php7.0 7.0.12-2ubuntu1 source package in Ubuntu
Changelog
php7.0 (7.0.12-2ubuntu1) zesty; urgency=medium * Merge with Debian unstable (LP: #1641211). Remaining changes: - Drop dh-php from Recommends to Suggests so it can be demoted to universe (LP #1590623). + dh-php has gained a dependency on xml2 which is in universe. * Drop: - SECURITY UPDATE: proxy request header vulnerability (httpoxy) + debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the local environment in ext/standard/basic_functions.c, main/SAPI.c, main/php_variables.c. + CVE-2016-5385 [ Fixed upstream in 7.0.9 ] - SECURITY UPDATE: inadequate error handling in bzread() + debian/patches/CVE-2016-5399.patch: do not allow reading past error read in ext/bz2/bz2.c. + CVE-2016-5399 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: integer overflow in the virtual_file_ex function + debian/patches/CVE-2016-6289.patch: properly check path_length in Zend/zend_virtual_cwd.c. + CVE-2016-6289 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: use after free in unserialize() with unexpected session deserialization + debian/patches/CVE-2016-6290.patch: destroy var_hash properly in ext/session/session.c, added test to ext/session/tests/bug72562.phpt. + CVE-2016-6290 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE + debian/patches/CVE-2016-6291.patch: add more bounds checks to ext/exif/exif.c. + CVE-2016-6291 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: NULL pointer dereference in exif_process_user_comment + debian/patches/CVE-2016-6292.patch: properly handle encoding in ext/exif/exif.c. + CVE-2016-6292 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: locale_accept_from_http out-of-bounds access + debian/patches/CVE-2016-6294.patch: check length in ext/intl/locale/locale_methods.c, added test to ext/intl/tests/bug72533.phpt. + CVE-2016-6294 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: use after free vulnerability in SNMP with GC and unserialize() + debian/patches/CVE-2016-6295.patch: add new handler to ext/snmp/snmp.c, add test to ext/snmp/tests/bug72479.phpt. + CVE-2016-6295 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: heap buffer overflow in simplestring_addn + debian/patches/CVE-2016-6296.patch: prevent overflows in ext/xmlrpc/libxmlrpc/simplestring.*. + CVE-2016-6296 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: integer overflow in php_stream_zip_opener + debian/patches/CVE-2016-6297.patch: use size_t in ext/zip/zip_stream.c. + CVE-2016-6297 [ Fixed upstream in 7.0.10 ] - debian/patches/fix_exif_tests.patch: fix exif test results after security changes. [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: denial of service or code execution via crafted serialized data + debian/patches/CVE-2016-7124.patch: fix unserializing logic in ext/session/session.c, ext/standard/var_unserializer.c*, ext/wddx/wddx.c, added tests to ext/standard/tests/serialize/bug72663.phpt, ext/standard/tests/serialize/bug72663_2.phpt, ext/standard/tests/serialize/bug72663_3.phpt. - CVE-2016-7124 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: arbitrary-type session data injection + debian/patches/CVE-2016-7125.patch: consume data even if not storing in ext/session/session.c, added test to ext/session/tests/bug72681.phpt. + CVE-2016-7125 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution in imagegammacorrect function + debian/patches/CVE-2016-7127.patch: check gamma values in ext/gd/gd.c, added test to ext/gd/tests/bug72730.phpt. + CVE-2016-7127 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: information disclosure via exif_process_IFD_in_TIFF + debian/patches/CVE-2016-7128.patch: properly handle thumbnails in ext/exif/exif.c. + CVE-2016-7128 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via invalid ISO 8601 time value + debian/patches/CVE-2016-7129.patch: