Your message dated Wed, 24 Mar 2010 20:20:17 +0000 (WET)
with message-id <[email protected]>
and subject line Package php4 has been removed from Debian
has caused the Debian Bug report #499993,
regarding CVE-2008-3660: fastcgi module vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
499993: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499993
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: php5
Version: 5.2.6-3
Severity: important
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
via http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3660
PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6, when used as a FastCGI
module, allows remote attackers to cause a denial of service (crash)
via a request with multiple dots preceding the extension, as demonstrated
using foo..php.
patch:
http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch
- -- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages php5 depends on:
ii libapache2-mod-php5 5.2.6-3 server-side, HTML-embedded scripti
ii php5-cgi 5.2.6-3 server-side, HTML-embedded scripti
ii php5-common 5.2.6-3 Common files for packages built fr
php5 recommends no packages.
php5 suggests no packages.
- -- no debconf information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFI2d9CynjLPm522B0RAltTAJ92rgbk6C29VbCEYZGvrNvoOvVB9gCghdDw
xM8Ei8VXD0LEZXugHYeXmXo=
=RGSS
-----END PGP SIGNATURE-----
--- End Message ---
--- Begin Message ---
Version: 6:4.4.6-2+rm
You filed the bug http://bugs.debian.org/499993 in Debian BTS
against the package php4. I'm closing it at *unstable*, but it will
remain open for older distributions.
For more information about this package's removal, read
http://bugs.debian.org/428266. That bug might give the reasons why
this package was removed and suggestions of possible replacements.
Don't hesitate to reply to this mail if you have any question.
Thank you for your contribution to Debian.
--
Marco Rodrigues
--- End Message ---
