Categories
PHP

PHP 5.5.13 for Debian Wheezy

On May 29th 2014, the PHP group has released PHP 5.5.13 :

This release fixes several bugs in PHP 5.5.12, and addresses two CVEs in Fileinfo (CVE-2014-0238 and CVE-2014-0237).

As a consequence, PHP 5.5.13 packages are now available on Dotdeb for Debian 7.5 “Wheezy”, on both amd64 and i386 architectures.

The following modules have been packaged too :

  • apcu 4.0.4
  • gearman 0.8.3
  • geoip 1.0.8
  • imagick 3.1.2
  • memcache 3.0.8
  • memcached 2.2.0
  • mongo 1.5.3
  • pecl_http 1.7.6
  • pinba (master)
  • redis 2.2.5
  • spplus 1.1
  • ssh2 0.12
  • xcache 3.1.0
  • xdebug 2.2.5
  • xhprof 0.9.4

Please note that the default permissions on the FPM Unix socket have been fixed, in a secure way.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

And don’t forget: if you find Dotdeb useful, you may want to show your support.

Categories
PHP

PHP 5.4.28, for Wheezy and Squeeze

On May 1st 2014, the PHP group has released PHP 5.4.28. 9 bugs were fixed in this release, including CVE-2014-0185. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze”,
  • on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

Please note that if you’re using an Unix socket to make PHP-FPM talk to your web server, you’ll have to set the listen.owner and listen.group directive to the right user/group (usually www-data), for each of your pool. Don’t change the permissions on the socket from 0660 to 0666 (too permissive), it would avoid the CVE-2014-0185 fix.

And if you find Dotdeb useful, feel free to show your support.

Categories
PHP

PHP 5.5.12 for Debian Wheezy

On April 30th 2014, the PHP group has released PHP 5.5.12 :

This release fixes several bugs against PHP 5.5.11, as well as CVE-2014-0185 regarding PHP-FPM. All PHP users are encouraged to upgrade to this new version.

As a consequence, PHP 5.5.12 packages are now available on Dotdeb for Debian 7.4 “Wheezy”, on both amd64 and i386 architectures.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

Please note that if you’re using an Unix socket to make PHP-FPM talk to your web server, you’ll have to set the listen.owner and listen.group directive to the right user/group (usually www-data), for each of your pool. Don’t change the permissions on the socket from 0660 to 0666 (too permissive), it would avoid the CVE-2014-0185 fix.

And don’t forget: if you find Dotdeb useful, you may want to show your support.

Categories
PHP

PHP 5.4.27, for Wheezy and Squeeze

On April 3rd 2014, the PHP group has released PHP 5.4.27. 6 bugs were fixed in this release, including CVE-2013-7345. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze”,
  • on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

And if you find Dotdeb useful, feel free to show your support.

Categories
PHP

PHP 5.5.11 for Debian Wheezy

On April 2nd 2014, the PHP group has released PHP 5.5.11 :

Several bugs were fixed in this release, some bundled libraries updated and a security issue has been fixed : CVE-2013-7345. We recommand all PHP 5.5 users to upgrade to this version.

As a consequence, PHP 5.5.11 packages are now available on Dotdeb for Debian 7.4 “Wheezy”, on both amd64 and i386 architectures.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

And don’t forget: if you find Dotdeb useful, you may want to show your support.

Categories
Miscellaneous Nginx

Security : Nginx 1.4.7, for Wheezy and Squeeze

Nginx 1.4.7 has been released on March 18th 2014, fixing a potential heap memory buffer overflow when using SPDY, and also the fastcgi_next_upstream directive. More info in the changelog.

As a consequence, Dotdeb’s packages of Nginx 1.4.7 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386).

As usual, if you want to know which module has been included in each Nginx flavor, you just have to look at this document.

Categories
PHP

PHP 5.4.26, for Wheezy and Squeeze

On March 7th 2014, the PHP group has released PHP 5.4.26. 5 bugs were fixed in this release, including CVE-2014-1943. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

  • for Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze”,
  • on both amd64 and i386 architectures.

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

And if you find Dotdeb useful, feel free to show your support.

Categories
PHP

PHP 5.5.10, for Debian 7.0 “Wheezy”

On March 6th 2014, the PHP group has released PHP 5.5.10. Several bugs were fixed in this release, including security issues related to CVEs. CVE-2014-1943, CVE-2014-2270 and CVE-2013-7327 have been addressed in this release. All PHP 5.5 users should upgrade to this version.

As a consequence, PHP 5.5.10 packages are now available on Dotdeb for Debian 7.0 “Wheezy”, on both amd64 and i386 architectures.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

And don’t forget: if you find Dotdeb useful, you may want to show your support.

Categories
MySQL

Percona toolkit 2.2.7

Percona toolkit 2.2.7 is now available on Dotdeb for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze”. This release fixes one security bug. An upgrade is recommended.

As usual, before upgrading, please read the list of changes for Percona toolkit 2.2.7 and the announcement by Hrvoje Matijakovic.

Categories
Nginx

Security : Nginx 1.4.6, for Wheezy and Squeeze

Nginx 1.4.6 has been released on March 4th 2014, fixing client_max_body_size when used with chunked transfer encoding and a segfault when proxying WebSocket connections. More info in the changelog.

As a consequence, Dotdeb’s packages of Nginx 1.4.6 are now available for both Debian 7.0 “Wheezy” and Debian 6.0 “Squeeze” (amd64/i386), with some extra changes :

  • nginx-auth-ldap is now available in nginx-extras,
  • modules have been updated.

As usual, if you want to know which module has been included in each Nginx flavor, you just have to look at this document.