php4

Several remote vulnerabilities have been discovered in PHP, a
server-side, HTML-embedded scripting language, which may lead to the
execution of arbitrary code. The Common Vulnerabilities and Exposures
project identifies the following problems:

• CVE-2005-3353
  Tim Starling discovered that missing input sanitising in the EXIF
  module could lead to denial of service.
• CVE-2006-3017
  Stefan Esser discovered a security-critical programming error in the
  hashtable implementation of the internal Zend engine.
• CVE-2006-4482
  It was discovered that str_repeat() and wordwrap() functions perform
  insufficient checks for buffer boundaries on 64 bit systems, which
  might lead to the execution of arbitrary code.
• CVE-2006-5465
  Stefan Esser discovered a buffer overflow in the htmlspecialchars()
  and htmlentities(), which might lead to the execution of arbitrary
  code.

For the stable distribution (sarge) these problems have been fixed in
version 4:4.3.10-18. Builds for hppa and m68k will be provided later
once they are available.

For the unstable distribution (sid) these problems have been fixed in
version 4:4.4.4-4 of php4 and version 5.1.6-6 of php5.

We recommend that you upgrade your php4 packages.