fc2 rpms were updated to fix a missing mail() function. --------------------------------------------------------------------- Fedora Legacy Test Update Notification FEDORALEGACY-2005-155505 Bugzilla https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155505 2005-05-28 --------------------------------------------------------------------- Name : php Versions : rh7.3: php-4.1.2-7.3.17.legacy Versions : rh9: php-4.2.2-17.14.legacy Versions : fc1: php-4.3.11-1.fc1.1.legacy Versions : fc2: php-4.3.11-1.fc2.2.legacy Summary : The PHP HTML-embedded scripting language. Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated webpages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The mod_php module enables the Apache Web server to understand and process the embedded PHP language in Web pages. --------------------------------------------------------------------- Update Information: Updated PHP packages that fix various security issues are now available. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A bug was found in the way PHP processes IFF and JPEG images. It is possible to cause PHP to consume CPU resources for a short period of time by supplying a carefully crafted IFF or JPEG image. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CAN-2005-0524 and CAN-2005-0525 to these issues. A buffer overflow bug was also found in the way PHP processes EXIF image headers. It is possible for an attacker to construct an image file in such a way that it could execute arbitrary instructions when processed by PHP. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1042 to this issue. A denial of service bug was found in the way PHP processes EXIF image headers. It is possible for an attacker to cause PHP to enter an infinite loop for a short period of time by supplying a carefully crafted image file to PHP for processing. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2005-1043 to this issue. The security fixes to the "unserializer" code in the previous release introduced some performance issues. A bug fix for that issue is also included in this update. Users of PHP should upgrade to these updated packages, which contain backported fixes for these issues. --------------------------------------------------------------------- 7.3 changelog: * Sun Apr 24 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.1.2-7.3.17.legacy - Added security patch for CAN-2005-0524 and CAN-2005-0525 9 changelog: * Sat Apr 23 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.2.2-17.14.legacy - Updated CAN-2004-1019 security patch to backported unserializer from 4.3.11 to fix performance regressions * Sat Apr 23 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.2.2-17.13.legacy - Added security patches for CAN-2005-0524, CAN-2005-0525, CAN-2005-1042 and CAN-2005-1043 fc1 changelog: * Fri Apr 22 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.3.11-1.fc1.1.legacy - update to 4.3.11 to fix security issues and extreme unserializer slowdown caused by update to 4.3.10 (CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043) - snmp: disable MSHUTDOWN function to prevent error_log noise - revert default php.ini changes since 4.3.10 - restore from