Bug#506706: marked as done (php5: CVE-2008-3658 patch not completely implemented.)

Fri, 08 Jan 2010 08:46:41 -0800 

Your message dated Fri, 8 Jan 2010 17:37:53 +0100
with message-id <[email protected]>
and subject line #506706: php5: CVE-2008-3658 patch not completely implemented.
has caused the Debian Bug report #506706,
regarding php5: CVE-2008-3658 patch not completely implemented.
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
506706: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506706
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: php5
Version: 5.2.0-8+etch13
Severity: normal / exempt
Justification: no longer builds from source (in some cases)

The "CVE-2008-3658: Buffer overflow in the imageloadfont function." patch makes 
a call to the overflow2() function which is an undefined reference.
That particular function is defined in gd_security.c which is part of the php5 
source tree but is not included in this Debian source package.

As a result the package will fail to build when it is configured to include the 
bundled GD library which comes with php5 rather than linking to
the shared version which it defaults to.

As it is Debian policy to build this package against the shared GD library that 
comes with the distribution, this report will never be an issue.

For the record and completeness I thought it would be best to make mention of 
it anyway.

Jan-Willem Korver ([email protected])

-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.23-1-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages php5 depends on:
ii  libapache2-mod- 5.2.0-8+etch13 server-side, HTML-embedded scripti
ii  php5-cgi        5.2.0-8+etch13 server-side, HTML-embedded scripti
ii  php5-common     5.2.0-8+etch13 Common files for packages built fr

php5 recommends no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Not an issue in debian php5.

-- 
Ondřej Surý <[email protected]>
http://blog.rfc1925.org/

--- End Message ---

Reply via email to