Categories
PHP

PHP 5.4.32, for Wheezy and Squeeze

On August 21st 2014, the PHP group has released PHP 5.4.32.

16 bugs were fixed in this release, including the following security-related issues: CVE-2014-2497, CVE-2014-3538, CVE-2014-3587, CVE-2014-3597, CVE-2014-4670, CVE-2014-4698, CVE-2014-5120. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
  • on both amd64 and i386 architectures.

The following modules have been packaged too :

  • APC 3.1.13
  • apcu 4.0.6
  • ffmpeg 0.6.0 (Squeeze only)
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.5
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.1.0
  • xdebug 2.2.5
  • xhprof 0.9.4
  • zendopcache 7.0.3

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
PHP

PHP 5.5.16 for Debian Wheezy

On August 22nd 2014, the PHP group has released PHP 5.5.16.

This release fixes several bugs against PHP 5.5.15 and resolves CVE-2014-3538, CVE-2014-3587, CVE-2014-2497, CVE-2014-5120 and CVE-2014-3597.

All PHP users are encouraged to upgrade to this new version.

PHP 5.5.16 packages are now available on Dotdeb for Debian 7.6 “Wheezy”, on both amd64 and i386 architectures.

The following modules have been packaged too :

  • apcu 4.0.6
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.5
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.1.0
  • xdebug 2.2.5
  • xhprof 0.9.4

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

Categories
Nginx

Nginx 1.6.1, for Wheezy and Squeeze

Nginx 1.6.1 has been released on August 5th 2014, with the following changes :

  • Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. Thanks to Chris Boulton.
  • Bugfix: the $uri variable might contain garbage when returning errors with code 400. Thanks to Sergey Bobrov.
  • Bugfix: in the none parameter in the smtp_auth directive; the bug had appeared in 1.5.6. Thanks to Svyatoslav Nikolsky.

As a consequence, packages of Nginx 1.6.1 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386).

For more details about which modules are included in the different Nginx flavors, just have to look at this document.

Categories
PHP

PHP 5.3.29 (End of Life) for Squeeze

On August 14th 2014, the PHP group has released PHP 5.3.29.

The PHP development team announces the immediate availability of PHP 5.3.29. This release marks the end of life of the PHP 5.3 series. Future releases of this series are not planned. All PHP 5.3 users are encouraged to upgrade to the current stable version of PHP 5.5 or previous stable version of PHP 5.4, which are supported till at least 2016 and 2015 respectively.

PHP 5.3.29 contains about 25 potentially security related fixes backported from PHP 5.4 and 5.5.

The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze”, on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
MySQL

MySQL 5.5.38 for Squeeze

Packages of MySQL 5.5.38 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures to fix some vulnerabilities and various bugs as well (the latest packaged version was 5.5.31…).

Please note that the Pinba engine has also been rebuilt to be used against this new version.

As usual, please read carefully the full Changelog before upgrading.

Categories
Zabbix

Zabbix 2.2.5

Zabbix 2.2.5 has been released on July 17th 2014. This release contains a security fix, fixes known issues of Zabbix 2.2.x and introduces new minor features. Please read the release notes for more info.

As usual, the packages are now available :

  • for Debian 7.0 “Wheezy and 6.0 “Squeeze”,
  • on both amd64 and i386 architectures.

And don’t forget, if you find Dotdeb useful, feel free to show your support.

Categories
PHP

PHP 5.4.30, for Wheezy and Squeeze

On June 26th 2014, the PHP group has released PHP 5.4.30. Over 20 bugs were fixed in this release, including the following security issues: CVE-2014-3981, CVE-2014-0207, CVE-2014-3478, CVE-2014-3479, CVE-2014-3480, CVE-2014-3487, CVE-2014-4049, CVE-2014-3515. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
  • on both amd64 and i386 architectures.

The following modules have been packaged too :

  • APC 3.1.13
  • apcu 4.0.6
  • ffmpeg 0.6.0 (Squeeze only)
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.4
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.1.0
  • xdebug 2.2.5
  • xhprof 0.9.4
  • zendopcache 7.0.3

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

And if you find Dotdeb useful, feel free to show your support.

Categories
PHP

PHP 5.5.14 for Debian Wheezy

On June 27th 2014, the PHP group has released PHP 5.5.14.

This release fixes several bugs against PHP 5.5.13. Also, this release fixes a total of 8 CVEs, half of them concerning the FileInfo extension.

All PHP users are encouraged to upgrade to this new version.

Please, note that this release also fixes a backward compatibility issue that has been detected in the PHP 5.5.13 release. Still, the fix in PHP 5.5.14 may break some very rare situations. As this tiny compatibility break involves security, and as security is our primary concern, we had to fix it. This concerns bug 67072. For more information about this bug and its actual resolution, please visit our upgrading guide. We apologize for any inconvenience you may have experienced with this behavior.

PHP 5.5.14 packages are now available on Dotdeb for Debian 7.5 “Wheezy”, on both amd64 and i386 architectures.

The following modules have been packaged too :

  • apcu 4.0.6
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.4
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.1.0
  • xdebug 2.2.5
  • xhprof 0.9.4

php5-mysqlnd can now seamlessly replace php5-mysql for other packages having outdated dependencies. You can now avoid an annoying libmysqlclient warning when using MySQL servers different from 5.5.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

And don’t forget: if you find Dotdeb useful, you may want to show your support.

Categories
Nginx

Nginx 1.6.0 has been updated for Wheezy and Squeeze

Packages of Nginx 1.6.0 for Debian Wheezy and Squeeze have just been updated to fix a vulnerability in the ngx_pagespeed-embeded OpenSSL library.

The nginx-auth-ldap, nginx-cache-purge, nginx-lua and nginx-upload-progress modules have also been updated.

Categories
PHP

PHP 5.4.29, for Wheezy and Squeeze

On May 29th 2014, the PHP group has released PHP 5.4.29. 16 bugs were fixed in this release, including two security issues in fileinfo extension. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
  • on both amd64 and i386 architectures.

The following modules have been packaged too :

  • APC 3.1.13
  • apcu 4.0.4
  • ffmpeg 0.6.0 (Squeeze only)
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.3
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.1.0
  • xdebug 2.2.5
  • xhprof 0.9.4
  • zendopcache 7.0.3

Please also note that the default permissions on the FPM Unix socket have been fixed, in a secure way.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

And if you find Dotdeb useful, feel free to show your support.