Debian Bug report logs - #754275
pu: package php5/5.4.4-14+deb7u13

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Ondřej Surý <ondrej@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: pu: package php5/5.4.4-14+deb7u13

Date: Wed, 09 Jul 2014 12:58:56 +0200

[Message part 1 (text/plain, inline)]

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: pu

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi,

trying to keep the s-p-u smaller here's another batch of upstream
fixes as reported by our users.

This update includes 5 upstream fixes to issues reported to our BTS
and one backport of debian sessionclean script that has been plaguing
heavily used sites.  (Several people has reported that the backported
scripts has helped them.)

 php5 (5.4.4-14+deb7u13) stable-security; urgency=medium
 .
   * upstream fix: Cookies disabled when setting CURLOPT_COOKIEFILE to
     empty string or NULL (Closes: #680260)
   * upstream fix: Autoloader isn't called if two method definitions
     don't match (Closes: #751738)
   * upstream fix: OO API, walk: $suffix_as_key is not working correctly
     (Closes: #731539)
   * upstream fix: memory leak in FTPS functions results in denial of
     service (Closes: #752366)
   * upstream fix: Assigning to ArrayObject[null][something] overrides all
     undefined variables (Closes: #726439)
   * Backport sessionclean script from testing/unstable (Closes: #741254)
   * d/changelog: Add CVE for phpinfo() Type Confusion Information Leak
     Vulnerability
   * d/NEWS: Adjust file name of default pool configuration

$ diffstat php5_5.4.4-14+deb7u13.debdiff
 debian/patches/0001-Bug-65228-FTPs-memory-leak-patch-by-marco-dot-beiere.patch |   70 +++
 debian/patches/0001-Fix-bug-61981.patch                                        |   60 +++
 debian/patches/0001-Fixed-bug-62987-Assigning-to-ArrayObject-null-someth.patch |  183 ++++++++++
 debian/patches/CURLOPT_COOKIEFILE.patch                                        |   22 +
 debian/patches/fix-autoloader-if-two-method-definitions-doesnt-match.patch     |  122 ++++++
 debian/sessionclean                                                            |    7 
 php5-5.4.4/debian/NEWS                                                         |   10 
 php5-5.4.4/debian/changelog                                                    |   20 -
 php5-5.4.4/debian/control                                                      |    2 
 php5-5.4.4/debian/patches/series                                               |    5 
 php5-5.4.4/debian/php5-common.php5.cron.d                                      |    2 
 11 files changed, 494 insertions(+), 9 deletions(-)

Please diregard the d/changelog in the debdiff - the correct one is in
this bugreport (the stable-security vs stable and missing one entry).
The package is rebuilding right now with the updated changelog.

Cheers,
Ondrej

- -- System Information:
Debian Release: 7.5
  APT prefers stable
  APT policy: (900, 'stable'), (800, 'testing'), (700, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJTvSBsAAoJEAyZtw70/LsH61QQAL0UVsRgWTyoIPq8taYHrq2M
D0acMKzNyzNEcn3YPsdM66I6XWlPTQ6SBmUfZ12rYVJ7dGRwR0gaoRMKPEvmkY9Z
FlwNMreZ0b7fkcW3RT5EyP3ajzAAXk2k3cmxNUIfpKENMLsbpEGw0Mrv4Rdd3tqx
plUabhrnoSeLg2SyY0W4h4lxLtWlWWhInYy4G8Cws947It92ghXcqSykPsO2PNgr
ZW+HduuKD+eRjmkUaKACIDcFv7YZwFEyZcRP40tMbc7ieOAkH3U3YHjf1tCQ0Z7m
KNDEvAYeEaFJzyIEG5XsbRbml6n8QPzDuyAlgNehbzV7gCNVvc6sVuQQFJ0g5KYi
zAl7YOz0dK/mbNmUMMtM47SsRaJJQnkkb4SvKN22sce4TJGPzX8pVZaxF+rJQZmt
N8ftvWW2tpokft7sgxQF3lE6lmLkDs25tVvm0a2iejPrYE1wTo/RSX33J3Ul3qj3
gDg2nNFJGhYqtbCy4eO8v1oKvps4vDBLvHO+Lr+ZHWvwL3+1dYff+HuEqa2jcOlo
Xks7YMhC7BhDqBmXAjKLppolGZMXckDVrXYis1qOD/bhlQ1zlEBP4Xjr27bmc7AE
DBW7Itiz+OMnF7gDJ4t2CTvZj0LsfRm1KwoGYyPzb1mWxJOvIIqumFUBRqsmNmhN
jsWNUp86VuKzqUNreP9f
=WxS2
-----END PGP SIGNATURE-----

[php5_5.4.4-14+deb7u13.debdiff (text/x-diff, attachment)]

[php5_5.4.4-14+deb7u13.dsc (text/plain, attachment)]

[php5_5.4.4-14+deb7u13.diff.gz (application/gzip, attachment)]

Message #24 received at 754275@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

To: Ondřej Surý <ondrej@debian.org>, 754275@bugs.debian.org

Subject: Re: Bug#754275: pu: package php5/5.4.4-14+deb7u13

Date: Sat, 02 Aug 2014 11:52:00 +0100

Control: tags -1 + confirmed

On Wed, 2014-07-09 at 12:58 +0200, Ondřej Surý wrote:
> trying to keep the s-p-u smaller here's another batch of upstream
> fixes as reported by our users.
> 
> This update includes 5 upstream fixes to issues reported to our BTS
> and one backport of debian sessionclean script that has been plaguing
> heavily used sites.  (Several people has reported that the backported
> scripts has helped them.)

Please go ahead; thanks.

Regards,

Adam

Message #31 received at 754275-done@bugs.debian.org (full text, mbox, reply):

From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

To: 754275-done@bugs.debian.org

Cc: Ondřej Surý <ondrej@debian.org>

Subject: Re: Bug#754275: pu: package php5/5.4.4-14+deb7u13

Date: Sun, 24 Aug 2014 19:52:13 +0100

On 2014-08-02 11:52, Adam D. Barratt wrote:
> Control: tags -1 + confirmed
> 
> On Wed, 2014-07-09 at 12:58 +0200, Ondřej Surý wrote:
>> trying to keep the s-p-u smaller here's another batch of upstream
>> fixes as reported by our users.
>> 
>> This update includes 5 upstream fixes to issues reported to our BTS
>> and one backport of debian sessionclean script that has been plaguing
>> heavily used sites.  (Several people has reported that the backported
>> scripts has helped them.)
> 
> Please go ahead; thanks.

These fixes were included in a release via security.d.o; I'm therefore 
closing the p-u bug.

Regards,

Adan

Send a report that this bug log contains spam.