properly handle strings in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72749.phpt. + CVE-2016-7129 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via invalid base64 binary value + debian/patches/CVE-2016-7130.patch: properly handle string in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72750.phpt. + CVE-2016-7130 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via malformed wddxPacket XML document + debian/patches/CVE-2016-7131.patch: added checks to ext/wddx/wddx.c, added tests to ext/wddx/tests/bug72790.phpt, ext/wddx/tests/bug72799.phpt. + CVE-2016-7131 + CVE-2016-7132 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via long pathname + debian/patches/CVE-2016-7133.patch: fix memory allocator in Zend/zend_alloc.c. + CVE-2016-7133 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via long string and curl_escape call + debian/patches/CVE-2016-7134.patch: check both curl_escape and curl_unescape in ext/curl/interface.c. + CVE-2016-7134 [ Fixed upstream in 7.0.10 ] - SECURITY UPDATE: denial of service and possible code execution via crafted field metadata in MySQL driver + debian/patches/CVE-2016-7412.patch: validate field length in ext/mysqlnd/mysqlnd_wireprotocol.c. + CVE-2016-7412 [ Fixed upstream in 7.0.11 ] - SECURITY UPDATE: denial of service and possible code execution via malformed wddxPacket XML document + debian/patches/CVE-2016-7413.patch: fixed use-after-free in ext/wddx/wddx.c, added test to ext/wddx/tests/bug72860.phpt. + CVE-2016-7413 [ Fixed upstream in 7.0.11 ] - SECURITY UPDATE: denial of service and possible code execution via crafted PHAR archive + debian/patches/CVE-2016-7414.patch: validate signatures in ext/phar/util.c, ext/phar/zip.c. + CVE-2016-7414 [ Fixed upstream in 7.0.11 ] - SECURITY UPDATE: denial of service and possible code execution via MessageFormatter::formatMessage call with a long first argument + debian/patches/CVE-2016-7416.patch: added locale length check to ext/intl/msgformat/msgformat_format.c. + CVE-2016-7416 [ Fixed upstream in 7.0.11 ] - SECURITY UPDATE: denial of service or code execution via crafted serialized data + debian/patches/CVE-2016-7417.patch: added type check to ext/spl/spl_array.c, added test to ext/spl/tests/bug73029.phpt, fix test in ext/spl/tests/bug70068.phpt. + CVE-2016-7417 [ Fixed upstream in 7.0.11 ] - SECURITY UPDATE: denial of service and possible code execution via malformed wddxPacket XML document + debian/patches/CVE-2016-7418.patch: fix out-of-bounds read in ext/wddx/wddx.c, added test to ext/wddx/tests/bug73065.phpt. + CVE-2016-7418 [ Fixed upstream in 7.0.11 ] -- Nishanth Aravamudan <email address hidden> Mon, 14 Nov 2016 16:27:38 -0800
Upload details
- Uploaded by:
- Nish Aravamudan
- Uploaded to:
- Zesty
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- misc
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
php7.0_7.0.12.orig.tar.xz | 11.9 MiB | f3d6c49e1c242e5995dec15e503fde996c327eb86cd7ec45c690e93c971b83ff |
php7.0_7.0.12-2ubuntu1.debian.tar.xz | 103.3 KiB | 1d7d8a65e3739b0c2eeed606ec4f3583a03397595f4fc177edc48b973d65ee98 |
php7.0_7.0.12-2ubuntu1.dsc | 5.3 KiB | 45d814825c6524b5f2e96be42af79eacff1330986f4793928e97079fb57677a2 |
Available diffs
Binary packages built by this source
- libapache2-mod-php7.0: No summary available for libapache2-mod-php7.0 in ubuntu zesty.
No description available for libapache2-
mod-php7. 0 in ubuntu zesty.
- libapache2-mod-php7.0-dbgsym: No summary available for libapache2-mod-php7.0-dbgsym in ubuntu zesty.
No description available for libapache2-
mod-php7. 0-dbgsym in ubuntu zesty.
- libphp7.0-embed: No summary available for libphp7.0-embed in ubuntu zesty.
No description available for libphp7.0-embed in ubuntu zesty.
- libphp7.0-embed-dbgsym: No summary available for libphp7.0-embed-dbgsym in ubuntu zesty.
