'Re: [SECURITY] [DSA 3117-1] php5 security update'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       debian-security
Subject:    Re: [SECURITY] [DSA 3117-1] php5 security update
From:       Jorge Prades <jprades () presenzia ! net>
Date:       2015-01-04 23:06:52
Message-ID: 54A9C78C.7090809 () presenzia ! net
[Download RAW message or body]

         2015-01-04      deb2 monitor-ofi antonio-dev cp2 web2 mail2 bd2 
ns3 ns4 bingolasvegas-rep web-pbx2 magister-admin-rep

         Afectados: libapache2-mod-php5 php-pear php5 php5-cli 
php5-common php5-curl php5-gd php5-imap php5-intl php5-mcrypt php5-mysql 
php5-pgsql php5-pspell  php5-sqlite

On 12/31/2014 03:47 PM, Salvatore Bonaccorso wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> - -------------------------------------------------------------------------
> Debian Security Advisory DSA-3117-1                   security@debian.org
> http://www.debian.org/security/                      Salvatore Bonaccorso
> December 31, 2014                      http://www.debian.org/security/faq
> - -------------------------------------------------------------------------
>
> Package        : php5
> CVE ID         : CVE-2014-8142
>
> Several vulnerabilities were found in PHP, a general-purpose scripting
> language commonly used for web application development.
>
> As announced in DSA 3064-1 it has been decided to follow the stable
> 5.4.x releases for the Wheezy php5 packages. Consequently the
> vulnerabilities are addressed by upgrading PHP to a new upstream version
> 5.4.36, which includes additional bug fixes, new features and possibly
> incompatible changes. Please refer to the upstream changelog for more
> information:
>
>   http://php.net/ChangeLog-5.php#5.4.36
>
> Two additional patches were applied on top of the imported new upstream
> version. An out-of-bounds read flaw was fixed which could lead php5-cgi
> to crash. Moreover a bug with php5-pgsql in combination with PostgreSQL
> 9.1 was fixed (Debian Bug #773182).
>
> For the stable distribution (wheezy), these problems have been fixed in
> version 5.4.36-0+deb7u1.
>
> We recommend that you upgrade your php5 packages.
>
> Further information about Debian Security Advisories, how to apply
> these updates to your system and frequently asked questions can be
> found at: https://www.debian.org/security/
>
> Mailing list: debian-security-announce@lists.debian.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCgAGBQJUpAw8AAoJEAVMuPMTQ89EyLcQAI/Hwcf8nmK0dxuGNpN33Vhx
> knelAzGeQW/kzmNPCTQAu4R7ncSB/S/oXaSvRayK6dIdf53oJop6819IEUhqh4AB
> MNEu3oqMdTiE7w6uAZnRahKEEN/GZ4rm4Vppt8ByvtxR36y9u0AOBQgVZB0zQV/1
> p8ewLenSx4SoRVVP630Jc1CUj8AwcgvYUOoLXNmuu5U3PvEPXAVT83i3BHD02Vh9
> IyBD9JvRmvX13CaAFC19UuGzzVw7BRrTMQh3E6zoze+dKxadW8N/opr0tBZagqNy
> 0Lhv7GeldcQBze3O1ZiQvKvXGiDgzJtl4bYy6LMe2nShCXuSkWLOF1UiVbPqHh2N
> NRhptHPPFb3nETRdQhIW7ZyLLFMR1ZKhwc4YUNuy/f8SFRddynE1QtVENxDtRmzy
> 6piuVYNl9fvgolGH3I33hK6O7lRhuXxggIgTEJCSkj3GVc+D6UuUx3njTK5Qac7Y
> MT3TTMGuKJYpylCveT372mBkRdvMUVT7yDC3I0PMcWCkZDOUxb8XM6WqkHHa1hWV
> rLD76rLBQNxVXaDRmX5/R5d4uzTy17Uio1PYaIr534+LF4HHWiINZVulEbJzN+JY
> XUWb9kxZKIcI/Af2xzDhDfXAaAiRZjfSrQ+xczu5aj/1w+9xAIx1eChx2yM0J3GA
> GrmtFP6vEovwwGUziHlF
> =bK9J
> -----END PGP SIGNATURE-----
>
>


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: https://lists.debian.org/54A9C78C.7090809@presenzia.net

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic