[php-maint] new php4 packages to fix some old vulns in stable and oldstable

[sean finney]

hey folks,  just fyi i'm uploading a couple php4 builds for stable/oldstable 
to the public security upload queue on klecker.  check the changelogs below 
for more information on the details.  

since php4 is no longer (or will soon no longer, depending on ftp-master) part 
of unstable, there's no need for a fix in testing.

wrt php5, CVE-2007-1864 applies to it as well, so i'll need to prepare an 
update, but there's also a second issue (CVE-2007-1399) which i need to 
investigate first.


	sean


php4 (4:4.3.10-22) oldstable-security; urgency=low

  * NMU prepared for the security team by the package maintainer.
  * The following security issue is addressed with this update:
    - CVE-2007-1864: Buffer overflow in the bundled libxmlrpc library.
      (Thanks to Joe Orton from redhat for sharing the patch.)
    - CVE-2006-0207: HTTP response splitting vulnerabilities. 
      This was reported to not affect this version of PHP, but it has
      been independantly verified that it does (closes: #354683).
    - CVE-2006-4486: Int. overflows in memory mgmt code for 64bit 
architectures.

 -- sean finney <seanius at debian.org>  Sat, 30 Jun 2007 15:42:26 +0200

php4 (6:4.4.4-8+etch4) stable-security; urgency=low

  * NMU prepared for the security team by the package maintainer.
  * The following security issue is addressed with this update:
    - CVE-2007-1864: Buffer overflow in the bundled libxmlrpc library.
  * Thanks to Joe Orton from redhat for sharing the patch.

 -- sean finney <seanius at debian.org>  Sat, 30 Jun 2007 14:42:42 +0200
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20070630/558298f6/attachment.pgp