Information on source package php5

Available versions

ReleaseVersion
squeeze5.3.3-7+squeeze17
squeeze5.3.3-7+squeeze19
wheezy5.4.4-14+deb7u7
wheezy5.4.4-14+deb7u8
jessie5.5.11+dfsg-2
sid5.5.11+dfsg-3

Open issues

BugsqueezewheezyjessiesidDescription
CVE-2010-4657vulnerablevulnerablevulnerablevulnerablexmlTextWriterWriteAttribute heap disclosure
CVE-2011-1398vulnerablefixedfixedfixedThe sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and ...
CVE-2011-4718vulnerablevulnerablefixedfixedSession fixation vulnerability in the Sessions subsystem in PHP before ...
CVE-2012-0789vulnerablefixedfixedfixedMemory leak in the timezone functionality in PHP before 5.3.9 allows ...
CVE-2014-2270vulnerablevulnerablefixedfixedsoftmagic.c in file before 5.17 and libmagic allows context-dependent ...
CVE-2014-2497fixedfixedvulnerablevulnerableThe gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ...

Open unimportant issues

BugsqueezewheezyjessiesidDescription
CVE-2006-0931vulnerablevulnerablevulnerablevulnerableDirectory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...
CVE-2006-4023vulnerablevulnerablevulnerablevulnerableThe ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...
CVE-2006-6383vulnerablevulnerablevulnerablevulnerablePHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...
CVE-2006-7205vulnerablevulnerablevulnerablevulnerableThe array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...
CVE-2007-0448vulnerablevulnerablevulnerablevulnerableThe fopen function in PHP 5.2.0 does not properly handle invalid URI ...
CVE-2007-1413vulnerablevulnerablevulnerablevulnerableBuffer overflow in the snmpget function in the snmp extension in PHP ...
CVE-2007-1581vulnerablevulnerablevulnerablevulnerableThe resource system in PHP 5.0.0 through 5.2.1 allows ...
CVE-2007-1582vulnerablevulnerablevulnerablevulnerableThe resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...
CVE-2007-1710vulnerablevulnerablevulnerablevulnerableThe readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...
CVE-2007-1835vulnerablevulnerablevulnerablevulnerablePHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...
CVE-2007-1883vulnerablevulnerablevulnerablevulnerablePHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...
CVE-2007-1890vulnerablevulnerablevulnerablevulnerableInteger overflow in the msg_receive function in PHP 4 before 4.4.5 and ...
CVE-2007-3205vulnerablevulnerablevulnerablevulnerableThe parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Subhosin, ...
CVE-2007-3294vulnerablevulnerablevulnerablevulnerableMultiple buffer overflows in libtidy, as used in the Tidy extension ...
CVE-2007-4255vulnerablevulnerablevulnerablevulnerableBuffer overflow in the mSQL extension in PHP 5.2.3 allows ...
CVE-2007-4596vulnerablevulnerablevulnerablevulnerableThe perl extension in PHP does not follow safe_mode restrictions, ...
CVE-2007-4889vulnerablevulnerablevulnerablevulnerableThe MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...
CVE-2007-5424vulnerablevulnerablevulnerablevulnerableThe disable_functions feature in PHP 4 and 5 allows attackers to ...
CVE-2008-2666vulnerablevulnerablevulnerablevulnerableMultiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...
CVE-2008-4107vulnerablevulnerablevulnerablevulnerableThe (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...
CVE-2008-5625vulnerablevulnerablevulnerablevulnerablePHP 5 before 5.2.7 does not enforce the error_log safe_mode ...
CVE-2008-7002vulnerablevulnerablevulnerablevulnerablePHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...
CVE-2009-3559vulnerablevulnerablevulnerablevulnerable** DISPUTED ** ...
CVE-2009-4418vulnerablevulnerablevulnerablevulnerableThe unserialize function in PHP 5.3.0 and earlier allows ...
CVE-2010-1861vulnerablevulnerablevulnerablevulnerableThe sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...
CVE-2010-1862vulnerablevulnerablevulnerablevulnerableThe chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...
CVE-2010-1868vulnerablevulnerablevulnerablevulnerableThe (1) sqlite_single_query and (2) sqlite_array_query functions in ...
CVE-2010-1914vulnerablevulnerablevulnerablevulnerableThe Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...
CVE-2010-1915vulnerablevulnerablevulnerablevulnerableThe preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...
CVE-2010-2097vulnerablevulnerablevulnerablevulnerableThe (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...
CVE-2010-2100vulnerablevulnerablevulnerablevulnerableThe (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...
CVE-2010-2101vulnerablevulnerablevulnerablevulnerableThe (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...
CVE-2010-2190vulnerablevulnerablevulnerablevulnerableThe (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...
CVE-2010-3062vulnerablevulnerablevulnerablevulnerablemysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...
CVE-2010-3063vulnerablevulnerablevulnerablevulnerableThe php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...
CVE-2010-3064vulnerablevulnerablevulnerablevulnerableStack-based buffer overflow in the php_mysqlnd_auth_write function in ...
CVE-2010-4699vulnerablefixedfixedfixedThe iconv_mime_decode_headers function in the Iconv extension in PHP ...
CVE-2011-0420fixedvulnerablevulnerablevulnerableThe grapheme_extract function in the Internationalization extension ...
CVE-2011-0753vulnerablefixedfixedfixedRace condition in the PCNTL extension in PHP before 5.3.4, when a ...
CVE-2011-0755vulnerablefixedfixedfixedInteger overflow in the mt_rand function in PHP before 5.3.4 might ...
CVE-2011-1657fixedvulnerablevulnerablevulnerableThe (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions ...
CVE-2012-1171vulnerablevulnerablevulnerablevulnerableThe libxml RSHUTDOWN function in PHP 5.x allows remote attackers to ...
CVE-2012-2336vulnerablefixedfixedfixedsapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...
CVE-2012-3365vulnerablevulnerablevulnerablevulnerableThe SQLite functionality in PHP before 5.3.15 allows remote attackers ...
CVE-2013-3735vulnerablevulnerablevulnerablevulnerable** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...
CVE-2013-4635vulnerablevulnerablefixedfixedInteger overflow in the SdnToJewish function in jewish.c in the ...
TEMP-0000000-A7D1F4vulnerablevulnerablevulnerablevulnerablePHP 5.2.9 curl safe_mode & open_basedir bypass

