Information on source package php5

Available versions

ReleaseVersion
squeeze (security)5.3.3-7+squeeze19
squeeze (lts)5.3.3.1-7+squeeze26
wheezy5.4.36-0+deb7u1
wheezy (security)5.4.41-0+deb7u1
jessie5.6.7+dfsg-1
jessie (security)5.6.9+dfsg-0+deb8u1
stretch5.6.11+dfsg-1
sid5.6.11+dfsg-1

Open issues

BugsqueezewheezyjessiestretchsidDescription
CVE-2015-5590vulnerablevulnerablevulnerablefixedfixedBuffer overflow and stack smashing error in phar_fix_filepath
CVE-2015-5589vulnerablevulnerablevulnerablefixedfixedSegfault in Phar::convertToData on invalid file
CVE-2015-4644vulnerablevulnerablevulnerablefixedfixedFixed bug #69667 (segfault in php_pgsql_meta_data)
CVE-2015-4643vulnerablevulnerablevulnerablefixedfixedImproved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow)
CVE-2015-4605vulnerablefixedfixedfixedfixeddenial of service when processing a crafted file with Fileinfo -- 2015-02-09 17:10 UTC
CVE-2015-4604vulnerablefixedfixedfixedfixeddenial of service when processing a crafted file with Fileinfo -- 2015-02-05 13:53 UTC
CVE-2015-4603vulnerablefixedfixedfixedfixedexception::getTraceAsString issue
CVE-2015-4602vulnerablefixedfixedfixedfixed
CVE-2015-4601vulnerablefixedfixedfixedfixed
CVE-2015-4600vulnerablefixedfixedfixedfixed
CVE-2015-4599vulnerablefixedfixedfixedfixedType confusion vulnerability in exception::getTraceAsString
CVE-2015-4598vulnerablevulnerablevulnerablefixedfixedIncorrect handling of paths with NULs
CVE-2015-4148vulnerablefixedfixedfixedfixedThe do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, ...
CVE-2015-4147vulnerablefixedfixedfixedfixedThe SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ...
CVE-2015-4026vulnerablefixedfixedfixedfixedThe pcntl_exec implementation in PHP before 5.4.41, 5.5.x before ...
CVE-2015-4025vulnerablefixedfixedfixedfixedPHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 ...
CVE-2015-4024vulnerablefixedfixedfixedfixedAlgorithmic complexity vulnerability in the multipart_buffer_headers ...
CVE-2015-4022vulnerablefixedfixedfixedfixedInteger overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP ...
CVE-2015-4021vulnerablefixedfixedfixedfixedThe phar_parse_tarfile function in ext/phar/tar.c in PHP before ...
CVE-2015-3412vulnerablefixedfixedfixedfixed
CVE-2015-3411vulnerablefixedfixedfixedfixed
CVE-2015-3307vulnerablefixedfixedfixedfixedThe phar_parse_metadata function in ext/phar/phar.c in PHP before ...
CVE-2015-2348vulnerablefixedfixedfixedfixedThe move_uploaded_file implementation in ...
CVE-2015-2305vulnerablefixedfixedfixedfixedInteger overflow in the regcomp implementation in the Henry Spencer ...
CVE-2015-0273vulnerablefixedfixedfixedfixedMultiple use-after-free vulnerabilities in ext/date/php_date.c in PHP ...
CVE-2014-5459vulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...
CVE-2013-6501vulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableThe default soap.wsdl_cache_dir setting in (1) php.ini-production and ...
CVE-2012-0789vulnerable (no DSA)fixedfixedfixedfixedMemory leak in the timezone functionality in PHP before 5.3.9 allows ...
CVE-2011-4718vulnerable (no DSA)vulnerable (no DSA)fixedfixedfixedSession fixation vulnerability in the Sessions subsystem in PHP before ...
CVE-2011-1398vulnerable (no DSA)fixedfixedfixedfixedThe sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and ...
