[Pkg-php-commits] r1087 - in php5/branches/lenny/debian: . patches
Sean Finney
seanius at alioth.debian.org
Tue May 27 18:24:43 UTC 2008
Author: seanius
Date: 2008-05-27 18:24:43 +0000 (Tue, 27 May 2008)
New Revision: 1087
Added:
php5/branches/lenny/debian/patches/CVE-2008-0599.patch
Modified:
php5/branches/lenny/debian/changelog
php5/branches/lenny/debian/patches/series
Log:
fix for CVE-2008-0599
Modified: php5/branches/lenny/debian/changelog
===================================================================
--- php5/branches/lenny/debian/changelog 2008-05-27 17:52:34 UTC (rev 1086)
+++ php5/branches/lenny/debian/changelog 2008-05-27 18:24:43 UTC (rev 1087)
@@ -2,6 +2,7 @@
* Security upload for testing to bypass current blockage in unstable.
* The following security issues are addressed with this update:
+ - CVE-2008-0599: cgi sapi PATH_TRANSLATED buffer overflow
- CVE-2008-1384: integer overflow in printf()
- CVE-2008-2050: possible stack buffer overflow in the FastCGI SAPI
- CVE-2008-2051: incomplete multibyte chars inside escapeshellcmd()
Added: php5/branches/lenny/debian/patches/CVE-2008-0599.patch
===================================================================
--- php5/branches/lenny/debian/patches/CVE-2008-0599.patch (rev 0)
+++ php5/branches/lenny/debian/patches/CVE-2008-0599.patch 2008-05-27 18:24:43 UTC (rev 1087)
@@ -0,0 +1,14 @@
+http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.54&r2=1.267.2.15.2.55&diff_format=u
+Index: php-src/sapi/cgi/cgi_main.c
+diff -u php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.54 php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.55
+--- php-src/sapi/cgi/cgi_main.c:1.267.2.15.2.54 Mon Dec 31 07:20:16 2007
++++ php-src/sapi/cgi/cgi_main.c Thu Feb 28 00:29:29 2008
+@@ -1017,7 +1017,7 @@
+ ) {
+ /* PATH_TRANSLATED = PATH_TRANSLATED - SCRIPT_NAME + PATH_INFO */
+ int ptlen = strlen(pt) - strlen(env_script_name);
+- int path_translated_len = ptlen + env_path_info ? strlen(env_path_info) : 0;
++ int path_translated_len = ptlen + (env_path_info ? strlen(env_path_info) : 0);
+ char *path_translated = NULL;
+
+ path_translated = (char *) emalloc(path_translated_len + 1);
Modified: php5/branches/lenny/debian/patches/series
===================================================================
--- php5/branches/lenny/debian/patches/series 2008-05-27 17:52:34 UTC (rev 1086)
+++ php5/branches/lenny/debian/patches/series 2008-05-27 18:24:43 UTC (rev 1087)
@@ -31,3 +31,4 @@
CVE-2008-1384.patch
CVE-2008-2050.patch
CVE-2008-2051.patch
+CVE-2008-0599.patch
More information about the Pkg-php-commits
mailing list