group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #06592
[Bug 1594041] Re: PHP Security Bug #68978: "XSS in header() with Internet Explorer" has not been backported
This bug was fixed in the package php5 - 5.3.10-1ubuntu3.24
---------------
php5 (5.3.10-1ubuntu3.24) precise-security; urgency=medium
* SECURITY UPDATE: segfault in SplMinHeap::compare
- debian/patches/CVE-2015-4116.patch: properly handle count in
ext/spl/spl_heap.c, added test to ext/spl/tests/bug69737.phpt.
- CVE-2015-4116
* SECURITY UPDATE: denial of service via recursive method calls
- debian/patches/CVE-2015-8873.patch: add limit to
Zend/zend_exceptions.c, add tests to
ext/standard/tests/serialize/bug69152.phpt,
ext/standard/tests/serialize/bug69793.phpt,
sapi/cli/tests/005.phpt.
- CVE-2015-8873
* SECURITY UPDATE: denial of service or code execution via crafted
serialized data
- debian/patches/CVE-2015-8876.patch: fix logic in
Zend/zend_exceptions.c, added test to Zend/tests/bug70121.phpt.
- CVE-2015-8876
* SECURITY UPDATE: XSS in header() with Internet Explorer (LP: #1594041)
- debian/patches/CVE-2015-8935.patch: update header handling to
RFC 7230 in main/SAPI.c, added tests to
ext/standard/tests/general_functions/bug60227_*.phpt.
- CVE-2015-8935
* SECURITY UPDATE: get_icu_value_internal out-of-bounds read
- debian/patches/CVE-2016-5093.patch: add enough space in
ext/intl/locale/locale_methods.c, added test to
ext/intl/tests/bug72241.phpt.
- CVE-2016-5093
* SECURITY UPDATE: integer overflow in php_html_entities()
- debian/patches/CVE-2016-5094.patch: don't create strings with lengths
outside int range in ext/standard/html.c.
- CVE-2016-5094
* SECURITY UPDATE: string overflows in string add operations
- debian/patches/CVE-2016-5095.patch: check for size overflow in
Zend/zend_operators.c.
- CVE-2016-5095
* SECURITY UPDATE: int/size_t confusion in fread
- debian/patches/CVE-2016-5096.patch: check string length in
ext/standard/file.c, added test to
ext/standard/tests/file/bug72114.phpt.
- CVE-2016-5096
* SECURITY UPDATE: memory leak and buffer overflow in FPM
- debian/patches/CVE-2016-5114.patch: check buffer length in
sapi/fpm/fpm/fpm_log.c.
- CVE-2016-5114
* SECURITY UPDATE: proxy request header vulnerability (httpoxy)
- debian/patches/CVE-2016-5385.patch: only use HTTP_PROXY from the
local environment in ext/standard/basic_functions.c, main/SAPI.c,
main/php_variables.c.
- CVE-2016-5385
* SECURITY UPDATE: inadequate error handling in bzread()
- debian/patches/CVE-2016-5399.patch: do not allow reading past error
read in ext/bz2/bz2.c.
- CVE-2016-5399
* SECURITY UPDATE: integer overflows in mcrypt
- debian/patches/CVE-2016-5769.patch: check for overflow in
ext/mcrypt/mcrypt.c.
- CVE-2016-5769
* SECURITY UPDATE: double free corruption in wddx_deserialize
- debian/patches/CVE-2016-5772.patch: prevent double-free in
ext/wddx/wddx.c, added test to ext/wddx/tests/bug72340.phpt.
- CVE-2016-5772
* SECURITY UPDATE: buffer overflow in php_url_parse_ex()
- debian/patches/CVE-2016-6288.patch: handle length in
ext/standard/url.c.
- CVE-2016-6288
* SECURITY UPDATE: integer overflow in the virtual_file_ex function
- debian/patches/CVE-2016-6289.patch: properly check path_length in
Zend/zend_virtual_cwd.c.
- CVE-2016-6289
* SECURITY UPDATE: use after free in unserialize() with unexpected
session deserialization
- debian/patches/CVE-2016-6290.patch: destroy var_hash properly in
ext/session/session.c, added test to ext/session/tests/bug72562.phpt.
- CVE-2016-6290
* SECURITY UPDATE: out of bounds read in exif_process_IFD_in_MAKERNOTE
- debian/patches/CVE-2016-6291.patch: add more bounds checks to
ext/exif/exif.c.
- CVE-2016-6291
* SECURITY UPDATE: locale_accept_from_http out-of-bounds access
- debian/patches/CVE-2016-6294.patch: check length in
ext/intl/locale/locale_methods.c, added test to
ext/intl/tests/bug72533.phpt.
- CVE-2016-6294
* SECURITY UPDATE: heap buffer overflow in simplestring_addn
- debian/patches/CVE-2016-6296.patch: prevent overflows in
ext/xmlrpc/libxmlrpc/simplestring.*.
- CVE-2016-6296
* SECURITY UPDATE: integer overflow in php_stream_zip_opener
- debian/patches/CVE-2016-6297.patch: use size_t in
ext/zip/zip_stream.c.
- CVE-2016-6297
* debian/patches/fix_exif_tests.patch: fix exif test results after
security changes.
-- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx> Mon, 01 Aug 2016
13:27:52 -0400
** Changed in: php5 (Ubuntu Precise)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-4116
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8873
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2015-8876
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5093
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5094
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5095
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5096
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5114
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5385
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5399
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5769
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5772
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6288
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6289
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6290
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6291
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6294
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6296
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6297
** Changed in: php5 (Ubuntu Trusty)
Status: Confirmed => Fix Released
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5768
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5771
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-5773
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6292
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2016-6295
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1594041
Title:
PHP Security Bug #68978: "XSS in header() with Internet Explorer" has
not been backported
Status in php:
Unknown
Status in php5 package in Ubuntu:
Fix Released
Status in php5 source package in Precise:
Fix Released
Status in php5 source package in Trusty:
Fix Released
Status in php5 source package in Wily:
Fix Released
Status in php5 source package in Xenial:
Fix Released
Status in php5 source package in Yakkety:
Fix Released
Bug description:
The PHP Security Bug #68978 (https://bugs.php.net/bug.php?id=68978)
has not been backported to Trusty. It has been included with PHP
5.5.22 in February 2015.
The patch can be found at https://github.com/php/php-
src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b and is trivial.
We'd appreciate if this patch could be backported to Trusty to prevent
PHP applications from being insecure against header injections in
Internet Explorer. (as really no PHP application out there is really
manually performing a check for this form, especially since the PHP
documentation explicitly states that only one header can be sent)
To manage notifications about this bug go to:
https://bugs.launchpad.net/php/+bug/1594041/+subscriptions