CVE-2010-4657vulnerable (no DSA)fixedfixedfixedfixedxmlTextWriterWriteAttribute heap disclosure

Open unimportant issues

BugsqueezewheezyjessiestretchsidDescription
CVE-2014-9709vulnerablevulnerablefixedfixedfixedThe GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used ...
CVE-2014-9425vulnerablevulnerablevulnerablevulnerablevulnerableDouble free vulnerability in the zend_ts_hash_graceful_destroy ...
CVE-2014-8142vulnerablefixedfixedfixedfixedUse-after-free vulnerability in the process_nested_data function in ...
CVE-2014-4698vulnerablevulnerablefixedfixedfixedUse-after-free vulnerability in ext/spl/spl_array.c in the SPL ...
CVE-2014-4670vulnerablefixedfixedfixedfixedUse-after-free vulnerability in ext/spl/spl_dllist.c in the SPL ...
CVE-2014-3981vulnerablevulnerablefixedfixedfixedacinclude.m4, as used in the configure script in PHP 5.5.13 and ...
CVE-2014-3622vulnerablevulnerablefixedfixedfixedPosthandler Potential Illegal efree() vulnerability
CVE-2013-4635vulnerablevulnerablefixedfixedfixedInteger overflow in the SdnToJewish function in jewish.c in the ...
CVE-2013-3735vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...
CVE-2012-3365vulnerablevulnerablevulnerablevulnerablevulnerableThe SQLite functionality in PHP before 5.3.15 allows remote attackers ...
CVE-2012-2336vulnerablefixedfixedfixedfixedsapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...
CVE-2012-1171vulnerablevulnerablevulnerablevulnerablevulnerableThe libxml RSHUTDOWN function in PHP 5.x allows remote attackers to ...
CVE-2011-1657fixedvulnerablevulnerablevulnerablevulnerableThe (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions ...
CVE-2011-0755vulnerablefixedfixedfixedfixedInteger overflow in the mt_rand function in PHP before 5.3.4 might ...
CVE-2011-0753vulnerablefixedfixedfixedfixedRace condition in the PCNTL extension in PHP before 5.3.4, when a ...
CVE-2011-0420fixedvulnerablevulnerablevulnerablevulnerableThe grapheme_extract function in the Internationalization extension ...
CVE-2010-4699vulnerablefixedfixedfixedfixedThe iconv_mime_decode_headers function in the Iconv extension in PHP ...
CVE-2010-3064vulnerablevulnerablevulnerablevulnerablevulnerableStack-based buffer overflow in the php_mysqlnd_auth_write function in ...
CVE-2010-3063vulnerablevulnerablevulnerablevulnerablevulnerableThe php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...
CVE-2010-3062vulnerablevulnerablevulnerablevulnerablevulnerablemysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...
CVE-2010-2190vulnerablevulnerablevulnerablevulnerablevulnerableThe (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...
CVE-2010-2101vulnerablevulnerablevulnerablevulnerablevulnerableThe (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...
CVE-2010-2100vulnerablevulnerablevulnerablevulnerablevulnerableThe (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...
CVE-2010-2097vulnerablevulnerablevulnerablevulnerablevulnerableThe (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...
CVE-2010-1915vulnerablevulnerablevulnerablevulnerablevulnerableThe preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...
CVE-2010-1914vulnerablevulnerablevulnerablevulnerablevulnerableThe Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...
CVE-2010-1868vulnerablevulnerablevulnerablevulnerablevulnerableThe (1) sqlite_single_query and (2) sqlite_array_query functions in ...
CVE-2010-1862vulnerablevulnerablevulnerablevulnerablevulnerableThe chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...
CVE-2010-1861vulnerablevulnerablevulnerablevulnerablevulnerableThe sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...
CVE-2009-4418vulnerablevulnerablevulnerablevulnerablevulnerableThe unserialize function in PHP 5.3.0 and earlier allows ...
