Tag: security

On December 18th 2014, the PHP group released PHP 5.4.36.

Two security-related bugs were fixed in this release, including the fix for CVE-2014-8142. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

• for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
• on both amd64 and i386 architectures.

The following modules have been packaged too :

• APC 3.1.13
• apcu 4.0.7
• ffmpeg 0.6.0 (Squeeze only)
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.5.8
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.5
• spplus 1.1
• ssh2 0.12
• xcache 3.2.0
• xdebug 2.2.6
• xhprof 0.9.4
• zendopcache 7.0.3

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

On December 18th 2014, the PHP group released PHP 5.5.20.

This release fixes several bugs and one CVE related to unserialization. All PHP 5.5 users are encouraged to upgrade to this version.

PHP 5.5.20 packages are now available on Dotdeb for Debian 7.7 “Wheezy”, on both amd64 and i386 architectures.

The following modules have been packaged too :

• apcu 4.0.7
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.5.8
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.5
• spplus 1.1
• ssh2 0.12
• xcache 3.2.0
• xdebug 2.2.6
• xhprof 0.9.4

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

On November 13th 2014, the PHP group released PHP 5.4.35.

4 security-related bugs were fixed in this release, including the fix for CVE-2014-3710. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

• for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
• on both amd64 and i386 architectures.

The following modules have been packaged too :

• APC 3.1.13
• apcu 4.0.7
• ffmpeg 0.6.0 (Squeeze only)
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.5.8
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.5
• spplus 1.1
• ssh2 0.12
• xcache 3.2.0
• xdebug 2.2.6
• xhprof 0.9.4
• zendopcache 7.0.3

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

On November 13th 2014, the PHP group released PHP 5.5.19.

This release fixes several bugs and one CVE in the fileinfo extension. All PHP 5.5 users are encouraged to upgrade to this version.

PHP 5.5.19 packages are now available on Dotdeb for Debian 7.7 “Wheezy”, on both amd64 and i386 architectures. They include a fix for regressions in the FPM SAPI (See 1, 2 and 3) that is present in the upstream version of PHP 5.5.19.

The following modules have been packaged too :

• apcu 4.0.7
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.5.8
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.5
• spplus 1.1
• ssh2 0.12
• xcache 3.2.0
• xdebug 2.2.6
• xhprof 0.9.4

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

On November 13th 2014, the PHP group released PHP 5.6.3.

This release fixes several bugs and one CVE in the fileinfo extension. All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.6.3 packages are now available on Dotdeb for Debian 7.7 “Wheezy”, on both amd64 and i386 architectures. They include a fix for regressions in the FPM SAPI (See 1, 2 and 3) that is present in the upstream version of PHP 5.6.3.

Please also note these points :

• Regression : php5-memcached lacks JSON support
• Missing packages : Xcachen Xdebug and Xhprof are missing for now
• End of support : Spplus won’t be supported anymore. Pinba’s fates hasn’t been decided yet.

As a consequence :

• Don’t upgrade yet if you need missing features
• For users upgrading from PHP 5.5, a full migration guide is available, detailing the changes between 5.5 and 5.6.0
• The full list of changes is available in the ChangeLog
• Your feedbacks are always welcome. Just make sure they are useful.

To install PHP 5.6 or to upgrade from previous version just follow the instructions.

On October 16th 2014, the PHP group released PHP 5.4.34.

6 security-related bugs were fixed in this release, including fixes for CVE-2014-3668, CVE-2014-3669 and CVE-2014-3670. Also, a fix for OpenSSL which produced regressions was reverted. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

• for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
• on both amd64 and i386 architectures.

The following modules have been packaged too :

• APC 3.1.13
• apcu 4.0.7
• ffmpeg 0.6.0 (Squeeze only)
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.5.7
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.5
• spplus 1.1
• ssh2 0.12
• xcache 3.2.0
• xdebug 2.2.5
• xhprof 0.9.4
• zendopcache 7.0.3

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

On October 16th 2014, the PHP group released PHP 5.5.18.

Several bugs were fixed in this release. A regression in OpenSSL introduced in PHP 5.5.17 has also been addressed in this release. PHP 5.5.18 also fixes 4 CVEs in different components. All PHP 5.5 users are encouraged to upgrade to this version.

PHP 5.5.18 packages are now available on Dotdeb for Debian 7.7 “Wheezy”, on both amd64 and i386 architectures.

The following modules have been packaged too :

• apcu 4.0.7
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.5.7
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.5
• spplus 1.1
• ssh2 0.12
• xcache 3.2.0
• xdebug 2.2.5
• xhprof 0.9.4

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.