Tag: security

On May 29th 2014, the PHP group has released PHP 5.5.13 :

This release fixes several bugs in PHP 5.5.12, and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237).

As a consequence, PHP 5.5.13 packages are now available on Dotdeb for Debian 7.5 “Wheezy”, on both amd64 and i386 architectures.

The following modules have been packaged too :

• apcu 4.0.4
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.5.3
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.5
• spplus 1.1
• ssh2 0.12
• xcache 3.1.0
• xdebug 2.2.5
• xhprof 0.9.4

Please note that the default permissions on the FPM Unix socket have been fixed, in a secure way.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

And don’t forget: if you find Dotdeb useful, you may want to show your support.

On May 1st 2014, the PHP group has released PHP 5.4.28. 9 bugs were fixed in this release, including CVE-2014-0185. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

• for Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze”,
• on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Please note that if you’re using an Unix socket to make PHP-FPM talk to your web server, you’ll have to set the listen.owner and listen.group directive to the right user/group (usually www-data), for each of your pool. Don’t change the permissions on the socket from 0660 to 0666 (too permissive), it would avoid the CVE-2014-0185 fix.

And if you find Dotdeb useful, feel free to show your support.

On April 30th 2014, the PHP group has released PHP 5.5.12 :

This release fixes several bugs against PHP 5.5.11, as well as CVE-2014-0185 regarding PHP-FPM. All PHP users are encouraged to upgrade to this new version.

As a consequence, PHP 5.5.12 packages are now available on Dotdeb for Debian 7.4 “Wheezy”, on both amd64 and i386 architectures.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

Please note that if you’re using an Unix socket to make PHP-FPM talk to your web server, you’ll have to set the listen.owner and listen.group directive to the right user/group (usually www-data), for each of your pool. Don’t change the permissions on the socket from 0660 to 0666 (too permissive), it would avoid the CVE-2014-0185 fix.

And don’t forget: if you find Dotdeb useful, you may want to show your support.

On April 3rd 2014, the PHP group has released PHP 5.4.27. 6 bugs were fixed in this release, including CVE-2013-7345. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

• for Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze”,
• on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

And if you find Dotdeb useful, feel free to show your support.

On April 2nd 2014, the PHP group has released PHP 5.5.11 :

Several bugs were fixed in this release, some bundled libraries updated and a security issue has been fixed : CVE-2013-7345. We recommand all PHP 5.5 users to upgrade to this version.

As a consequence, PHP 5.5.11 packages are now available on Dotdeb for Debian 7.4 “Wheezy”, on both amd64 and i386 architectures.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

And don’t forget: if you find Dotdeb useful, you may want to show your support.

On March 7th 2014, the PHP group has released PHP 5.4.26. 5 bugs were fixed in this release, including CVE-2014-1943. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

• for Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze”,
• on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

And if you find Dotdeb useful, feel free to show your support.

On March 6th 2014, the PHP group has released PHP 5.5.10. Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release. All PHP 5.5 users should upgrade to this version.

As a consequence, PHP 5.5.10 packages are now available on Dotdeb for Debian 7.0 “Wheezy”, on both amd64 and i386 architectures.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

And don’t forget: if you find Dotdeb useful, you may want to show your support.