CVE-2009-3559vulnerablevulnerablevulnerablevulnerablevulnerable** DISPUTED ** ...
CVE-2008-7002vulnerablevulnerablevulnerablevulnerablevulnerablePHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...
CVE-2008-5625vulnerablevulnerablevulnerablevulnerablevulnerablePHP 5 before 5.2.7 does not enforce the error_log safe_mode ...
CVE-2008-4107vulnerablevulnerablevulnerablevulnerablevulnerableThe (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...
CVE-2008-2666vulnerablevulnerablevulnerablevulnerablevulnerableMultiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...
CVE-2007-5424vulnerablevulnerablevulnerablevulnerablevulnerableThe disable_functions feature in PHP 4 and 5 allows attackers to ...
CVE-2007-4889vulnerablevulnerablevulnerablevulnerablevulnerableThe MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...
CVE-2007-4596vulnerablevulnerablevulnerablevulnerablevulnerableThe perl extension in PHP does not follow safe_mode restrictions, ...
CVE-2007-4255vulnerablevulnerablevulnerablevulnerablevulnerableBuffer overflow in the mSQL extension in PHP 5.2.3 allows ...
CVE-2007-3294vulnerablevulnerablevulnerablevulnerablevulnerableMultiple buffer overflows in libtidy, as used in the Tidy extension ...
CVE-2007-3205vulnerablevulnerablevulnerablevulnerablevulnerableThe parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...
CVE-2007-1890vulnerablevulnerablevulnerablevulnerablevulnerableInteger overflow in the msg_receive function in PHP 4 before 4.4.5 and ...
CVE-2007-1883vulnerablevulnerablevulnerablevulnerablevulnerablePHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...
CVE-2007-1835vulnerablevulnerablevulnerablevulnerablevulnerablePHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...
CVE-2007-1710vulnerablevulnerablevulnerablevulnerablevulnerableThe readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...
CVE-2007-1582vulnerablevulnerablevulnerablevulnerablevulnerableThe resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...
CVE-2007-1581vulnerablevulnerablevulnerablevulnerablevulnerableThe resource system in PHP 5.0.0 through 5.2.1 allows ...
CVE-2007-1413vulnerablevulnerablevulnerablevulnerablevulnerableBuffer overflow in the snmpget function in the snmp extension in PHP ...
CVE-2007-0448vulnerablevulnerablevulnerablevulnerablevulnerableThe fopen function in PHP 5.2.0 does not properly handle invalid URI ...
CVE-2006-7205vulnerablevulnerablevulnerablevulnerablevulnerableThe array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...
CVE-2006-6383vulnerablevulnerablevulnerablevulnerablevulnerablePHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...
CVE-2006-4023vulnerablevulnerablevulnerablevulnerablevulnerableThe ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...
CVE-2006-0931vulnerablevulnerablevulnerablevulnerablevulnerableDirectory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...

Resolved issues

BugDescription
TEMP-0540606-8877D9php5: 'open_basedir' bypass
TEMP-0000000-F647EFMissing safemode checks in PHP's _php_image_output functions
CVE-2015-4642OS command injection vulnerability in escapeshellarg
CVE-2015-3330The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP ...
CVE-2015-3329Multiple stack-based buffer overflows in the phar_set_inode function ...
CVE-2015-3211
CVE-2015-2787Use-after-free vulnerability in the process_nested_data function in ...
CVE-2015-2783ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x ...
CVE-2015-2331Integer overflow in the _zip_cdir_new function in zip_dirent.c in ...
CVE-2015-2301Use-after-free vulnerability in the phar_rename_archive function in ...
CVE-2015-1352The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) ...
CVE-2015-1351Use-after-free vulnerability in the _zend_shared_memdup function in ...
CVE-2015-0232The exif_process_unicode function in ext/exif/exif.c in PHP before ...
CVE-2015-0231Use-after-free vulnerability in the process_nested_data function in ...
