Comment 21 for bug 239513

This bug was fixed in the package php5 - 5.2.6-2ubuntu4.5

---------------
php5 (5.2.6-2ubuntu4.5) intrepid-security; urgency=low

  * SECURITY UPDATE: file truncation via key with null byte
    - debian/patches/CVE-2008-7068.patch: make sure key and value are sane
      in ext/dba/libinifile/inifile.c.
    - CVE-2008-7068
  * SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313)
    - debian/patches/CVE-2009-3291.patch: validate certificate's CN length
      in ext/openssl/openssl.c.
    - CVE-2009-3291
  * SECURITY UPDATE: denial of service via malformed exif images
    (LP: #446313)
    - debian/patches/CVE-2009-3292.patch: check length, return codes, and
      nesting level in ext/exif/exif.c.
    - CVE-2009-3292
  * SECURITY UPDATE: safe_mode bypass via tempam function
    - debian/patches/CVE-2009-3557.patch: check for safe_mode in
      ext/standard/file.c.
    - CVE-2009-3557
  * SECURITY UPDATE: open_basedir restrictions bypass via posix_mkfifo
    - debian/patches/CVE-2009-3558.patch: check for open_basedir in
      ext/posix/posix.c.
    - CVE-2009-3558
  * SECURITY UPDATE: denial of service via large number of files in
    form-data POST request.
    - debian/patches/CVE-2009-4017.patch: introduce new "max_file_uploads"
      directive and enforce in main/main.c, main/rfc1867.c.
    - ATTENTION: this update changes previous php5 behaviour by limiting
      the number of files in a POST request to 50. This may be increased
      by adding a "max_file_uploads" directive to the php.ini configuration
      file.
    - CVE-2009-4017
  * SECURITY UPDATE: safe_mode_protected_env_vars bypass via proc_open()
    - debian/patches/CVE-2009-4018.patch: add safe_mode check in
      ext/standard/proc_open.c
    - CVE-2009-4018
  * debian/patches/fix-xmlrpc-datetime.diff
    - Prevent stack smashing when using xmlrpc and datetime. (LP: #239513)
 -- Marc Deslauriers <email address hidden> Thu, 26 Nov 2009 08:06:47 -0500