[Pkg-php-commits] r1087 - in php5/branches/lenny/debian: . patches

Sean Finney seanius at alioth.debian.org
Tue May 27 18:24:43 UTC 2008 

Author: seanius
Date: 2008-05-27 18:24:43 +0000 (Tue, 27 May 2008)
New Revision: 1087

Added:
   php5/branches/lenny/debian/patches/CVE-2008-0599.patch
Modified:
   php5/branches/lenny/debian/changelog
   php5/branches/lenny/debian/patches/series
Log:
fix for CVE-2008-0599

Modified: php5/branches/lenny/debian/changelog
===================================================================
--- php5/branches/lenny/debian/changelog	2008-05-27 17:52:34 UTC (rev 1086)
+++ php5/branches/lenny/debian/changelog	2008-05-27 18:24:43 UTC (rev 1087)
@@ -2,6 +2,7 @@
 
   * Security upload for testing to bypass current blockage in unstable.
   * The following security issues are addressed with this update:
+    - CVE-2008-0599: cgi sapi PATH_TRANSLATED buffer overflow
     - CVE-2008-1384: integer overflow in printf() 
     - CVE-2008-2050: possible stack buffer overflow in the FastCGI SAPI
     - CVE-2008-2051: incomplete multibyte chars inside escapeshellcmd()

Added: php5/branches/lenny/debian/patches/CVE-2008-0599.patch
===================================================================
--- php5/branches/lenny/debian/patches/CVE-2008-0599.patch	                        (rev 0)
+++ php5/branches/lenny/debian/patches/CVE-2008-0599.patch	2008-05-27 18:24:43 UTC (rev 1087)
@@ -0,0 +1,14 @@
+http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.54&r2=1.267.2.15.2.55&diff_format=u
+Index: php-src/sapi/cgi/cgi_main.c
+diff -u php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.54 php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.55
+--- php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.54	Mon Dec 31 07:20:16 2007
++++ php-src/sapi/cgi/cgi_main.c	Thu Feb 28 00:29:29 2008
+@@ -1017,7 +1017,7 @@
+ 						) {
+ 							/* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */
+ 							int ptlen = strlen(pt) - strlen(env_script_name);
+-							int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0;
++							int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0);
+ 							char *path_translated = NULL;
+ 
+ 							path_translated = (char *) emalloc(path_translated_len + 1);

Modified: php5/branches/lenny/debian/patches/series
===================================================================
--- php5/branches/lenny/debian/patches/series	2008-05-27 17:52:34 UTC (rev 1086)
+++ php5/branches/lenny/debian/patches/series	2008-05-27 18:24:43 UTC (rev 1087)
@@ -31,3 +31,4 @@
 CVE-2008-1384.patch
 CVE-2008-2050.patch
 CVE-2008-2051.patch
+CVE-2008-0599.patch

More information about the Pkg-php-commits mailing list