CVE-2014-9705Heap-based buffer overflow in the enchant_broker_request_dict function ...
CVE-2014-9653readelf.c in file before 5.22, as used in the Fileinfo component in ...
CVE-2014-9652The mconvert function in softmagic.c in file before 5.21, as used in ...
CVE-2014-9621The ELF parser in file 5.16 through 5.21 allows remote attackers to ...
CVE-2014-9620The ELF parser in file 5.08 through 5.21 allows remote attackers to ...
CVE-2014-9427sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ...
CVE-2014-8626Stack-based buffer overflow in the date_from_ISO8601 function in ...
CVE-2014-8117softmagic.c in file before 5.21 does not properly limit recursion, ...
CVE-2014-8116The ELF parser (readelf.c) in file before 5.21 allows remote attackers ...
CVE-2014-5120gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x ...
CVE-2014-4721The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...
CVE-2014-4049Heap-based buffer overflow in the php_parserr function in ...
CVE-2014-3710The donote function in readelf.c in file through 5.20, as used in the ...
CVE-2014-3670The exif_ifd_make_value function in exif.c in the EXIF extension in ...
CVE-2014-3669Integer overflow in the object_custom function in ...
CVE-2014-3668Buffer overflow in the date_from_ISO8601 function in the mkgmtime ...
CVE-2014-3597Multiple buffer overflows in the php_parserr function in ...
CVE-2014-3587Integer overflow in the cdf_read_property_info function in cdf.c in ...
CVE-2014-3538file before 5.19 does not properly restrict the amount of data read ...
CVE-2014-3515The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 ...
CVE-2014-3487The cdf_read_property_info function in file before 5.19, as used in ...
CVE-2014-3480The cdf_count_chain function in cdf.c in file before 5.19, as used in ...
CVE-2014-3479The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...
CVE-2014-3478Buffer overflow in the mconvert function in softmagic.c in file before ...
CVE-2014-2497The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ...
CVE-2014-2270softmagic.c in file before 5.17 and libmagic allows context-dependent ...
CVE-2014-2020ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...
CVE-2014-1943Fine Free file before 5.17 allows context-dependent attackers to cause ...
CVE-2014-0238The cdf_read_property_info function in cdf.c in the Fileinfo component ...
CVE-2014-0237The cdf_unpack_summary_info function in cdf.c in the Fileinfo ...
CVE-2014-0236root_storage NULL pointer deference flaw in CDF parser
CVE-2014-0207The cdf_read_short_sector function in cdf.c in file before 5.19, as ...
CVE-2014-0185sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP ...
CVE-2013-7345The BEGIN regular expression in the awk script detector in ...
CVE-2013-7328Multiple integer signedness errors in the gdImageCrop function in ...
CVE-2013-7327The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ...
CVE-2013-7226Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP ...
CVE-2013-6712The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...
CVE-2013-6420The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP ...
CVE-2013-4636The mget function in libmagic/softmagic.c in the Fileinfo component in ...
CVE-2013-4248The openssl_x509_parse function in openssl.c in the OpenSSL module in ...
CVE-2013-4113ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...
CVE-2013-2110Heap-based buffer overflow in the php_quot_print_encode function in ...
CVE-2013-1824The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows ...
CVE-2013-1643The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows ...
CVE-2013-1635ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not ...
CVE-2012-6113The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 ...
CVE-2012-5381** DISPUTED ** Untrusted search path vulnerability in the installation ...
CVE-2012-4388The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through ...
CVE-2012-3450pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x ...
CVE-2012-2688Unspecified vulnerability in the _php_stream_scandir function in the ...
CVE-2012-2386Integer overflow in the phar_parse_tarfile function in tar.c in the ...
CVE-2012-2376Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and ...
CVE-2012-2329Buffer overflow in the apache_request_headers function in ...
CVE-2012-2317The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in ...
CVE-2012-2311sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...
CVE-2012-2143The crypt_des (aka DES-based crypt) function in FreeBSD before ...
