Your message dated Sun, 10 Sep 2006 09:24:22 +0200
with message-id <[EMAIL PROTECTED]>
and subject line acknowledging NMU
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: php4
Version: 4:4.4.2-1
Severity: normal
Tags: patch
Hi,
Attached is the diff for my php4 4:4.4.2-1.1 NMU.
diff -Nru /tmp/lqhcFBVQep/php4-4.4.2/debian/changelog
/tmp/965ba9IQOe/php4-4.4.2/debian/changelog
--- /tmp/lqhcFBVQep/php4-4.4.2/debian/changelog 2006-06-13 22:05:28.000000000
+0200
+++ /tmp/965ba9IQOe/php4-4.4.2/debian/changelog 2006-06-13 22:05:29.000000000
+0200
@@ -1,3 +1,15 @@
+php4 (4:4.4.2-1.1) unstable; urgency=high
+
+ * Non-maintainer upload.
+ * Backport patches from upstream CVS to fix security issues:
+ * 058-html_entity_decode_fix.patch: Fix information leak in
+ html_entity_decode() (CVE-2006-1490). (Closes: #359904)
+ * 059-wordwrap_fix.patch: Fix possible heap overflow in wordwrap()
+ (CVE-2006-1990). (Closes: #365311)
+ * Make sure patches are applied in correct order; patch from Sven Mueller.
+
+ -- Steinar H. Gunderson <[EMAIL PROTECTED]> Tue, 13 Jun 2006 21:09:20 +0200
+
php4 (4:4.4.2-1) unstable; urgency=low
* New upstream bugfix release, skipping the problematic 4.4.1 release:
diff -Nru
/tmp/lqhcFBVQep/php4-4.4.2/debian/patches/058-html_entity_decode_fix.patch
/tmp/965ba9IQOe/php4-4.4.2/debian/patches/058-html_entity_decode_fix.patch
--- /tmp/lqhcFBVQep/php4-4.4.2/debian/patches/058-html_entity_decode_fix.patch
1970-01-01 01:00:00.000000000 +0100
+++ /tmp/965ba9IQOe/php4-4.4.2/debian/patches/058-html_entity_decode_fix.patch
2006-06-13 22:05:29.000000000 +0200
@@ -0,0 +1,18 @@
+Fetched from upstream CVS, at
+
+
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/html.c?r1=1.63.2.23.2.1&r2=1.63.2.23.2.2&view=patch
+
+Fixes CVE-2006-1490.
+
+diff -ur php4-4.3.10-orig/ext/standard/html.c php4-4.3.10/ext/standard/html.c
+--- php4-4.3.10-orig/ext/standard/html.c 2004-07-13 19:15:13.000000000
+0200
++++ php4-4.3.10/ext/standard/html.c 2006-03-31 17:15:33.000000000 +0200
+@@ -791,7 +791,7 @@
+ enum entity_charset charset = determine_charset(hint_charset TSRMLS_CC);
+ unsigned char replacement[15];
+
+- ret = estrdup(old);
++ ret = estrndup(old,oldlen);
+ retlen = oldlen;
+ if (!retlen) {
+ goto empty_source;
diff -Nru /tmp/lqhcFBVQep/php4-4.4.2/debian/patches/059-wordwrap_fix.patch
/tmp/965ba9IQOe/php4-4.4.2/debian/patches/059-wordwrap_fix.patch
--- /tmp/lqhcFBVQep/php4-4.4.2/debian/patches/059-wordwrap_fix.patch
1970-01-01 01:00:00.000000000 +0100
+++ /tmp/965ba9IQOe/php4-4.4.2/debian/patches/059-wordwrap_fix.patch
2006-06-13 22:05:29.000000000 +0200
@@ -0,0 +1,35 @@
+Fetched from upstream CVS, at
+
+
http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.333.2.52.2.3&r2=1.333.2.52.2.4&view=patch
+
+Fixes CVE-2006-1990.
+
+--- php4-4.3.10.orig/ext/standard/string.c 2006/01/01 13:46:58
1.333.2.52.2.3
++++ php4-4.3.10/ext/standard/string.c 2006/03/13 14:41:27 1.333.2.52.2.4
+@@ -18,7 +18,7 @@
+ +----------------------------------------------------------------------+
+ */
+
+-/* $Id: string.c,v 1.333.2.52.2.3 2006/01/01 13:46:58 sniper Exp $ */
++/* $Id: string.c,v 1.333.2.52.2.4 2006/03/13 14:41:27 iliaa Exp $ */
+
+ /* Synced with php 3.0 revision 1.193 1999-06-16 [ssb] */
+
+@@ -672,15 +672,13 @@
+ /* Multiple character line break or forced cut */
+ if (linelength > 0) {
+ chk = (int)(textlen/linelength + 1);
++ newtext = safe_emalloc(chk, breakcharlen, textlen + 1);
+ alloced = textlen + chk * breakcharlen + 1;
+ } else {
+ chk = textlen;
++ newtext = safe_emalloc(textlen, (breakcharlen + 1), 1);
+ alloced = textlen * (breakcharlen + 1) + 1;
+ }
+- if (alloced <= 0) {
+- RETURN_FALSE;
+- }
+- newtext = emalloc(alloced);
+
+ /* now keep track of the actual new text length */
+ newtextlen = 0;
diff -Nru /tmp/lqhcFBVQep/php4-4.4.2/debian/rules
/tmp/965ba9IQOe/php4-4.4.2/debian/rules
--- /tmp/lqhcFBVQep/php4-4.4.2/debian/rules 2006-06-13 22:05:28.000000000
+0200
+++ /tmp/965ba9IQOe/php4-4.4.2/debian/rules 2006-06-13 22:05:29.000000000
+0200
@@ -101,7 +101,7 @@
patch: patch-stamp
patch-stamp:
dh_testdir
- for patch in debian/patches/*.patch; do \
+ for patch in `ls debian/patches/*.patch | sort`; do \
echo '->'`basename $$patch`:; \
if ! patch -p1 --ignore-whitespace --dry-run < $$patch; \
then \
--- End Message ---
--- Begin Message ---
the changes in this NMU have been incorporated into the latest version
in unstable.
thanks,
sean
signature.asc
Description: This is a digitally signed message part
--- End Message ---