No description available for libphp7.
0-embed- dbgsym in ubuntu zesty.
- php7.0: No summary available for php7.0 in ubuntu zesty.
No description available for php7.0 in ubuntu zesty.
- php7.0-bcmath: No summary available for php7.0-bcmath in ubuntu zesty.
No description available for php7.0-bcmath in ubuntu zesty.
- php7.0-bcmath-dbgsym: No summary available for php7.0-bcmath-dbgsym in ubuntu zesty.
No description available for php7.0-
bcmath- dbgsym in ubuntu zesty.
- php7.0-bz2: No summary available for php7.0-bz2 in ubuntu zesty.
No description available for php7.0-bz2 in ubuntu zesty.
- php7.0-bz2-dbgsym: No summary available for php7.0-bz2-dbgsym in ubuntu zesty.
No description available for php7.0-bz2-dbgsym in ubuntu zesty.
- php7.0-cgi: No summary available for php7.0-cgi in ubuntu zesty.
No description available for php7.0-cgi in ubuntu zesty.
- php7.0-cgi-dbgsym: No summary available for php7.0-cgi-dbgsym in ubuntu zesty.
No description available for php7.0-cgi-dbgsym in ubuntu zesty.
- php7.0-cli: No summary available for php7.0-cli in ubuntu zesty.
No description available for php7.0-cli in ubuntu zesty.
- php7.0-cli-dbgsym: No summary available for php7.0-cli-dbgsym in ubuntu zesty.
No description available for php7.0-cli-dbgsym in ubuntu zesty.
- php7.0-common: No summary available for php7.0-common in ubuntu zesty.
No description available for php7.0-common in ubuntu zesty.
- php7.0-common-dbgsym: No summary available for php7.0-common-dbgsym in ubuntu zesty.
No description available for php7.0-
common- dbgsym in ubuntu zesty.
- php7.0-curl: No summary available for php7.0-curl in ubuntu zesty.
No description available for php7.0-curl in ubuntu zesty.
- php7.0-curl-dbgsym: No summary available for php7.0-curl-dbgsym in ubuntu zesty.
No description available for php7.0-curl-dbgsym in ubuntu zesty.
- php7.0-dba: No summary available for php7.0-dba in ubuntu zesty.
No description available for php7.0-dba in ubuntu zesty.
- php7.0-dba-dbgsym: No summary available for php7.0-dba-dbgsym in ubuntu zesty.
No description available for php7.0-dba-dbgsym in ubuntu zesty.
- php7.0-dev: No summary available for php7.0-dev in ubuntu zesty.
No description available for php7.0-dev in ubuntu zesty.
- php7.0-enchant: No summary available for php7.0-enchant in ubuntu zesty.
No description available for php7.0-enchant in ubuntu zesty.
- php7.0-enchant-dbgsym: No summary available for php7.0-enchant-dbgsym in ubuntu zesty.
No description available for php7.0-
enchant- dbgsym in ubuntu zesty.
- php7.0-fpm: No summary available for php7.0-fpm in ubuntu zesty.
No description available for php7.0-fpm in ubuntu zesty.
- php7.0-fpm-dbgsym: No summary available for php7.0-fpm-dbgsym in ubuntu zesty.
No description available for php7.0-fpm-dbgsym in ubuntu zesty.
- php7.0-gd: No summary available for php7.0-gd in ubuntu zesty.
No description available for php7.0-gd in ubuntu zesty.
- php7.0-gd-dbgsym: No summary available for php7.0-gd-dbgsym in ubuntu zesty.
No description available for php7.0-gd-dbgsym in ubuntu zesty.
- php7.0-gmp: No summary available for php7.0-gmp in ubuntu zesty.
No description available for php7.0-gmp in ubuntu zesty.
- php7.0-gmp-dbgsym: No summary available for php7.0-gmp-dbgsym in ubuntu zesty.
No description available for php7.0-gmp-dbgsym in ubuntu zesty.