CVE-2012-1823sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...
CVE-2012-1172The file-upload implementation in rfc1867.c in PHP before 5.4.0 does ...
CVE-2012-0831PHP before 5.3.10 does not properly perform a temporary change to the ...
CVE-2012-0830The php_register_variable_ex function in php_variables.c in PHP 5.3.9 ...
CVE-2012-0788The PDORow implementation in PHP before 5.3.9 does not properly ...
CVE-2012-0781The tidy_diagnose function in PHP 5.3.8 might allow remote attackers ...
CVE-2012-0057PHP before 5.3.9 has improper libxslt security settings, which allows ...
CVE-2011-4885PHP before 5.3.9 computes hash values for form parameters without ...
CVE-2011-4566Integer overflow in the exif_process_IFD_TAG function in exif.c in the ...
CVE-2011-4153PHP 5.3.8 does not always check the return value of the zend_strndup ...
CVE-2011-3379The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the ...
CVE-2011-3268Buffer overflow in the crypt function in PHP before 5.3.7 allows ...
CVE-2011-3267PHP before 5.3.7 does not properly implement the error_log function, ...
CVE-2011-3189The crypt function in PHP 5.3.7, when the MD5 hash type is used, ...
CVE-2011-3182PHP before 5.3.7 does not properly check the return values of the ...
CVE-2011-2483crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain ...
CVE-2011-2202The rfc1867_post_handler function in main/rfc1867.c in PHP before ...
CVE-2011-1938Stack-based buffer overflow in the socket_connect function in ...
CVE-2011-1471Integer signedness error in zip_stream.c in the Zip extension in PHP ...
CVE-2011-1470The Zip extension in PHP before 5.3.6 allows context-dependent ...
CVE-2011-1469Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...
CVE-2011-1468Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 ...
CVE-2011-1467Unspecified vulnerability in the NumberFormatter::setSymbol (aka ...
CVE-2011-1466Integer overflow in the SdnToJulian function in the Calendar extension ...
CVE-2011-1464Buffer overflow in the strval function in PHP before 5.3.6, when the ...
CVE-2011-1153Multiple format string vulnerabilities in phar_object.c in the phar ...
CVE-2011-1148Use-after-free vulnerability in the substr_replace function in PHP ...
CVE-2011-1144The installer in PEAR 1.9.2 and earlier allows local users to ...
CVE-2011-1092Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows ...
CVE-2011-1072The installer in PEAR before 1.9.2 allows local users to overwrite ...
CVE-2011-0754The SplFileInfo::getType function in the Standard PHP Library (SPL) ...
CVE-2011-0752The extract function in PHP before 5.2.15 does not prevent use of the ...
CVE-2011-0708exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms ...
CVE-2011-0441The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows ...
CVE-2011-0421The _zip_name_locate function in zip_name_locate.c in the Zip ...
CVE-2010-4700The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...
CVE-2010-4698Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ...
CVE-2010-4697Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...
CVE-2010-4645strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...
CVE-2010-4409Integer overflow in the NumberFormatter::getSymbol (aka ...
CVE-2010-4156The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...
CVE-2010-4150Double free vulnerability in the imap_do_open function in the IMAP ...
CVE-2010-3870The utf8_decode function in PHP before 5.3.4 does not properly handle ...
CVE-2010-3710Stack consumption vulnerability in the filter_var function in PHP ...
CVE-2010-3709The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...
CVE-2010-3436fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote ...
CVE-2010-3065The default session serializer in PHP 5.2 through 5.2.13 and 5.3 ...
CVE-2010-2950Format string vulnerability in stream.c in the phar extension in PHP ...
CVE-2010-2531The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 ...
CVE-2010-2484The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...
CVE-2010-2225Use-after-free vulnerability in the SplObjectStorage unserializer in ...
CVE-2010-2191The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...
CVE-2010-2094Multiple format string vulnerabilities in the phar extension in PHP ...