PEAR: HTTP, Mail, XML_Parser, Net_Socket, Net_SMTP - remove bundled PEAR packages HTML_Template_IT, Net_UserAgent_Detect - don't configure with --enable-safe-mode (RH #148969) - install gd headers (RH #145891) - bundle PEAR DB-1.7.5 (omitted from 4.3.11 tarball) - Removed LDAP patch which is now included in 4.3.11 fc2 changelog: * Sat May 28 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.3.11-1.fc2.2.legacy - Added missing sendmail, w3c-libwww-devel, flex and gnupg BuildRequires * Fri Apr 22 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 4.3.11-1.fc2.1.legacy - update to 4.3.11 to fix security issues and extreme unserializer slowdown caused by update to 4.3.10 (CAN-2005-0524, CAN-2005-0525, CAN-2005-1042, CAN-2005-1043) - snmp: disable MSHUTDOWN function to prevent error_log noise - revert default php.ini changes since 4.3.10 - restore from PEAR: HTTP, Mail, XML_Parser, Net_Socket, Net_SMTP - remove bundled PEAR packages HTML_Template_IT, Net_UserAgent_Detect - don't configure with --enable-safe-mode (RH #148969) - install gd headers (RH #145891) - bundle PEAR DB-1.7.5 (omitted from 4.3.11 tarball) --------------------------------------------------------------------- This update can be downloaded from: http://download.fedoralegacy.org/ (sha1sums) 422f8a972c62b1aa1d79e9f96cc39446852eb589 redhat/7.3/updates-testing/i386/php-4.1.2-7.3.17.legacy.i386.rpm 7c6d48ebbfb96004baee8515ae9517dcf500f43c redhat/7.3/updates-testing/i386/php-devel-4.1.2-7.3.17.legacy.i386.rpm 8f1837ee66212ede899189e09edf25d903a7e133 redhat/7.3/updates-testing/i386/php-imap-4.1.2-7.3.17.legacy.i386.rpm 79d4f45a887ce9df8232911f5aab6bf5bd77369d redhat/7.3/updates-testing/i386/php-ldap-4.1.2-7.3.17.legacy.i386.rpm 63edb9b27730ad5c782484cf4757905140ece1c2 redhat/7.3/updates-testing/i386/php-manual-4.1.2-7.3.17.legacy.i386.rpm 39b40cb4bae1374335cf7f82fbfa02501a4ed630 redhat/7.3/updates-testing/i386/php-mysql-4.1.2-7.3.17.legacy.i386.rpm 51d4baf10b3bc132ba9205aa6cd35615041c33bd redhat/7.3/updates-testing/i386/php-odbc-4.1.2-7.3.17.legacy.i386.rpm 42a557e7f68f290a6cf21de4c2ad1f7fe97cf763 redhat/7.3/updates-testing/i386/php-pgsql-4.1.2-7.3.17.legacy.i386.rpm 5753d915ad5d32c14cbbaea33a7f35a3b5b908d3 redhat/7.3/updates-testing/i386/php-snmp-4.1.2-7.3.17.legacy.i386.rpm 576f29104b946e3773d4c7b77de5b80a942a0678 redhat/7.3/updates-testing/SRPMS/php-4.1.2-7.3.17.legacy.src.rpm bd793f717cca20745ab9c67cb6a7b4bcebe46d93 redhat/9/updates-testing/i386/php-4.2.2-17.14.legacy.i386.rpm 8df50f63c5d3525a4359a72587c6b902d8a3325f redhat/9/updates-testing/i386/php-devel-4.2.2-17.14.legacy.i386.rpm 665060794635ded7a76eaccb46cd09ffd04900ea redhat/9/updates-testing/i386/php-imap-4.2.2-17.14.legacy.i386.rpm 8b34f184aba7260a8eac2708e12e906c877c10cd redhat/9/updates-testing/i386/php-ldap-4.2.2-17.14.legacy.i386.rpm 1450f499aeac4db7d0d8c258b72d2f4c31747012 redhat/9/updates-testing/i386/php-manual-4.2.2-17.14.legacy.i386.rpm 37cb28e9531af331954903f6b8df8509aa962a5c redhat/9/updates-testing/i386/php-mysql-4.2.2-17.14.legacy.i386.rpm aa0378307ef06cd7f3464e59f4153d11d1d372f5 redhat/9/updates-testing/i386/php-odbc-4.2.2-17.14.legacy.i386.rpm 00b4e55c27460abaa6d02019d7b40a73d5bdd913 