[Pkg-php-commits] r1071 - in php4/branches/etch/debian: . patches

Sean Finney seanius at alioth.debian.org
Wed May 14 20:10:06 UTC 2008 

Author: seanius
Date: 2008-05-14 20:10:05 +0000 (Wed, 14 May 2008)
New Revision: 1071

Removed:
   php4/branches/etch/debian/patches/134-CVE-2008-1384.patch
Modified:
   php4/branches/etch/debian/changelog
Log:
remove fix for CVE-2008-1384, it requires stupid local user and not a complete fix in php4

Modified: php4/branches/etch/debian/changelog
===================================================================
--- php4/branches/etch/debian/changelog	2008-05-13 21:41:33 UTC (rev 1070)
+++ php4/branches/etch/debian/changelog	2008-05-14 20:10:05 UTC (rev 1071)
@@ -4,7 +4,6 @@
   * NMU prepared for the security team by the package maintainer.
   * The following security issues are addressed with this update:
     - CVE-2007-3806: glob denial of service
-    - CVE-2008-1384: integer overflow in printf() 
     - CVE-2008-2051: incomplete multibyte chars inside escapeshellcmd()
 
  -- Sean Finney <seanius at debian.org>  Tue, 13 May 2008 20:37:20 +0200

Deleted: php4/branches/etch/debian/patches/134-CVE-2008-1384.patch
===================================================================
--- php4/branches/etch/debian/patches/134-CVE-2008-1384.patch	2008-05-13 21:41:33 UTC (rev 1070)
+++ php4/branches/etch/debian/patches/134-CVE-2008-1384.patch	2008-05-14 20:10:05 UTC (rev 1071)
@@ -1,32 +0,0 @@
-http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&view=patch
---- old/ext/standard/formatted_print.c	2007/12/31 07:12:15	1.104
-+++ new/ext/standard/formatted_print.c	2008/03/17 23:07:55	1.105
-@@ -94,6 +94,7 @@
- 	register int npad;
- 	int req_size;
- 	int copy_len;
-+	int m_width;
- 
- 	copy_len = (expprec ? MIN(max_width, len) : len);
- 	npad = min_width - copy_len;
-@@ -104,11 +105,19 @@
- 	
- 	PRINTF_DEBUG(("sprintf: appendstring(%x, %d, %d, \"%s\", %d, '%c', %d)\n",
- 				  *buffer, *pos, *size, add, min_width, padding, alignment));
-+	m_width = MAX(min_width, copy_len);
- 
--	req_size = *pos + MAX(min_width, copy_len) + 1;
-+	if(m_width > INT_MAX - *pos - 1) {
-+		zend_error(E_ERROR, "Field width %d is too long", m_width);
-+	}
-+
-+	req_size = *pos + m_width + 1;
- 
- 	if (req_size > *size) {
- 		while (req_size > *size) {
-+			if(*size > INT_MAX/2) {
-+				zend_error(E_ERROR, "Field width %d is too long", req_size); 
-+			}
- 			*size <<= 1;
- 		}
- 		PRINTF_DEBUG(("sprintf ereallocing buffer to %d bytes\n", *size));

More information about the Pkg-php-commits mailing list