Resolved issues

BugDescription
CVE-2002-1954Cross-site scripting (XSS) vulnerability in the phpinfo function in ...
CVE-2005-2498Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...
CVE-2005-3054fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...
CVE-2005-3319The apache2handler SAPI (sapi_apache2.c) in the Apache module ...
CVE-2005-3353The exif_read_data function in the Exif module in PHP before 4.4.1 ...
CVE-2005-3388Cross-site scripting (XSS) vulnerability in the phpinfo function in ...
CVE-2005-3389The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...
CVE-2005-3390The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...
CVE-2005-3391Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...
CVE-2005-3392Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...
CVE-2005-3883CRLF injection vulnerability in the mb_send_mail function in PHP ...
CVE-2005-4154Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ...
CVE-2006-0097Stack-based buffer overflow in the create_named_pipe function in ...
CVE-2006-0200Format string vulnerability in the error-reporting feature in the ...
CVE-2006-0207Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...
CVE-2006-0208Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and ...
CVE-2006-0996Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...
CVE-2006-1014Argument injection vulnerability in certain PHP 4.x and 5.x ...
CVE-2006-1015Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ...
CVE-2006-1490PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...
CVE-2006-1494Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...
CVE-2006-1549PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...
CVE-2006-1608The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...
CVE-2006-1990Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...
CVE-2006-1991The substr_compare function in string.c in PHP 5.1.2 allows ...
CVE-2006-2563The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...
CVE-2006-2660Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...
CVE-2006-3011The error_log function in basic_functions.c in PHP before 4.4.4 and ...
CVE-2006-3016Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...
CVE-2006-3017zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...
CVE-2006-3018Unspecified vulnerability in the session extension functionality in ...
CVE-2006-4020scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...
CVE-2006-4433PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...
CVE-2006-4481The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...
CVE-2006-4482Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...
CVE-2006-4483The cURL extension files (1) ext/curl/interface.c and (2) ...
CVE-2006-4485The stripos function in PHP before 5.1.5 has unknown impact and attack ...
CVE-2006-4486Integer overflow in memory allocation routines in PHP before 5.1.6, ...
CVE-2006-4625PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...
CVE-2006-4812Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...
CVE-2006-5178Race condition in the symlink function in PHP 5.1.6 and earlier allows ...
CVE-2006-5465Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...
CVE-2006-5706Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...
CVE-2006-7243PHP before 5.3.4 accepts the \0 character in a pathname, which might ...
CVE-2007-0905PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...
CVE-2007-0906Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...
CVE-2007-0907Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...
CVE-2007-0908The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...
CVE-2007-0909Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...
CVE-2007-0910Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...
CVE-2007-0911Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...
CVE-2007-0988The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ...
CVE-2007-1285The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...
CVE-2007-1286Integer overflow in PHP 4.4.4 and earlier allows remote ...
CVE-2007-1375Integer overflow in the substr_compare function in PHP 5.2.1 and ...
CVE-2007-1376The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...
CVE-2007-1380The php_binary serialization handler in the session extension in PHP ...
CVE-2007-1381The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ...
CVE-2007-1396The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...
CVE-2007-1399Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...
CVE-2007-1411Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...
CVE-2007-1412The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...
CVE-2007-1452The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...
CVE-2007-1453Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...
CVE-2007-1454ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...
CVE-2007-1460The zip:// URL wrapper provided by the PECL zip extension in PHP ...
CVE-2007-1461The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...
CVE-2007-1484The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...
CVE-2007-1521Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, ...
CVE-2007-1522Double free vulnerability in the session extension in PHP 5.2.0 and ...
CVE-2007-1583The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...
CVE-2007-1649PHP 5.2.1 allows context-dependent attackers to read portions of heap ...
CVE-2007-1700The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ...
CVE-2007-1701PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ...
CVE-2007-1711Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...
CVE-2007-1717The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...
CVE-2007-1718CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...
CVE-2007-1777Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...
CVE-2007-1824Buffer overflow in the php_stream_filter_create function in PHP 5 ...
CVE-2007-1864Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...
CVE-2007-1887Buffer overflow in the sqlite_decode_binary function in the bundled ...
CVE-2007-1889Integer signedness error in the _zend_mm_alloc_int function in the ...
CVE-2007-1900CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...
CVE-2007-2509CRLF injection vulnerability in the ftp_putcmd function in PHP before ...
