On Wed, Apr 29, 2009 at 12:23:04AM +0200, sean finney wrote: > i believe i've managed to get the last couple fixes that need to be done for > php5, and this should all be put into git now. i'm gonna sleep on it though > and review tomorrow morning before i build/tag/upload.
i've just tagged/uploaded it. thanks to thijs for catching a stable/oldstable
reference mixup at the last minute. for reference, the upload fixes
the following issues:
- CVE-2008-5624: proper initialization of uid/gid for apache2 sapi.
- CVE-2008-5557: heap overflows in the mbstring extension.
- CVE-2008-5658: directory traversal in the zip extension
- CVE-2008-2107/CVE-2008-2108: crypto weaknesses in php_rand module
- CVE-2009-0754.patch: mbstring.func_overload leakage between vhosts
- CVE-2008-5814: XSS vulnerability via display_errors
- (no CVE): file truncation via inifile handler for the dba functions.
*** note one issue is missing (i overlooked it until writing this mail),
so there will be yet another upload coming shortly. ***
it also has the following non-security-but-previously-discussed changes:
* Backport the patch from lenny/sid to use the system timezone database
instead of the embedded php timezone database which is out of date.
Patch: 143-use_embedded_timezonedb.patch (closes: #471104).
* Repack the etch version of php5, stripping out the (unused) dbase
module which contained licensing problems (closes: #341420).
the following changes are not addressed:
CVE-2007-4659 low* no
Description: The zend_alter_ini_entry function in PHP before 5.2.4 does
not properly handle an interruption to the flow of execution triggered by a
memory_limit violation, which has unknown impact and attack vectors.
Rationale: no info/proof
CVE-2008-2829 low no
Description: php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other
versions, uses obsolete API calls that allow context-dependent attackers to
cause a denial of service (crash) and possibly execute arbitrary code via a
long IMAP request, which triggers an "rfc822.c legacy routine buffer overflow"
error message.
Rationale: impossible to fix without a new version of libc-client-dev
CVE-2009-1271
Description: The JSON_parser function (ext/json/JSON_parser.c) in PHP
5.2.x before ...
Rationale: i missed this one, it needs to be addressed. we already
have a fix in lenny which applies cleanly...
CVE-2009-1272
Description: The php_zip_make_relative_path function in php_zip.c in
PHP 5.2.x ...
does not affect us, as we never took the "broken" fix for CVE-2008-5658
signature.asc
Description: Digital signature
_______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/secure-testing-team