CVE-2010-2093Use-after-free vulnerability in the request shutdown functionality in ...
CVE-2010-1917Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 ...
CVE-2010-1866The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...
CVE-2010-1864The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ...
CVE-2010-1860The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...
CVE-2010-1130session.c in the session extension in PHP before 5.2.13, and 5.3.1, ...
CVE-2010-1129The safe_mode implementation in PHP before 5.2.13 does not properly ...
CVE-2010-1128The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...
CVE-2010-0397The xmlrpc extension in PHP 5.3.1 does not properly handle a missing ...
CVE-2009-5016Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in ...
CVE-2009-4143PHP before 5.2.12 does not properly handle session data, which has ...
CVE-2009-4142The htmlspecialchars function in PHP before 5.2.12 does not properly ...
CVE-2009-4018The proc_open function in ext/standard/proc_open.c in PHP before ...
CVE-2009-4017PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ...
CVE-2009-3558The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ...
CVE-2009-3557The tempnam function in ext/standard/file.c in PHP before 5.2.12 and ...
CVE-2009-3546The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...
CVE-2009-3294The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and ...
CVE-2009-3293Unspecified vulnerability in the imagecolortransparent function in PHP ...
CVE-2009-3292Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before ...
CVE-2009-3291The php_openssl_apply_verification_policy function in PHP before ...
CVE-2009-2687The exif_read_data function in the Exif module in PHP before 5.2.10 ...
CVE-2009-2626The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, ...
CVE-2009-1272The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...
CVE-2009-1271The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ...
CVE-2009-0754PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...
CVE-2008-7068The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...
CVE-2008-5844PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW ...
CVE-2008-5814Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ...
CVE-2008-5658Directory traversal vulnerability in the ZipArchive::extractTo ...
CVE-2008-5624PHP 5 before 5.2.7 does not properly initialize the page_uid and ...
CVE-2008-5557Heap-based buffer overflow in ...
CVE-2008-5498Array index error in the imageRotate function in PHP 5.2.8 and earlier ...
CVE-2008-3660PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI ...
CVE-2008-3659Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ...
CVE-2008-3658Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP ...
CVE-2008-2829php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...
CVE-2008-2665Directory traversal vulnerability in the posix_access function in PHP ...
CVE-2008-2108The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...
CVE-2008-2107The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...
CVE-2008-2051The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...
CVE-2008-2050Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP ...
CVE-2008-1384Integer overflow in PHP 5.2.5 and earlier allows context-dependent ...
CVE-2008-0674Buffer overflow in PCRE before 7.6 allows remote attackers to execute ...
CVE-2008-0599The init_request_info function in sapi/cgi/cgi_main.c in PHP before ...
CVE-2007-6039PHP 5.2.5 and earlier allows context-dependent attackers to cause a ...
CVE-2007-5899The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...
CVE-2007-5898The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...
CVE-2007-5653The Component Object Model (COM) functions in PHP 5.x on Windows do ...
CVE-2007-4887The dl function in PHP 5.2.4 and earlier allows context-dependent ...
CVE-2007-4850curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and ...
CVE-2007-4825Directory traversal vulnerability in PHP 5.2.4 and earlier allows ...
CVE-2007-4784The setlocale function in PHP before 5.2.4 allows context-dependent ...
CVE-2007-4783The iconv_substr function in PHP 5.2.4 and earlier allows ...
CVE-2007-4782PHP before 5.2.3 allows context-dependent attackers to cause a denial ...
CVE-2007-4670Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...
CVE-2007-4663Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...
CVE-2007-4662Buffer overflow in the php_openssl_make_REQ function in PHP before ...
CVE-2007-4661The chunk_split function in string.c in PHP 5.2.3 does not properly ...
CVE-2007-4660Unspecified vulnerability in the chunk_split function in PHP before ...
CVE-2007-4659The zend_alter_ini_entry function in PHP before 5.2.4 does not ...
CVE-2007-4658The money_format function in PHP 5 before 5.2.4, and PHP 4 before ...
