8644d4f6350bd1813ce629ef605510ef5bd 371808 php-pear_5.4.39-0+deb7u1_all.deb e2642c0458d4ac1c633f39ac73b1fc1e64050ee5 623194 php5-common_5.4.39-0+deb7u1_amd64.deb f02377c3b65934dcd18b4d9325b1deb1bf21ec18 2708082 libapache2-mod-php5_5.4.39-0+deb7u1_amd64.deb 4951368cfcc907c204a123eb7be853dd2cb3f006 2707224 libapache2-mod-php5filter_5.4.39-0+deb7u1_amd64.deb d82ec1ff09c5ae9e996b46dd40583d5de3fdc76a 5173724 php5-cgi_5.4.39-0+deb7u1_amd64.deb 430531062327f03c1241f3ca87796c1f28bb8662 2595860 php5-cli_5.4.39-0+deb7u1_amd64.deb 33c32f7936f9ac9592ee52f09450915877dbd694 2628162 php5-fpm_5.4.39-0+deb7u1_amd64.deb 30c9046c6965c85327d39058cba646bda9a2f1f7 2705358 libphp5-embed_5.4.39-0+deb7u1_amd64.deb 1b07a40351a325998b437d8e785e11582f9841fd 501092 php5-dev_5.4.39-0+deb7u1_amd64.deb ac71ed7ce27906915a2f185d134ca9e1cd25f103 16128578 php5-dbg_5.4.39-0+deb7u1_amd64.deb f028a26ed53e28294ee616e587655fc2bb2a1a81 29438 php5-curl_5.4.39-0+deb7u1_amd64.deb d312824d183c51f61aff6779979129a06f6fee3f 9908 php5-enchant_5.4.39-0+deb7u1_amd64.deb db6028ecc7c4b385ec6435a324c5c1bc9b421e9e 35706 php5-gd_5.4.39-0+deb7u1_amd64.deb 80fe48ea387625a7b1f4a3de42277e6ba23c5985 17022 php5-gmp_5.4.39-0+deb7u1_amd64.deb 497e777e6e643d245b3b171e0e885bb40a083e3d 35610 php5-imap_5.4.39-0+deb7u1_amd64.deb a8c463097097c01d1fe2d5ef61c657a9ac43a0eb 49638 php5-interbase_5.4.39-0+deb7u1_amd64.deb be8fe84b099c22f207682f807b07d279db2b92f5 72170 php5-intl_5.4.39-0+deb7u1_amd64.deb 7eecac18c3f97cf02450aa35208ac5b97d2612d0 23884 php5-ldap_5.4.39-0+deb7u1_amd64.deb 296118d94936d13be50471977774db835ff16b87 16104 php5-mcrypt_5.4.39-0+deb7u1_amd64.deb 2307bc597da044fcd056e9fad7c92768c786c0bc 80872 php5-mysql_5.4.39-0+deb7u1_amd64.deb 8cc373835724dff47ff433371a5b8a7eb307c67a 164390 php5-mysqlnd_5.4.39-0+deb7u1_amd64.deb d6aaeaa29c3e6a7459384ed5d9881ad0c877276a 36852 php5-odbc_5.4.39-0+deb7u1_amd64.deb f4c3ffc2518c3c8007cc357c42d146c4190b1c9f 64342 php5-pgsql_5.4.39-0+deb7u1_amd64.deb ac9bbab423f12a104cdd24212ffdcfbdc2d5e1dc 8916 php5-pspell_5.4.39-0+deb7u1_amd64.deb 80d581574284a53cfe450c9f55703a3c2341a5d2 5212 php5-recode_5.4.39-0+deb7u1_amd64.deb 3d3398e06cdfd08ca7c54fa7e06f47e7209042f4 21946 php5-snmp_5.4.39-0+deb7u1_amd64.deb a6ecb5672c03cc385cdf75552ec8eeef9fadfd21 30538 php5-sqlite_5.4.39-0+deb7u1_amd64.deb a1675ce205af1b8ce1e3c9fe4c64b5e66d032925 28934 php5-sybase_5.4.39-0+deb7u1_amd64.deb e3aa9027e4ffc0a0013e0db228f3f6fa55fd3b37 19658 php5-tidy_5.4.39-0+deb7u1_amd64.deb 0f2a018337146a67a125dfdc83d50380503d0cb8 36358 php5-xmlrpc_5.4.39-0+deb7u1_amd64.deb 2b5c6737c7ff46953585e2ba7551c028a653db9f 15474 