Categories
PHP

PHP 5.4.16 for Wheezy and Squeeze

On June 6th 2013, the PHP group has released PHP 5.4.16.

These releases fix about 15 bugs, including CVE-2013-2110. All users of PHP are encouraged to upgrade to PHP 5.4.16.

The corresponding packages are now available on Dotdeb :

  • for Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze”,
  • on both amd64 and i386 architectures.

Please note that php5-readline is now a separate package and that php5-pinba is back.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

And if you like Dotdeb, feel free to show your support.

Categories
MySQL

MySQL 5.5.31 for Squeeze

Packages of MySQL 5.5.31 are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. They fix some serious vulnerabilities and InnoDB-, partition- and replication-related bugs as well.

Please note that the Pinba engine has also been rebuilt to be used against this new version.

As usual, please read carefully the full Changelog before upgrading.

Categories
Nginx

Security : Nginx 1.4.1

Nginx 1.4.1 has been released on May 7th 2013, with the fix for the stack-based buffer overflow security problem in nginx 1.3.9 – 1.4.0, discovered by Greg MacManus, of iSIGHT Partners Labs (CVE-2013-2028).

As a consequence, Dotdeb’s packages of Nginx 1.4.1 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386).

As usual, if you want to know which module has been included in each Nginx flavor, you just have to look at this document.

Categories
PHP

PHP 5.3.23

On March 14th 2013, the PHP group has released PHP 5.3.23.

These releases fix about 15 bugs, including fixes for CVE-2013-1643 and CVE-2013-1635. All users of PHP are encouraged to upgrade to PHP 5.4.13.

The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures with the following changes :

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
PHP

PHP 5.4.13

On March 14th 2013, the PHP group has released PHP 5.4.13.

These releases fix about 15 bugs, including fixes for CVE-2013-1643 and CVE-2013-1635. All users of PHP are encouraged to upgrade to PHP 5.4.13.

The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures with the following changes :

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Note : PHP 5.3.23 packages will be available at the end of this week.

Categories
PHP

PHP 5.4.5 and PHP 5.3.15

On july 19th 2012, the PHP group has released PHP 5.4.5 and PHP 5.3.15, that bring over 30 bug fixes, including a fix for a security related overflow issue in the stream implementation.

The corresponding packages are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures (see the installation instructions). Please also note that the php5-xhprof package is now available for PHP 5.4.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
MySQL

Critical update : MySQL 5.5.25a

The packages of MySQL 5.5.25a are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. They fixes a very annoying bug on InnoDB : bug #65745, “UPDATE on InnoDB table enters recursion, eats all disk space”.

As usual, please read carefully the full Changelog before upgrading.

Categories
PHP

PHP 5.3.14

On june 14th 2012, the PHP group has released PHP 5.3.14, that brings over 30 bug fixes, some of which are security related : A weakness in the DES implementation of crypt and a heap overflow issue in the phar extension. Please also note that the use of php://fd streams is now restricted to the CLI SAPI (php5-cli).

Packages of PHP 5.3.14 are now available on Dotdeb for Debian 6.0 “Squeeze” on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Categories
MySQL

MySQL 5.1 discontinued on Dotdeb

During the last weeks, MySQL suffered from many vulnerabilities (see DSA-2429-1 and DSA-2496-1). Due to the non-disclosure of security patch information from Oracle, the Debian security team is now forced to ship upstreams version update of MySQL 5.1 (5.1.63 as of this writing).

Then it makes no sense for Dotdeb to duplicate this effort and to maintain the same versions of MySQL 5.1 for Squeeze with the same features and level of optimization. As a consequence the MySQL 5.1 packages has been removed from the Dotdeb repository (you’ll find archived versions here).

Please just be sure to have debian-security in your sources.list to have the most recent security fixes for your MySQL 5.1 server :

deb http://security.debian.org/ squeeze/updates main contrib non-free

Now, don’t worry, if you want to install a recent MySQL 5.5 server, the packages will still be actively maintained on Dotdeb, in terms of features and optimization.

Categories
Redis

Redis 2.4.14

Redis 2.4.14 has been released to fix many non trivial bugs :

  • [BUGFIX] Fixed issue #518 (Redis 99% CPU when master down).
  • [BUGFIX] Fixed issue #516 (ZINTERSTORE mixing sets and zsets).
  • [BUGFIX] Fixed a bug in install_server.sh when using chkconfig
  • [BUGFIX] Fixes to --test-memory implementation.
  • [BUGFIX] Allow PREFIX to be overridden in Makefile.
  • [BUGFIX] The test is now more reliable on slow computers.
  • redis-cli –pipe mode, see http://redis.io/topics/mass-insert
  • Much better expired keys collection algorithm that makes the server much more responsive when a lot of keys are expiring at the same time.

The packages are now available for Debian 6.0 “Squeeze” on both amd64 and i386 architectures. The upgrade urgency is high.