Package: php5 Severity: normal Tags: security Hi
Two new CVEs[0,1] have been allocated against php5. Please investigate, if the Debian versions are affected and if so monitor the CVE and see, if there can be a solution :) Please always mention the CVE id in the changelog, if a fix is uploaded. CVE-2007-4784: The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be demonstrated for code execution. CVE-2007-4783: The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2) a denial of service (temporary application hang) via a long string in the str parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless these issues can be demonstrated for code execution. Thanks for your efforts. Cheers Steffen [0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4784 [1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4783 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]