21 Mar
2015
21 Mar
'15
17:44
apticron report [Sat, 21 Mar 2015 16:44:08 +0000]
========================================================================
apticron has detected that some packages need upgrading on:
baldrick
[ 138.231.142.239 2a01:240:fe3d:4:62:61ff:fe6c:6401 138.231.142.239 ]
[ 2a01:240:fe3d:4:62:61ff:fe6c:6401 ]
The following packages are currently pending an upgrade:
libapache2-mod-php5 5.4.39-0+deb7u1
php5 5.4.39-0+deb7u1
php5-cgi 5.4.39-0+deb7u1
php5-cli 5.4.39-0+deb7u1
php5-common 5.4.39-0+deb7u1
php5-curl 5.4.39-0+deb7u1
php5-gd 5.4.39-0+deb7u1
php5-intl 5.4.39-0+deb7u1
php5-pgsql 5.4.39-0+deb7u1
========================================================================
Package Details:
Lecture des fichiers de modifications (« changelog »)...
--- Modifications pour php5 (libapache2-mod-php5 php5 php5-cgi php5-cli php5-common
php5-curl php5-gd php5-intl php5-pgsql) ---
php5 (5.4.39-0+deb7u1) wheezy-security; urgency=high
* New upstream version 5.4.39
- Core:
. Fixed bug #68976 (Use After Free Vulnerability in unserialize())
(CVE-2015-0231).
. Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM
configuration options).
. Fixed bug #69207 (move_uploaded_file allows nulls in path).
- Ereg:
. Fixed bug #69248 (heap overflow vulnerability in regcomp.c)
(CVE-2015-2305).
- SOAP:
. Fixed bug #69085 (SoapClient's __call() type confusion through
unserialize()).
- ZIP:
. Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap
boundary) (CVE-2015-2331). (Closes: #780713)
* Refresh patches for 5.4.39 and remove already merged VU695940
* Start using git pq to manage patches in d/patches/
* Move PEAR-Builder-print-info-about-php5-dev.patch to debian/ since
it's not a quilt patch
* Add newly assigned CVE identifiers to older d/changelog entries
* New patches:
- 0060-PHP-SegFault-zend_hash_find-PHP-68486.patch
- 0061-Fix-use-after-free-in-phar_object.c-PHP-68901-CVE-20.patch
(CVE-2015-2301)
* Remove invalid curl patch that got pulled as part of CVE-2015-1352
(Closes: #780771, #780764)
* Split upstream fixes for PHP#68740 and PHP#68741 into separate patches
-- Ondřej Surý <ondrej(a)debian.org> Fri, 20 Mar 2015 12:41:48 +0100
========================================================================
You can perform the upgrade by issuing the command:
apt-get dist-upgrade
as root on baldrick
--
apticron