CVE-2007-4657Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...
CVE-2007-4652The session extension in PHP before 5.2.4 might allow local users to ...
CVE-2007-4441Buffer overflow in php_win32std.dll in the win32std extension for PHP ...
CVE-2007-4010The win32std extension in PHP 5.2.3 does not follow safe_mode and ...
CVE-2007-3998The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...
CVE-2007-3997The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...
CVE-2007-3806The glob function in PHP 5.2.3 allows context-dependent attackers to ...
CVE-2007-3799The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...
CVE-2007-3790The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 ...
CVE-2007-3378The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...
CVE-2007-3007PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode ...
CVE-2007-2872Multiple integer overflows in the chunk_split function in PHP 5 before ...
CVE-2007-2844PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...
CVE-2007-2748The substr_count function in PHP 5.2.1 and earlier allows ...
CVE-2007-2728The soap extension in PHP calls php_rand_r with an uninitialized seed ...
CVE-2007-2727The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...
CVE-2007-2519Directory traversal vulnerability in the installer in PEAR 1.0 through ...
CVE-2007-2511Buffer overflow in the user_filter_factory_create function in PHP ...
CVE-2007-2510Buffer overflow in the make_http_soap_request function in PHP before ...
CVE-2007-2509CRLF injection vulnerability in the ftp_putcmd function in PHP before ...
CVE-2007-1900CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...
CVE-2007-1889Integer signedness error in the _zend_mm_alloc_int function in the ...
CVE-2007-1887Buffer overflow in the sqlite_decode_binary function in the bundled ...
CVE-2007-1864Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...
CVE-2007-1824Buffer overflow in the php_stream_filter_create function in PHP 5 ...
CVE-2007-1777Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...
CVE-2007-1718CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...
CVE-2007-1717The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...
CVE-2007-1711Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...
CVE-2007-1701PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ...
CVE-2007-1700The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ...
CVE-2007-1649PHP 5.2.1 allows context-dependent attackers to read portions of heap ...
CVE-2007-1583The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...
CVE-2007-1522Double free vulnerability in the session extension in PHP 5.2.0 and ...
CVE-2007-1521Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, ...
CVE-2007-1484The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...
CVE-2007-1461The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...
CVE-2007-1460The zip:// URL wrapper provided by the PECL zip extension in PHP ...
CVE-2007-1454ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...
CVE-2007-1453Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...
CVE-2007-1452The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...
CVE-2007-1412The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...
CVE-2007-1411Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...
CVE-2007-1399Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...
CVE-2007-1396The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...
CVE-2007-1381The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ...
CVE-2007-1380The php_binary serialization handler in the session extension in PHP ...
CVE-2007-1376The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...
CVE-2007-1375Integer overflow in the substr_compare function in PHP 5.2.1 and ...
CVE-2007-1286Integer overflow in PHP 4.4.4 and earlier allows remote ...
CVE-2007-1285The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...
CVE-2007-0988The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ...
CVE-2007-0911Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...
CVE-2007-0910Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...
CVE-2007-0909Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...
CVE-2007-0908The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...
CVE-2007-0907Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...
CVE-2007-0906Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...
CVE-2007-0905PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...
CVE-2006-7243PHP before 5.3.4 accepts the \0 character in a pathname, which might ...
CVE-2006-5706Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...
CVE-2006-5465Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...
CVE-2006-5178Race condition in the symlink function in PHP 5.1.6 and earlier allows ...
CVE-2006-4812Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...
CVE-2006-4625PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...
CVE-2006-4486Integer overflow in memory allocation routines in PHP before 5.1.6, ...
CVE-2006-4485The stripos function in PHP before 5.1.5 has unknown impact and attack ...
CVE-2006-4483The cURL extension files (1) ext/curl/interface.c and (2) ...
CVE-2006-4482Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...
CVE-2006-4481The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...
CVE-2006-4433PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...
CVE-2006-4020scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...
CVE-2006-3018Unspecified vulnerability in the session extension functionality in ...
