Your message dated Sun, 18 Jan 2009 19:44:31 +0100
with message-id <[email protected]>
and subject line fixed in 5.2.6.dfsg.1-1
has caused the Debian Bug report #508021,
regarding php apache/2 SAPI php_getuid() overload
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
508021: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508021
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: php5
Version: 5.2.0-1
Severity: important
Tags: security patch
Hi,
This is the item mentioned in 5.2.7's NEWS:
> - Fixed missing initialization of BG(page_uid) and BG(page_gid),
> reported by Maksymilian Arciemowicz. (Stas)
SecurityReason's advisory can be found at [1], patch at [2].
Note: this issue probably affects php4 as well (apache and apache2 SAPIs).
[1]http://securityreason.com/achievement_securityalert/59
[2]http://cvs.php.net/viewvc.cgi/php-src/sapi/apache/mod_php5.c?r1=1.19.2.7.2.15&r2=1.19.2.7.2.16&diff_format=u
http://cvs.php.net/viewvc.cgi/php-src/ext/standard/basic_functions.c?r1=1.725.2.31.2.78&r2=1.725.2.31.2.79&diff_format=u
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
--- End Message ---
--- Begin Message ---
Version: 5.2.6.dfsg.1-1
this bug was fixed in the above version, though the bug id slipped through
the upload process. the svn trunk changelog has been updated to reference
the CVE.
sean
--
signature.asc
Description: Digital signature
--- End Message ---
