Month: May 2014

On May 1st 2014, the PHP group has released PHP 5.4.28. 9 bugs were fixed in this release, including CVE-2014-0185. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

• for Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze”,
• on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Please note that if you’re using an Unix socket to make PHP-FPM talk to your web server, you’ll have to set the listen.owner and listen.group directive to the right user/group (usually www-data), for each of your pool. Don’t change the permissions on the socket from 0660 to 0666 (too permissive), it would avoid the CVE-2014-0185 fix.

And if you find Dotdeb useful, feel free to show your support.

On April 30th 2014, the PHP group has released PHP 5.5.12 :

This release fixes several bugs against PHP 5.5.11, as well as CVE-2014-0185 regarding PHP-FPM. All PHP users are encouraged to upgrade to this new version.

As a consequence, PHP 5.5.12 packages are now available on Dotdeb for Debian 7.4 “Wheezy”, on both amd64 and i386 architectures.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

Please note that if you’re using an Unix socket to make PHP-FPM talk to your web server, you’ll have to set the listen.owner and listen.group directive to the right user/group (usually www-data), for each of your pool. Don’t change the permissions on the socket from 0660 to 0666 (too permissive), it would avoid the CVE-2014-0185 fix.

And don’t forget: if you find Dotdeb useful, you may want to show your support.