CVE-2007-2510Buffer overflow in the make_http_soap_request function in PHP before ...
CVE-2007-2511Buffer overflow in the user_filter_factory_create function in PHP ...
CVE-2007-2519Directory traversal vulnerability in the installer in PEAR 1.0 through ...
CVE-2007-2727The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...
CVE-2007-2728The soap extension in PHP calls php_rand_r with an uninitialized seed ...
CVE-2007-2748The substr_count function in PHP 5.2.1 and earlier allows ...
CVE-2007-2844PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...
CVE-2007-2872Multiple integer overflows in the chunk_split function in PHP 5 before ...
CVE-2007-3007PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode ...
CVE-2007-3378The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...
CVE-2007-3790The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 ...
CVE-2007-3799The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...
CVE-2007-3806The glob function in PHP 5.2.3 allows context-dependent attackers to ...
CVE-2007-3997The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...
CVE-2007-3998The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...
CVE-2007-4010The win32std extension in PHP 5.2.3 does not follow safe_mode and ...
CVE-2007-4441Buffer overflow in php_win32std.dll in the win32std extension for PHP ...
CVE-2007-4652The session extension in PHP before 5.2.4 might allow local users to ...
CVE-2007-4657Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...
CVE-2007-4658The money_format function in PHP 5 before 5.2.4, and PHP 4 before ...
CVE-2007-4659The zend_alter_ini_entry function in PHP before 5.2.4 does not ...
CVE-2007-4660Unspecified vulnerability in the chunk_split function in PHP before ...
CVE-2007-4661The chunk_split function in string.c in PHP 5.2.3 does not properly ...
CVE-2007-4662Buffer overflow in the php_openssl_make_REQ function in PHP before ...
CVE-2007-4663Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...
CVE-2007-4670Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...
CVE-2007-4782PHP before 5.2.3 allows context-dependent attackers to cause a denial ...
CVE-2007-4783The iconv_substr function in PHP 5.2.4 and earlier allows ...
CVE-2007-4784The setlocale function in PHP before 5.2.4 allows context-dependent ...
CVE-2007-4825Directory traversal vulnerability in PHP 5.2.4 and earlier allows ...
CVE-2007-4850curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and ...
CVE-2007-4887The dl function in PHP 5.2.4 and earlier allows context-dependent ...
CVE-2007-5653The Component Object Model (COM) functions in PHP 5.x on Windows do ...
CVE-2007-5898The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...
CVE-2007-5899The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...
CVE-2007-6039PHP 5.2.5 and earlier allows context-dependent attackers to cause a ...
CVE-2008-0599The init_request_info function in sapi/cgi/cgi_main.c in PHP before ...
CVE-2008-0674Buffer overflow in PCRE before 7.6 allows remote attackers to execute ...
CVE-2008-1384Integer overflow in PHP 5.2.5 and earlier allows context-dependent ...
CVE-2008-2050Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP ...
CVE-2008-2051The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...
CVE-2008-2107The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...
CVE-2008-2108The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...
CVE-2008-2665Directory traversal vulnerability in the posix_access function in PHP ...
CVE-2008-2829php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...
CVE-2008-3658Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP ...
CVE-2008-3659Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ...
CVE-2008-3660PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI ...
CVE-2008-5498Array index error in the imageRotate function in PHP 5.2.8 and earlier ...
CVE-2008-5557Heap-based buffer overflow in ...
CVE-2008-5624PHP 5 before 5.2.7 does not properly initialize the page_uid and ...
CVE-2008-5658Directory traversal vulnerability in the ZipArchive::extractTo ...
CVE-2008-5814Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ...
CVE-2008-5844PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW ...
CVE-2008-7068The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...
CVE-2009-0754PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...
CVE-2009-1271The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ...
CVE-2009-1272The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...
CVE-2009-2626The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, ...
CVE-2009-2687The exif_read_data function in the Exif module in PHP before 5.2.10 ...
CVE-2009-3291The php_openssl_apply_verification_policy function in PHP before ...
CVE-2009-3292Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before ...
CVE-2009-3293Unspecified vulnerability in the imagecolortransparent function in PHP ...
CVE-2009-3294The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and ...
CVE-2009-3546The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...
CVE-2009-3557The tempnam function in ext/standard/file.c in PHP before 5.2.12 and ...
CVE-2009-3558The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ...
CVE-2009-4017PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ...
CVE-2009-4018The proc_open function in ext/standard/proc_open.c in PHP before ...
CVE-2009-4142The htmlspecialchars function in PHP before 5.2.12 does not properly ...
CVE-2009-4143PHP before 5.2.12 does not properly handle session data, which has ...
CVE-2009-5016Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in ...
CVE-2010-0397The xmlrpc extension in PHP 5.3.1 does not properly handle a missing ...
CVE-2010-1128The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...
CVE-2010-1129The safe_mode implementation in PHP before 5.2.13 does not properly ...
CVE-2010-1130session.c in the session extension in PHP before 5.2.13, and 5.3.1, ...
CVE-2010-1860The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...
CVE-2010-1864The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ...
CVE-2010-1866The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...
CVE-2010-1917Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 ...
CVE-2010-2093Use-after-free vulnerability in the request shutdown functionality in ...