php5-xsl_5.4.39-0+deb7u1_amd64.deb Checksums-Sha256: 6059bd845db83f8d247a83b705590bad3bbbbf239b7225937f8508c8e0d34805 4530 php5_5.4.39-0+deb7u1.dsc 9af5d2c3782aa94b7336401755dc44b62dc4ea881bf5e39540a4c7181b54d945 15310419 php5_5.4.39.orig.tar.gz 87ff6d5a049580553218cf178252cfb957b59e330fd8fdfbf183e3b2b8e3555f 148792 php5_5.4.39-0+deb7u1.diff.gz 72205baa2b4ca85fa29bf96d2f6e1fce420c54fdf7916cacef62136cba7616e6 1024 php5_5.4.39-0+deb7u1_all.deb 9257acfc790f00cb8f58e96e60015dcfb082e7ad58733bc6030fa5ba926e17cf 371808 php-pear_5.4.39-0+deb7u1_all.deb 145a0f26ffd9eadb47efda1f925de00e79d0638008f17968deba31f5e4ceca64 623194 php5-common_5.4.39-0+deb7u1_amd64.deb 445acab0aec1167f3b0929b68f2d6752265ac1ff1eb475a0ab7f7dc34c2e069f 2708082 libapache2-mod-php5_5.4.39-0+deb7u1_amd64.deb 1edf02435092c8efc85819b12beb6953ec4e4d22ed3d3957da603e81e52e9c12 2707224 libapache2-mod-php5filter_5.4.39-0+deb7u1_amd64.deb 41716f2defdfd566bd19a2456a864efbe9484a88f315e778cc0e54b7fd57e28f 5173724 php5-cgi_5.4.39-0+deb7u1_amd64.deb 085484dd2eb388e440cc9a51fe1dadeef5e46868bf59a86b1e859a4d88dbc9bc 2595860 php5-cli_5.4.39-0+deb7u1_amd64.deb 96580095fc6749f504e98f4ebfed511810c9b5654308b01ddf5ab4d66830488a 2628162 php5-fpm_5.4.39-0+deb7u1_amd64.deb 7c31fe487c037b4a3ca24095ce58c12bff0ee56be096c230414dfd04b6b46ac2 2705358 libphp5-embed_5.4.39-0+deb7u1_amd64.deb 4401167abdcdc667d27d5025ac31feaede62eafa7124ca4473c70fe8c98aafd6 501092 php5-dev_5.4.39-0+deb7u1_amd64.deb df8048cbf25c80b1a4d6c5623caf35aee7c60d5c9a3284ff48ca9588eb5fd995 16128578 php5-dbg_5.4.39-0+deb7u1_amd64.deb 4ed6f9d31f1e9c9bf7977c778aa3f2b899e11fa619415b43ee0c7d83e0e566c9 29438 php5-curl_5.4.39-0+deb7u1_amd64.deb fd1776f6b8c9d43858de8841e9268f64d04f2c0a1989b9bef845ab5dc6433434 9908 php5-enchant_5.4.39-0+deb7u1_amd64.deb 55dd65341480f5cd0dccc3cf964f5f22e88b10de073f0d4dc764e0c4892cebba 35706 php5-gd_5.4.39-0+deb7u1_amd64.deb e94a0c60e194dd8267c05a146dbd8191d1bc2777bf32183cfbbb64c1687f66cf 17022 php5-gmp_5.4.39-0+deb7u1_amd64.deb a802c64875692a5adbd894af3a595f53f125cecaa460c459cbf8be40cff60385 35610 php5-imap_5.4.39-0+deb7u1_amd64.deb 00503ccab13b8d9348cf2409ee341647910b45e2c0a6d8a959d013539a04f5af 49638 php5-interbase_5.4.39-0+deb7u1_amd64.deb b3cdcee61e390927464b883c0c1c82ee4fac68f7dc77a8b0d868c4d14be0f822 72170 php5-intl_5.4.39-0+deb7u1_amd64.deb ef71248553fd0bcc6e5722b1e64a5d48603c6f8456584d22832a8a088e90339d 23884 php5-ldap_5.4.39-0+deb7u1_amd64.deb 15e5c7b3e665e4f35d7014ad217b12d0b725ad316d86995fab2317641a5e1825 16104 php5-mcrypt_5.4.39-0+deb7u1_amd64.deb 252c10231982de60cc3fb30111682a12b620097845b99eac8b7007809f0771b5 80872 