- php7.0-imap: No summary available for php7.0-imap in ubuntu zesty.
No description available for php7.0-imap in ubuntu zesty.
- php7.0-imap-dbgsym: No summary available for php7.0-imap-dbgsym in ubuntu zesty.
No description available for php7.0-imap-dbgsym in ubuntu zesty.
- php7.0-interbase: No summary available for php7.0-interbase in ubuntu zesty.
No description available for php7.0-interbase in ubuntu zesty.
- php7.0-interbase-dbgsym: No summary available for php7.0-interbase-dbgsym in ubuntu zesty.
No description available for php7.0-
interbase- dbgsym in ubuntu zesty.
- php7.0-intl: No summary available for php7.0-intl in ubuntu zesty.
No description available for php7.0-intl in ubuntu zesty.
- php7.0-intl-dbgsym: No summary available for php7.0-intl-dbgsym in ubuntu zesty.
No description available for php7.0-intl-dbgsym in ubuntu zesty.
- php7.0-json: No summary available for php7.0-json in ubuntu zesty.
No description available for php7.0-json in ubuntu zesty.
- php7.0-json-dbgsym: No summary available for php7.0-json-dbgsym in ubuntu zesty.
No description available for php7.0-json-dbgsym in ubuntu zesty.
- php7.0-ldap: No summary available for php7.0-ldap in ubuntu zesty.
No description available for php7.0-ldap in ubuntu zesty.
- php7.0-ldap-dbgsym: No summary available for php7.0-ldap-dbgsym in ubuntu zesty.
No description available for php7.0-ldap-dbgsym in ubuntu zesty.
- php7.0-mbstring: No summary available for php7.0-mbstring in ubuntu zesty.
No description available for php7.0-mbstring in ubuntu zesty.
- php7.0-mbstring-dbgsym: No summary available for php7.0-mbstring-dbgsym in ubuntu zesty.
No description available for php7.0-
mbstring- dbgsym in ubuntu zesty.
- php7.0-mcrypt: No summary available for php7.0-mcrypt in ubuntu zesty.
No description available for php7.0-mcrypt in ubuntu zesty.
- php7.0-mcrypt-dbgsym: No summary available for php7.0-mcrypt-dbgsym in ubuntu zesty.
No description available for php7.0-
mcrypt- dbgsym in ubuntu zesty.
- php7.0-mysql: No summary available for php7.0-mysql in ubuntu zesty.
No description available for php7.0-mysql in ubuntu zesty.
- php7.0-mysql-dbgsym: No summary available for php7.0-mysql-dbgsym in ubuntu zesty.
No description available for php7.0-mysql-dbgsym in ubuntu zesty.
- php7.0-odbc: No summary available for php7.0-odbc in ubuntu zesty.
No description available for php7.0-odbc in ubuntu zesty.
- php7.0-odbc-dbgsym: No summary available for php7.0-odbc-dbgsym in ubuntu zesty.
No description available for php7.0-odbc-dbgsym in ubuntu zesty.
- php7.0-opcache: No summary available for php7.0-opcache in ubuntu zesty.
No description available for php7.0-opcache in ubuntu zesty.
- php7.0-opcache-dbgsym: No summary available for php7.0-opcache-dbgsym in ubuntu zesty.
No description available for php7.0-
opcache- dbgsym in ubuntu zesty.
- php7.0-pgsql: No summary available for php7.0-pgsql in ubuntu zesty.
No description available for php7.0-pgsql in ubuntu zesty.
- php7.0-pgsql-dbgsym: No summary available for php7.0-pgsql-dbgsym in ubuntu zesty.
No description available for php7.0-pgsql-dbgsym in ubuntu zesty.
- php7.0-phpdbg: No summary available for php7.0-phpdbg in ubuntu zesty.
No description available for php7.0-phpdbg in ubuntu zesty.
- php7.0-phpdbg-dbgsym: No summary available for php7.0-phpdbg-dbgsym in ubuntu zesty.
