This bug was fixed in the package php5 - 5.2.6.dfsg.1-3ubuntu4.4
---
php5 (5.2.6.dfsg.1-3ubuntu4.4) jaunty-security; urgency=low
* SECURITY UPDATE: certificate spoofing via null-byte certs (LP: #446313)
- debian/patches/CVE-2009-3291.patch: validate certificate's CN length
This bug was fixed in the package php5 - 5.2.6-2ubuntu4.5
---
php5 (5.2.6-2ubuntu4.5) intrepid-security; urgency=low
* SECURITY UPDATE: file truncation via key with null byte
- debian/patches/CVE-2008-7068.patch: make sure key and value are sane
in
** Branch linked: lp:ubuntu/intrepid-security/php5
** Branch linked: lp:ubuntu/jaunty-security/php5
--
[SRU] stack smashing detected when calling xmlrpc_set_type
https://bugs.launchpad.net/bugs/239513
You received this bug notification because you are a member of Ubuntu
Server Team, which is
** Changed in: php5 (Ubuntu Intrepid)
Assignee: (unassigned) = Marc Deslauriers (mdeslaur)
** Changed in: php5 (Ubuntu Jaunty)
Assignee: Chuck Short (zulcss) = Marc Deslauriers (mdeslaur)
--
[SRU] stack smashing detected when calling xmlrpc_set_type
This is still an issue in Intrepid also.
** Changed in: php5 (Ubuntu Intrepid)
Status: New = Confirmed
--
[SRU] stack smashing detected when calling xmlrpc_set_type
https://bugs.launchpad.net/bugs/239513
You received this bug notification because you are a member of Ubuntu
Server Team,
Per mdeslaurs (and confirmed by myself), this is still an issue in
jaunty; re-opening.
** Changed in: php5 (Ubuntu Jaunty)
Status: Fix Released = Triaged
--
[SRU] stack smashing detected when calling xmlrpc_set_type
https://bugs.launchpad.net/bugs/239513
You received this bug
This should already be fixed.
** Changed in: php5 (Ubuntu Jaunty)
Status: In Progress = Fix Released
--
[SRU] stack smashing detected when calling xmlrpc_set_type
https://bugs.launchpad.net/bugs/239513
You received this bug notification because you are a member of Ubuntu
Server Team,
This bug was fixed in the package php5 - 5.2.4-2ubuntu5.4
---
php5 (5.2.4-2ubuntu5.4) hardy-proposed; urgency=low
* debian/rules:
- Use system tzdata.
* debian/patches/use_embedded_timezonedb.patch
- Patch taken from intrepid, allows us to default to using the system
Chuck, please fix this in Jaunty ASAP.
** Changed in: php5 (Ubuntu Jaunty)
Assignee: (unassigned) = Chuck Short (zulcss)
--
[SRU] stack smashing detected when calling xmlrpc_set_type
https://bugs.launchpad.net/bugs/239513
You received this bug notification because you are a member of
I am able to reproduce this error with php5-xmlrpc 5.2.4-2ubuntu5.3 from
hardy-updates on i386, and can confirm that php5-xmlrpc
5.2.4-2ubuntu5.4 in hardy-proposed address the issue. It also passes the
security team's regression tests (I've added the above to their
testsuite).
More checks for
One last comment: I rebuilt the php package (on i386) using the sources
in hardy-proposed; as part of its build, php runs a fairly extensive set
of regression tests. There are a couple of new failures versus the
results (recorded in the security team's qa-regression-testing bzr tree)
from
Accepted into hardy-proposed, please test and give feedback here. Please
see https://wiki.ubuntu.com/Testing/EnableProposed for documentation how
to enable and use -proposed. Thank you in advance!
** Changed in: php5 (Ubuntu Hardy)
Status: New = Fix Committed
** Tags added:
I rejected the 5.2.4-2ubuntu5.4 upload. Its changelog referred to the
fix for this bug, but the upload didn't actually include it. Please
upload a new version with this patch actually applied.
While you are at it, please clean up use_embedded_timezonedb.patch to
not contain the .orig file.
This bug has been fixed for jaunty.
With the following patch attached this does not happen anymore. I have
included the patch for your review.
Steps to Reproduce:
1. On i386 install php5-cgi php5-libxml.
2. Run the script in the above bug-report.
3. Expected result is that it doesnt cause PHP
** Attachment added: fix-xmlrpc-datetime.diff
http://launchpadlibrarian.net/19835274/fix-xmlrpc-datetime.diff
--
[SRU] stack smashing detected when calling xmlrpc_set_type
https://bugs.launchpad.net/bugs/239513
You received this bug notification because you are a member of Ubuntu
Server
15 matches
Mail list logo