CVE-2010-2094Multiple format string vulnerabilities in the phar extension in PHP ...
CVE-2010-2191The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...
CVE-2010-2225Use-after-free vulnerability in the SplObjectStorage unserializer in ...
CVE-2010-2484The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...
CVE-2010-2531The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 ...
CVE-2010-2950Format string vulnerability in stream.c in the phar extension in PHP ...
CVE-2010-3065The default session serializer in PHP 5.2 through 5.2.13 and 5.3 ...
CVE-2010-3436fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote ...
CVE-2010-3709The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...
CVE-2010-3710Stack consumption vulnerability in the filter_var function in PHP ...
CVE-2010-3870The utf8_decode function in PHP before 5.3.4 does not properly handle ...
CVE-2010-4150Double free vulnerability in the imap_do_open function in the IMAP ...
CVE-2010-4156The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...
CVE-2010-4409Integer overflow in the NumberFormatter::getSymbol (aka ...
CVE-2010-4645strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...
CVE-2010-4697Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...
CVE-2010-4698Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ...
CVE-2010-4700The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...
CVE-2011-0421The _zip_name_locate function in zip_name_locate.c in the Zip ...
CVE-2011-0441The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows ...
CVE-2011-0708exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms ...
CVE-2011-0752The extract function in PHP before 5.2.15 does not prevent use of the ...
CVE-2011-0754The SplFileInfo::getType function in the Standard PHP Library (SPL) ...
CVE-2011-1072The installer in PEAR before 1.9.2 allows local users to overwrite ...
CVE-2011-1092Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows ...
CVE-2011-1144The installer in PEAR 1.9.2 and earlier allows local users to ...
CVE-2011-1148Use-after-free vulnerability in the substr_replace function in PHP ...
CVE-2011-1153Multiple format string vulnerabilities in phar_object.c in the phar ...
CVE-2011-1464Buffer overflow in the strval function in PHP before 5.3.6, when the ...
CVE-2011-1466Integer overflow in the SdnToJulian function in the Calendar extension ...
CVE-2011-1467Unspecified vulnerability in the NumberFormatter::setSymbol (aka ...
CVE-2011-1468Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 ...
CVE-2011-1469Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...
CVE-2011-1470The Zip extension in PHP before 5.3.6 allows context-dependent ...
CVE-2011-1471Integer signedness error in zip_stream.c in the Zip extension in PHP ...
CVE-2011-1938Stack-based buffer overflow in the socket_connect function in ...
CVE-2011-2202The rfc1867_post_handler function in main/rfc1867.c in PHP before ...
CVE-2011-2483crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain ...
CVE-2011-3182PHP before 5.3.7 does not properly check the return values of the ...
CVE-2011-3189The crypt function in PHP 5.3.7, when the MD5 hash type is used, ...
CVE-2011-3267PHP before 5.3.7 does not properly implement the error_log function, ...
CVE-2011-3268Buffer overflow in the crypt function in PHP before 5.3.7 allows ...
CVE-2011-3379The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the ...
CVE-2011-4153PHP 5.3.8 does not always check the return value of the zend_strndup ...
CVE-2011-4566Integer overflow in the exif_process_IFD_TAG function in exif.c in the ...
CVE-2011-4885PHP before 5.3.9 computes hash values for form parameters without ...
CVE-2012-0057PHP before 5.3.9 has improper libxslt security settings, which allows ...
CVE-2012-0781The tidy_diagnose function in PHP 5.3.8 might allow remote attackers ...
CVE-2012-0788The PDORow implementation in PHP before 5.3.9 does not properly ...
CVE-2012-0830The php_register_variable_ex function in php_variables.c in PHP 5.3.9 ...
CVE-2012-0831PHP before 5.3.10 does not properly perform a temporary change to the ...
CVE-2012-1172The file-upload implementation in rfc1867.c in PHP before 5.4.0 does ...
CVE-2012-1823sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...
CVE-2012-2143The crypt_des (aka DES-based crypt) function in FreeBSD before ...
CVE-2012-2311sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...
CVE-2012-2317The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in ...
CVE-2012-2329Buffer overflow in the apache_request_headers function in ...
CVE-2012-2376Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and ...
CVE-2012-2386Integer overflow in the phar_parse_tarfile function in tar.c in the ...
CVE-2012-2688Unspecified vulnerability in the _php_stream_scandir function in the ...
CVE-2012-3450pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x ...
CVE-2012-4388The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through ...
CVE-2012-5381** DISPUTED ** Untrusted search path vulnerability in the installation ...
CVE-2012-6113The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 ...
CVE-2013-1635ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not ...
CVE-2013-1643The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows ...
CVE-2013-1824The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows ...
CVE-2013-2110Heap-based buffer overflow in the php_quot_print_encode function in ...
CVE-2013-4113ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...
CVE-2013-4248The openssl_x509_parse function in openssl.c in the OpenSSL module in ...
CVE-2013-4636The mget function in libmagic/softmagic.c in the Fileinfo component in ...
CVE-2013-6420The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP ...
CVE-2013-6712The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...
CVE-2013-7226Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP ...
CVE-2013-7327The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ...
CVE-2013-7328Multiple integer signedness errors in the gdImageCrop function in ...
CVE-2014-1943Fine Free file before 5.17 allows context-dependent attackers to cause ...
CVE-2014-2020ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...
TEMP-0000000-F647EFMissing safemode checks in PHP's _php_image_output functions
TEMP-0540606-8877D9php5: 'open_basedir' bypass

