After PHP 5.3.4 has been released by the PHP Group and after the corresponding Suhosin patch has been published by Stefan Esser, the PHP 5.3.4 packages for Debian “Lenny” 5.0 are now available on Dotdeb. Thanks for your patience.
Follow these instructions if you’re installing them for the first time. And as usual, please read the full announcement and the Changelog before upgrading.
Happy new year!
PHP 5.2.16 has been released by the PHP Group a few days after PHP 5.2.15 (fixing an open_basedir issue). It is now available on Dotdeb for your Debian “Lenny” servers.
This maintainance release marks the end of support for PHP 5.2. You are strongly encouraged to upgrade to PHP 5.3 (read this migration guide).
Please read PHP 5.2.15 and 5.2.16 release announcements and the full Changelog before upgrading.
The PHP 5.3.3 packages for Debian 5.0 “Lenny” (amd64/i386) have been updated. Here are the changes :
On july, 22nd, the PHP Group released PHP 5.2.14 :
The PHP development team would like to announce the immediate availability of PHP 5.2.14. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related.
This release marks the end of the active support for PHP 5.2. Following this release the PHP 5.2 series will receive no further active bug maintenance. Security fixes for PHP 5.2 might be published on a case by cases basis. All users of PHP 5.2 are encouraged to upgrade to PHP 5.3.
The packages for Debian “Lenny” are now available on Dotdeb.
Of course, you’re advised to read the full announcement and the Changelog before upgrading.
Thanks (again) to Stefan Esser and the Month of PHP security for improving PHP.
On july, 22nd, the PHP Group released PHP 5.3.3 :
The PHP development team would like to announce the immediate availability of PHP 5.3.3. This release focuses on improving the stability and security of the PHP 5.3.x branch with over 100 bug fixes, some of which are security related. All users are encouraged to upgrade to this release.
The packages for Debian “Lenny” are now available on Dotdeb on the usual repository.
Of course, you should read the full announcement, the PHP 5.3 migration guide and consult the Changelog.
Caution : (to PHP-FPM users) with the inclusion of PHP-FPM in the PHP 5.3 core, the syntax of the configuration file (/etc/php5/fpm/php5-fpm.conf) has changed. It switched from a XML syntax to an INI one. Please prepare your new configuration file before upgrading, by reading carefully the PHP documentation and this page.
And thanks to Stefan Esser and the Month of PHP security for improving PHP.
New packages of PHP 5.3.1 and PHP 5.2.13 has been uploaded to fix some annoying bugs :
In addition, PHP 5.3.2 now restarts softly, without any problem (thanks to Daniel Hahler).
A few days ago, the PHP Group released PHP 5.3.2. It fixes severe security issues and some other bugs :
The PHP development team is proud to announce the immediate release of PHP 5.3.2. This is a maintenance release in the 5.3 series, which includes a large number of bug fixes.
Security Enhancements and Fixes in PHP 5.3.2:
- Improved LCG entropy. (Rasmus, Samy Kamkar)
- Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
(…)
It is now available on Dotdeb (still on a separate repository) with the following changes :
As usual, please read the release announcement and the full Changelog before upgrading. If you’re migrating from PHP 5.2, you can also take a look at migration guide.
[Update] The packages have been updated to fix a MySQL connection issue. The geoip PECL extension is back.
A few days ago, the PHP Group released PHP 5.2.13. It fixes severe security issues and some other bugs :
The PHP development team would like to announce the immediate availability of PHP 5.2.13. This release focuses on improving the stability of the PHP 5.2.x branch with over 40 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.13:
- Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
- Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
- Improved LCG entropy. (Rasmus, Samy Kamkar)
(…)
On the Dotdeb side
As usual, please read the release announcement and the full Changelog before upgrading.
On December 17th 2009, the PHP Group released PHP 5.2.12 :
The PHP development team would like to announce the immediate availability of PHP 5.2.12. This release focuses on improving the stability of the PHP 5.2.x branch with over 60 bug fixes, some of which are security related. All users of PHP 5.2 are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.12:
- Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (CVE-2009-3557, Rasmus)
- Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (CVE-2009-3558, Rasmus)
- Added “max_file_uploads” INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion, identified by Bogdan Calin. (CVE-2009-4017, Ilia)
- Added protection for $_SESSION from interrupt corruption and improved “session.save_path” check, identified by Stefan Esser. (CVE-2009-4143, Stas)
- Fixed bug #49785 (insufficient input string validation of htmlspecialchars()). (CVE-2009-4142, Moriyoshi, hello at iwamot dot com)
(Please read the full announcement for more details)
Dotdeb packages of PHP 5.2.12 are now (finally) available for Debian “Lenny” and “Etch”, amd64 and i386.
Upgrading your servers is strongly encouraged because of several security issue, especially a multipart/form-data DoS (CVE-2009-4017). Please set the max_file_uploads parameter carefully.
The PHP 5.3.1 packages for Debian “Lenny” have been updated to fix :
All should work fine now.