CVE-2006-3017zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...
CVE-2006-3016Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...
CVE-2006-3011The error_log function in basic_functions.c in PHP before 4.4.4 and ...
CVE-2006-2660Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...
CVE-2006-2563The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...
CVE-2006-1991The substr_compare function in string.c in PHP 5.1.2 allows ...
CVE-2006-1990Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...
CVE-2006-1608The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...
CVE-2006-1549PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...
CVE-2006-1494Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...
CVE-2006-1490PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...
CVE-2006-1015Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ...
CVE-2006-1014Argument injection vulnerability in certain PHP 4.x and 5.x ...
CVE-2006-0996Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...
CVE-2006-0208Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and ...
CVE-2006-0207Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...
CVE-2006-0200Format string vulnerability in the error-reporting feature in the ...
CVE-2006-0097Stack-based buffer overflow in the create_named_pipe function in ...
CVE-2005-4154Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ...
CVE-2005-3883CRLF injection vulnerability in the mb_send_mail function in PHP ...
CVE-2005-3392Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...
CVE-2005-3391Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...
CVE-2005-3390The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...
CVE-2005-3389The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...
CVE-2005-3388Cross-site scripting (XSS) vulnerability in the phpinfo function in ...
CVE-2005-3353The exif_read_data function in the Exif module in PHP before 4.4.1 ...
CVE-2005-3319The apache2handler SAPI (sapi_apache2.c) in the Apache module ...
CVE-2005-3054fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...
CVE-2005-2498Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...
CVE-2002-1954Cross-site scripting (XSS) vulnerability in the phpinfo function in ...

Security announcements

DSA / DLADescription
DSA-3280-1php5 - security update
DSA-3280-1php5 - security update
DLA-212-1php5 - security update
DSA-3198-2php5 - regression update
DSA-3198-1php5 - security update
DSA-3195-1php5 - security update
DLA-145-2php5 - regression update
DLA-145-1php5 - security update
DSA-3126-1php5 - security update
DSA-3117-1php5 - security update
DLA-94-1php5 - security update
DSA-3074-2php5 - regression update
DSA-3074-1php5 - security update
DSA-3064-1php5 - security update
DLA-67-1php5 - security update
DSA-3008-1php5 - security update
DLA-0018-1php5 - security update
DSA-2974-1php5 - security update
DLA-0010-1php5 - security update
DSA-2961-1php5 - security update
DSA-2943-1php5 - security update
DSA-2868-1php5 - denial of service
DSA-2868-1php5 - denial of service
DSA-2816-1php5 - several
DSA-2816-1php5 - several
DSA-2742-1php5 - interpretation conflict
DSA-2742-1php5 - interpretation conflict
DSA-2723-1php5 - heap corruption
DSA-2723-1php5 - heap corruption
DSA-2639-1php5 - several vulnerabilities
DSA-2527-1php5 - several
DSA-2492-1php5 - buffer overflow
DSA-2465-1php5 - several
DSA-2408-1php5 - several
DSA-2403-1php5 - code injection
DSA-2403-1php5 - code injection
DSA-2399-1php5 - several
DSA-2399-1php5 - several
DSA-2266-1php5 - several
DSA-2266-1php5 - several
DSA-2195-1php5 - several
DSA-2195-1php5 - several
DSA-2089-1php5 - several vulnerabilities
DSA-2018-1php5 - null pointer dereference
DSA-2001-1php5 - multiple vulnerabilities
DSA-1940-1php5 - multiple issues
DSA-1940-1php5 - multiple issues
DSA-1789-1php5 - several vulnerabilities
DSA-1789-1php5 - several vulnerabilities
DSA-1647-1php5 - several vulnerabilities
DSA-1572-1php5 - several vulnerabilities
DSA-1444-1php5 several issues
DSA-1330-1php5 - several vulnerabilities
DSA-1295-1php5
DSA-1283-1php5

Search for package or bug name: Reporting problems