Tag: security

On July 10th 2015, the PHP group released PHP 5.6.11.

Five security-related issues in PHP were fixed in this release, including CVE-2015-3152. All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.6.11 packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures, in ZTS and non-ZTS (default) flavors, along with the usual PECL extensions.

Note : php5-memcached still lacks JSON support.

On June 11th 2015, the PHP group released PHP 5.4.42.

Six security-related issues in PHP were fixed in this release, as well as several security issues in bundled sqlite library (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416). All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

• for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
• on both amd64 and i386 architectures.

The following modules have been packaged too :

• APC 3.1.13
• apcu 4.0.7
• ffmpeg 0.6.0 (Squeeze only)
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.6.9
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.7
• spplus 1.1
• ssh2 0.12
• xcache 3.2.0
• xdebug 2.3.3
• xhprof 0.9.4
• zendopcache 7.0.5

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

On June 11th 2015, the PHP group released PHP 5.5.26.

Several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326). All PHP 5.5 users are encouraged to upgrade to this version.

PHP 5.5.26 packages are now available on Dotdeb for Debian 7 “Wheezy”, on both amd64 and i386 architectures.

The following modules have been packaged too :

• apcu 4.0.7
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.6.9
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.7
• spplus 1.1
• ssh2 0.12
• xcache 3.2.0
• xdebug 2.3.2
• xhprof 0.9.4

Please note that the PCRE issue that Apache users encountered is now fixed.

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

On June 11th 2015, the PHP group released PHP 5.6.10.

Several bugs have been fixed as well as several security issues into some bundled libraries (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416, CVE-2015-2325 and CVE-2015-2326). All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.6.10 packages are now available for Debian 7 “Wheezy”, on both amd64 and i386 architectures, in ZTS and non-ZTS (default) flavors, along with packages of Xdebug (yeah!), XHprof (yeah! x2) and other PECL extensions.

Note : php5-memcached still lacks JSON support.

On May 14th 2015, the PHP group released PHP 5.4.41.

Seven security-related issues were fixed in this version. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

• for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
• on both amd64 and i386 architectures.

The following modules have been packaged too :

• APC 3.1.13
• apcu 4.0.7
• ffmpeg 0.6.0 (Squeeze only)
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.6.8
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.7
• spplus 1.1
• ssh2 0.12
• xcache 3.2.0
• xdebug 2.3.2
• xhprof 0.9.4
• zendopcache 7.0.5

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

On April 16th 2015, the PHP group released PHP 5.4.40.

14 security-related bugs were fixed in this release, including CVE-2014-9709, CVE-2015-2301, CVE-2015-2783, CVE-2015-1352. All PHP 5.4 users are encouraged to upgrade to this version.

The corresponding packages are now available on Dotdeb :

• for Debian 7 “Wheezy” and Debian 6 “Squeeze”,
• on both amd64 and i386 architectures.

The following modules have been packaged too :

• APC 3.1.13
• apcu 4.0.7
• ffmpeg 0.6.0 (Squeeze only)
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.6.6
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.7
• spplus 1.1
• ssh2 0.12
• xcache 3.2.0
• xdebug 2.3.2
• xhprof 0.9.4
• zendopcache 7.0.5

As usual, please read the ChangeLog before upgrading and be sure to use to the latest packages before reporting any issue.

On April 16th 2015, the PHP group released PHP 5.5.24.

Several bugs have been fixed some of them beeing security related, like CVE-2015-1351 and CVE-2015-1352. All PHP 5.5 users are encouraged to upgrade to this version.

PHP 5.5.24 packages are now available on Dotdeb for Debian 7 “Wheezy”, on both amd64 and i386 architectures.

The following modules have been packaged too :

• apcu 4.0.7
• gearman 0.8.3
• geoip 1.0.8
• imagick 3.1.2
• memcache 3.0.8
• memcached 2.2.0
• mongo 1.6.6
• pecl_http 1.7.6
• pinba (master)
• redis 2.2.7
• spplus 1.1
• ssh2 0.12
• xcache 3.2.0
• xdebug 2.3.2
• xhprof 0.9.4

Please read the Changelog and the migration guide (be aware of the backward incompatible changes) before upgrading.

On April 16th 2015, the PHP group released PHP 5.6.8.

Several bugs have been fixed some of them beeing security related, like CVE-2015-1351 and CVE-2015-1352. All PHP 5.6 users are encouraged to upgrade to this version.

PHP 5.6.8 packages are now available on Dotdeb for Debian 7 “Wheezy”, on both amd64 and i386 architectures, in ZTS and non-ZTS (default) flavors.

Notes :

• Regression : php5-memcached still lacks JSON support
• Xcache, Xdebug and Xhprof are currently being worked on and should be available in the next few days