No description available for php7.0-
phpdbg- dbgsym in ubuntu zesty.
- php7.0-pspell: No summary available for php7.0-pspell in ubuntu zesty.
No description available for php7.0-pspell in ubuntu zesty.
- php7.0-pspell-dbgsym: No summary available for php7.0-pspell-dbgsym in ubuntu zesty.
No description available for php7.0-
pspell- dbgsym in ubuntu zesty.
- php7.0-readline: No summary available for php7.0-readline in ubuntu zesty.
No description available for php7.0-readline in ubuntu zesty.
- php7.0-readline-dbgsym: No summary available for php7.0-readline-dbgsym in ubuntu zesty.
No description available for php7.0-
readline- dbgsym in ubuntu zesty.
- php7.0-recode: No summary available for php7.0-recode in ubuntu zesty.
No description available for php7.0-recode in ubuntu zesty.
- php7.0-recode-dbgsym: No summary available for php7.0-recode-dbgsym in ubuntu zesty.
No description available for php7.0-
recode- dbgsym in ubuntu zesty.
- php7.0-snmp: No summary available for php7.0-snmp in ubuntu zesty.
No description available for php7.0-snmp in ubuntu zesty.
- php7.0-snmp-dbgsym: No summary available for php7.0-snmp-dbgsym in ubuntu zesty.
No description available for php7.0-snmp-dbgsym in ubuntu zesty.
- php7.0-soap: No summary available for php7.0-soap in ubuntu zesty.
No description available for php7.0-soap in ubuntu zesty.
- php7.0-soap-dbgsym: No summary available for php7.0-soap-dbgsym in ubuntu zesty.
No description available for php7.0-soap-dbgsym in ubuntu zesty.
- php7.0-sqlite3: No summary available for php7.0-sqlite3 in ubuntu zesty.
No description available for php7.0-sqlite3 in ubuntu zesty.
- php7.0-sqlite3-dbgsym: No summary available for php7.0-sqlite3-dbgsym in ubuntu zesty.
No description available for php7.0-
sqlite3- dbgsym in ubuntu zesty.
- php7.0-sybase: No summary available for php7.0-sybase in ubuntu zesty.
No description available for php7.0-sybase in ubuntu zesty.
- php7.0-sybase-dbgsym: No summary available for php7.0-sybase-dbgsym in ubuntu zesty.
No description available for php7.0-
sybase- dbgsym in ubuntu zesty.
- php7.0-tidy: No summary available for php7.0-tidy in ubuntu zesty.
No description available for php7.0-tidy in ubuntu zesty.
- php7.0-tidy-dbgsym: No summary available for php7.0-tidy-dbgsym in ubuntu zesty.
No description available for php7.0-tidy-dbgsym in ubuntu zesty.
- php7.0-xml: No summary available for php7.0-xml in ubuntu zesty.
No description available for php7.0-xml in ubuntu zesty.
- php7.0-xml-dbgsym: No summary available for php7.0-xml-dbgsym in ubuntu zesty.
No description available for php7.0-xml-dbgsym in ubuntu zesty.
- php7.0-xmlrpc: No summary available for php7.0-xmlrpc in ubuntu zesty.
No description available for php7.0-xmlrpc in ubuntu zesty.
- php7.0-xmlrpc-dbgsym: No summary available for php7.0-xmlrpc-dbgsym in ubuntu zesty.
No description available for php7.0-
xmlrpc- dbgsym in ubuntu zesty.
- php7.0-xsl: No summary available for php7.0-xsl in ubuntu zesty.
No description available for php7.0-xsl in ubuntu zesty.
- php7.0-zip: No summary available for php7.0-zip in ubuntu zesty.
No description available for php7.0-zip in ubuntu zesty.
- php7.0-zip-dbgsym: No summary available for php7.0-zip-dbgsym in ubuntu zesty.
No description available for php7.0-zip-dbgsym in ubuntu zesty.