apticron report [Fri, 28 Aug 2015 00:38:10 +0200] ======================================================================== apticron has detected that some packages need upgrading on: quigon.federez.net [ 160.228.155.65 ] The following packages are currently pending an upgrade: libapache2-mod-php5 5.6.12+dfsg-0+deb8u1 php5 5.6.12+dfsg-0+deb8u1 php5-cli 5.6.12+dfsg-0+deb8u1 php5-common 5.6.12+dfsg-0+deb8u1 php5-ldap 5.6.12+dfsg-0+deb8u1 php5-readline 5.6.12+dfsg-0+deb8u1 ======================================================================== Package Details: Lecture des fichiers de modifications (« changelog »)... --- Modifications pour php5 (libapache2-mod-php5 php5 php5-cli php5-common php5-ldap php5-readline) --- php5 (5.6.12+dfsg-0+deb8u1) jessie-security; urgency=medium * New upstream version 5.6.12+dfsg - Core: . Fixed bug #70012 (Exception lost with nested finally block). . Fixed bug #70002 (TS issues with temporary dir handling). . Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls). . Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). . Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref). - CLI server: . Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). . Fixed bug #64878 (304 responses return Content-Type header). - GD: . Fixed bug #53156 (imagerectangle problem with point ordering). . Fixed bug #66387 (Stack overflow with imagefilltoborder). . Fixed bug #70102 (imagecreatefromwebm() shifts colors). . Fixed bug #66590 (imagewebp() doesn't pad to even length). . Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). . Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). . Fixed bug #69024 (imagescale segfault with palette based image). . Fixed bug #53154 (Zero-height rectangle has whiskers). . Fixed bug #67447 (imagecrop() add a black line when cropping). . Fixed bug #68714 (copy 'n paste error). . Fixed bug #66339 (PHP segfaults in imagexbm). . Fixed bug #70047 (gd_info() doesn't report WebP support). - ODBC: . Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns). - OpenSSL: . Fixed bug #69882 (OpenSSL error “key values mismatch” after openssl_pkcs12_read with extra cert) . Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). - Phar: . Improved fix for bug #69441. . Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). - SOAP: . Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions). - SPL: . Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). . Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). . Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). . Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). - Standard: . Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). * New upstream version 5.6.11 - Core: . Fixed bug #69768 (escapeshell*() doesn't cater to !). . Fixed bug #69703 (Use __builtin_clzl on PowerPC). . Fixed bug #69732 (can induce segmentation fault with basic php code). . Fixed bug #69642 (Windows 10 reported as Windows 8). . Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault). . Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"). . Fixed bug #69740 (finally in generator (yield) swallows exception in iteration). . Fixed bug #69835 (phpinfo() does not report many Windows SKUs). . Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). . Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. - GD: . Fixed bug #61221 (imagegammacorrect function loses alpha channel). - GMP: . Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP number). - Mysqlnd: . Fixed bug #69669 (mysqlnd is vulnerable to BACKRONYM) (CVE-2015-3152). - PCRE: . Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string). . Fixed bug #69864 (Segfault in preg_replace_callback) - PDO_pgsql: . Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u). . Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote). . Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps). - SimpleXML: . Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name). - SPL: . Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error). . Fixed bug #67805 (SplFileObject setMaxLineLength). . Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()). - Sqlite3: . Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()). * Rebase d/patches on top of 5.6.12+dfsg release -- Ondřej Surý <ondrej(a)debian.org> Sun, 16 Aug 2015 14:02:47 +0200 php5 (5.6.10+dfsg-0+deb8u1) jessie-security; urgency=medium * New upstream version 5.6.10+dfsg (CVE-2015-4644, CVE-2015-4643, CVE-2015-4598) - Core: . Fixed bug #66048 (temp. directory is cached during multiple requests). . Fixed bug #69566 (Conditional jump or move depends on uninitialised value in extension trait). . Fixed bug #69599 (Strange generator+exception+variadic crash). . Fixed bug #69628 (complex GLOB_BRACE fails on Windows). . Fixed POST data processing slowdown due to small input buffer size on Windows. . Fixed bug #69646 (OS command injection vulnerability in escapeshellarg). . Fixed bug #69719 (Incorrect handling of paths with NULs). - FTP . Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). - GD: . Fixed bug #69479 (GD fails to build with newer libvpx). - Iconv: . Fixed bug #48147 (iconv with //IGNORE cuts the string). - Litespeed SAPI: . Fixed bug #68812 (Unchecked return value). - Mail: . Fixed bug #68776 (mail() does not have mail header injection prevention for additional headers). - MCrypt: . Added file descriptor caching to mcrypt_create_iv() - Opcache . Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF). - Phar: . Fixed bug #69680 (phar symlink in binary directory broken). - Postgres: . Fixed bug #69667 (segfault in php_pgsql_meta_data). - Sqlite3: . Upgrade bundled sqlite to 3.8.10.2. * Refresh patches using gbp pq -- Ondřej Surý <ondrej(a)debian.org> Mon, 22 Jun 2015 10:07:50 +0200 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on quigon.federez.net -- apticron