php5-mysql_5.4.39-0+deb7u1_amd64.deb 3886b2467ff968617e30d274be0dc18d9bde417331b5ae9b11b0a288faabd54a 164390 php5-mysqlnd_5.4.39-0+deb7u1_amd64.deb be7c647de9105a8aede4c07db402c23704c480dba8f49f5540f1d513d1e496d2 36852 php5-odbc_5.4.39-0+deb7u1_amd64.deb 92168b113304763a30907969c453f19b1fad2fc8bcc2442d7e6c14dc3d343ba7 64342 php5-pgsql_5.4.39-0+deb7u1_amd64.deb 59b086b1084fcb47eb38152d367477f7aec3e429f74aa796842a5ff67f1bf953 8916 php5-pspell_5.4.39-0+deb7u1_amd64.deb 83b21229433ef0cf75f88550d6f81c0990743976ced6448918800690f66f9bc7 5212 php5-recode_5.4.39-0+deb7u1_amd64.deb 39533aa4cc12ec1a45c0d4f175e862932da14f937817931eee7c01bebd5e3671 21946 php5-snmp_5.4.39-0+deb7u1_amd64.deb 86bba40d32f7b9c8c0411066e11b99e38c88b9260f6b10de9424fa5f5dd07e35 30538 php5-sqlite_5.4.39-0+deb7u1_amd64.deb 9e86772fd3e0b2402742c64e722842f8f0ed555e842f894d6917b35733126f90 28934 php5-sybase_5.4.39-0+deb7u1_amd64.deb 1b020858831023e69349078898c06a136341065702115025464cb1a8d724ddf6 19658 php5-tidy_5.4.39-0+deb7u1_amd64.deb 2e3ec94d7dc5fd215f68ad9942cc77bcf48abbc42d5e7ff03fd4e7df70b9f68b 36358 php5-xmlrpc_5.4.39-0+deb7u1_amd64.deb 6b8643e21757e346bc288822e7e70c310f0ced94f1008d2bb6a80a02c0ec2d5f 15474 php5-xsl_5.4.39-0+deb7u1_amd64.deb Files: ba326f2ac1c0e419780f2c12f5113970 4530 php optional php5_5.4.39-0+deb7u1.dsc 9a9376bd302020b5b89b2ce42b147e3f 15310419 php optional php5_5.4.39.orig.tar.gz f5c2288c28e450a41fe308b59f01796d 148792 php optional php5_5.4.39-0+deb7u1.diff.gz 2fbaa3d68b0b818163289c4dc92faac1 1024 php optional php5_5.4.39-0+deb7u1_all.deb e6f6b20b35107e76952303f29ff0f692 371808 php optional php-pear_5.4.39-0+deb7u1_all.deb d3340c0c0425674b36e5ae9666a82ede 623194 php optional php5-common_5.4.39-0+deb7u1_amd64.deb bffbf92b5d13197230b64ee73063270d 2708082 httpd optional libapache2-mod-php5_5.4.39-0+deb7u1_amd64.deb 1f8ef15a768b1c40481551e702de42fd 2707224 httpd extra libapache2-mod-php5filter_5.4.39-0+deb7u1_amd64.deb a26f2b31a32ee24da8705ba410c8205d 5173724 php optional php5-cgi_5.4.39-0+deb7u1_amd64.deb 1184e32852fda55da844f54ebbe8dc50 2595860 php optional php5-cli_5.4.39-0+deb7u1_amd64.deb c4a1710f7dfef966137b302e4fa4a2f6 2628162 php optional php5-fpm_5.4.39-0+deb7u1_amd64.deb e223f6436cb1a4a85c6848d8b156db0d 2705358 php optional libphp5-embed_5.4.39-0+deb7u1_amd64.deb 7600514ed550dd953adec542edff4231 501092 php optional php5-dev_5.4.39-0+deb7u1_amd64.deb d5f149a7d0324798fd4771df0a455b4b 16128578 debug extra php5-dbg_5.4.39-0+deb7u1_amd64.deb 769b2af64086a70a31202b74fa8e7e4b 29438 php optional php5-curl_5.4.39-0+deb7u1_amd64.deb 88de7ac1ac22e2a8abbdd75ce0ddfd45 