redhat/9/updates-testing/i386/php-pgsql-4.2.2-17.14.legacy.i386.rpm 8b9cf1cdafdf8f1afa9587c1f180d685632c1c65 redhat/9/updates-testing/i386/php-snmp-4.2.2-17.14.legacy.i386.rpm 7bf7cf164de61276adf952694ee7c7d2fb86ea2e redhat/9/updates-testing/SRPMS/php-4.2.2-17.14.legacy.src.rpm ca0fa574e713f27e91548a2e3e4dc2e8b087ff47 fedora/1/updates-testing/i386/php-4.3.11-1.fc1.1.legacy.i386.rpm 53c419397f8f3f7625503afd8ab1a8ca0d65a197 fedora/1/updates-testing/i386/php-devel-4.3.11-1.fc1.1.legacy.i386.rpm 72d65111cbaf7fb56ed879ee4278602e84868540 fedora/1/updates-testing/i386/php-domxml-4.3.11-1.fc1.1.legacy.i386.rpm fe8216746096b3a6070d43659944c158df23d1a9 fedora/1/updates-testing/i386/php-imap-4.3.11-1.fc1.1.legacy.i386.rpm fb6f8fb5dd77f0dc5f58b85f26e25b5520366ca6 fedora/1/updates-testing/i386/php-ldap-4.3.11-1.fc1.1.legacy.i386.rpm d36a8ac545d151a20817a95d441d221c36edcb74 fedora/1/updates-testing/i386/php-mbstring-4.3.11-1.fc1.1.legacy.i386.rpm f4d95a5cdb7fcbcdb1391a089a1ca65edf8e0e03 fedora/1/updates-testing/i386/php-mysql-4.3.11-1.fc1.1.legacy.i386.rpm a2a0944dfd1362ad186ab8b345d7e7ab32911a7a fedora/1/updates-testing/i386/php-odbc-4.3.11-1.fc1.1.legacy.i386.rpm 4d4546fecefc879004ebbfc596cd109f4d144ba7 fedora/1/updates-testing/i386/php-pgsql-4.3.11-1.fc1.1.legacy.i386.rpm 5d968e87611c5dce727a492f149b3583e1588e30 fedora/1/updates-testing/i386/php-snmp-4.3.11-1.fc1.1.legacy.i386.rpm 22a069541240a9ab4f9fe62887cd7ea45d961238 fedora/1/updates-testing/i386/php-xmlrpc-4.3.11-1.fc1.1.legacy.i386.rpm 08203f404d05ab58128b8b12c8b5a8e5ac53b34e fedora/1/updates-testing/SRPMS/php-4.3.11-1.fc1.1.legacy.src.rpm b9f6accb0cdf84270147e80ec27e262936f5d125 fedora/2/updates-testing/i386/php-4.3.11-1.fc2.2.legacy.i386.rpm e4cedd230b3727daaa064222e5402a18a89b4aca fedora/2/updates-testing/i386/php-devel-4.3.11-1.fc2.2.legacy.i386.rpm fdab268ba8d6eb59309f324a929fae08e1bb12b1 fedora/2/updates-testing/i386/php-domxml-4.3.11-1.fc2.2.legacy.i386.rpm 960e1a97b673978778415aa2f2fcbf9a700b83da fedora/2/updates-testing/i386/php-imap-4.3.11-1.fc2.2.legacy.i386.rpm e6a04924bbd016fdb470a8448beda47ee2b75e77 fedora/2/updates-testing/i386/php-ldap-4.3.11-1.fc2.2.legacy.i386.rpm 019161cfaaa180f0fcb98a4d48a296d99ecca5b3 fedora/2/updates-testing/i386/php-mbstring-4.3.11-1.fc2.2.legacy.i386.rpm 9252cfa6c6485a0b803e9483e1f43eb2624b1826 fedora/2/updates-testing/i386/php-mysql-4.3.11-1.fc2.2.legacy.i386.rpm 48c8743b590cc176cc3497f2c9225e402ec03b67 fedora/2/updates-testing/i386/php-odbc-4.3.11-1.fc2.2.legacy.i386.rpm 814fcfe1d33f6eea65b5bcd88ba6e54e2da3062a fedora/2/updates-testing/i386/php-pear-4.3.11-1.fc2.2.legacy.i386.rpm d20c34df03bf67028f9ded420310b75a66c1db1d fedora/2/updates-testing/i386/php-pgsql-4.3.11-1.fc2.2.legacy.i386.rpm d84ff3766026e802f9a815b8c599c19bfbeaaefa fedora/2/updates-testing/i386/php-snmp-4.3.11-1.fc2.2.legacy.i386.rpm 7792c85444679beab3a0bdc56e2d4666dcb9c963 fedora/2/updates-testing/i386/php-xmlrpc-4.3.11-1.fc2.2.legacy.i386.rpm 0772ba5bc711edf55fcfe34b368881cc5ec09ed0 fedora/2/updates-testing/SRPMS/php-4.3.11-1.fc2.2.legacy.src.rpm --------------------------------------------------------------------- Please test and comment in bugzilla.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