Security announcements

DSADescription
DSA-2868-1php5 - denial of service
DSA-2868-1php5 - denial of service
DSA-2816-1php5 - several
DSA-2816-1php5 - several
DSA-2742-1php5 - interpretation conflict
DSA-2742-1php5 - interpretation conflict
DSA-2723-1php5 - heap corruption
DSA-2723-1php5 - heap corruption
DSA-2639-1php5 - several vulnerabilities
DSA-2527-1php5 - several
DSA-2492-1php5 - buffer overflow
DSA-2465-1php5 - several
DSA-2408-1php5 - several
DSA-2403-1php5 - code injection
DSA-2403-1php5 - code injection
DSA-2399-1php5 - several
DSA-2399-1php5 - several
DSA-2266-1php5 - several
DSA-2266-1php5 - several
DSA-2195-1php5 - several
DSA-2195-1php5 - several
DSA-2089-1php5 - several vulnerabilities
DSA-2018-1php5 - null pointer dereference
DSA-2001-1php5 - multiple vulnerabilities
DSA-1940-1php5 - multiple issues
DSA-1940-1php5 - multiple issues
DSA-1789-1php5 - several vulnerabilities
DSA-1789-1php5 - several vulnerabilities
DSA-1647-1php5 - several vulnerabilities
DSA-1572-1php5 - several vulnerabilities
DSA-1444-1php5 several issues
DSA-1330-1php5 - several vulnerabilities
DSA-1295-1php5
DSA-1283-1php5

Search for package or bug name: Reporting problems

Home - Testing Security Team - Debian Security - Source (SVN)