9908 php optional php5-enchant_5.4.39-0+deb7u1_amd64.deb f6339b8310ad1547049479ab623b5022 35706 php optional php5-gd_5.4.39-0+deb7u1_amd64.deb 6ad79af192a5ca239223da56f644dbe6 17022 php optional php5-gmp_5.4.39-0+deb7u1_amd64.deb 1d107f2d5e0649452f308bbc581c0e3f 35610 php optional php5-imap_5.4.39-0+deb7u1_amd64.deb 92f204648ca2bd3ab25e59647b5af273 49638 php optional php5-interbase_5.4.39-0+deb7u1_amd64.deb 0240fe6f35c4f9658693562f6f189763 72170 php optional php5-intl_5.4.39-0+deb7u1_amd64.deb ca3b42996f3e266fc0412a09790ba83f 23884 php optional php5-ldap_5.4.39-0+deb7u1_amd64.deb 962aad75917cb2bef76cf1924a5cf2ce 16104 php optional php5-mcrypt_5.4.39-0+deb7u1_amd64.deb e33c5022565e15f88a43c49d661948c3 80872 php optional php5-mysql_5.4.39-0+deb7u1_amd64.deb 5aef1d6fa824f51fa7f5a1220ce16ca1 164390 php extra php5-mysqlnd_5.4.39-0+deb7u1_amd64.deb 3a6f5baf7fd50066b9c27241db129f14 36852 php optional php5-odbc_5.4.39-0+deb7u1_amd64.deb 753297b50eeaf3db89d92ac1c6014220 64342 php optional php5-pgsql_5.4.39-0+deb7u1_amd64.deb 668f06f8351b1c78dbbe0ef83be7d51a 8916 php optional php5-pspell_5.4.39-0+deb7u1_amd64.deb c02c550dbb05f5af4a072394fc2f104a 5212 php optional php5-recode_5.4.39-0+deb7u1_amd64.deb 9c68bef1cae2b325fc975b0d7fdc82b9 21946 php optional php5-snmp_5.4.39-0+deb7u1_amd64.deb 1334af30f0125feb7b5d9c7c27c83bcc 30538 php optional php5-sqlite_5.4.39-0+deb7u1_amd64.deb f22a1c2bd3491dc4c6260a8b0495093f 28934 php optional php5-sybase_5.4.39-0+deb7u1_amd64.deb 323debad33bd6ab14d2b9f4541bf5eee 19658 php optional php5-tidy_5.4.39-0+deb7u1_amd64.deb 3addadb0fa80b9a7a48a6aa1457540bb 36358 php optional php5-xmlrpc_5.4.39-0+deb7u1_amd64.deb 9dcdf00244d65ed21ee82dbbd197e8bd 15474 php optional php5-xsl_5.4.39-0+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJVDD77XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHxPUP/jz+Al0CC42mBOgG2CuPdtL8 AQaEiGhYnKxZvL0tsGRarcihillOHmXBvYJnxYujQtCTmhGptmRt7Ej8W10HNHhT 7sATUG2CfUAbhnddAKdYg4C0IkfuAV39VbrLj1PFpes/mzs2ojvm61SjakDdl/SF wc3SAAouozGJVgSj9v0YTg+PlOx+4aJhVK6+SOZXsx7IYDpHqHLGePAgB72cD5qg heKpQDSzVPD7jZAEM5w+JTXennS5Twx0Q9qR0Lb+9S5/HmzNn4Eh6SJMDiD91ZAd 1AMzh7zuclWy7UxzpVQt+oLtCoNL7xMJl09dWVM79JlUTcH07W7qWljtJ7qEl3yh viu2C3H5P1FK0h4AfaAqRUt/YAKKkwnPrHQuoZBGrlDtlsVCpiA/HfCw0Dp/IMQg jUqu7P8hXZt3Ba53W4bun5Q60ALMMnS8aUpylWWGTmcuD52omD+RYCbj8odYeniO LztwUX9qc0DgGUcQdSs4q/TBkN6a7B6IRLwqktAw0rK21vJVaUBY8INJdXEmGzu+ 53caeor5r8aW3QwL7vpalj/sWmtg5ZvprLk/eyPRDatKgDbqiCXTrLrnLCSD9h4y PqtKZKac/lKn2qH3hdk663+mFAqibZx8zlkpYjR3KVuQxwSXTDNHd0IXJwLmUpPC rF1J8SQgHn4cKb3OoAas =iVMw -----END PGP SIGNATURE-----
--- End Message ---
