[php-maint] Bug#511493 closed by sean finney <seanius at debian.org> (Re: Bug#511493: CVE-2008-5557: buffer overflow)

sean finney seanius at debian.org
Wed Jan 14 07:33:37 UTC 2009 

hiya,

(adding pkg-php-maint to the cc, hope that's okay)

On Tue, Jan 13, 2009 at 10:42:22PM +0100, Steffen Joeris wrote:
> Could you also please check this CVE id[0]?

CVE-2008-5814: XSS vuln if display_errors = On

i'll see if i can find a fix for this, which means a scavenger hunt through
upstream cvs :/.  seems a bit of a corner case but probably worth fixing.

> Also it would be great to get other known php issues fixed for lenny. Please 
> see php in this list[1]. And then of course it would be nice to get another 

CVE-2008-5658: Directory traversal vulnerability in ZipArchive::extractTo

honestly, i don't view this as a php vulnerability, though others might
disagree.

CVE-2008-5624: PHP 5 before 5.2.7 does not properly initialize the page_uid

fixed in latest sid upload.  i didn't see the CVE id so it wasn't mentioned.

    - Incorporate fix from 5.3 for proper initialization of uid/gid for
      apache2 sapi.
      Patch: BG-initializing-fix.patch

i also seem to have forgotten that there is a bug open against it.  i'll make
sure to update the bug and changelog.

CVE-2008-5557: Heap-based buffer overflow in ...

fixed in latest sid upload (CVE/bug properly handled).

TEMP-0507101-001778: php: inifile handler for the dba functions/file truncation

i wasn't aware of this one, i'll look into it.


so that makes:

CVE-2008-5814: XSS vuln if display_errors = On
TEMP-0507101-001778: php: inifile handler for the dba functions/file truncation

which are needing review/inclusion, and possibly:

CVE-2008-5658: Directory traversal vulnerability in ZipArchive::extractTo

depending on consensus.

> php5 DSA out to fix at least most of the issues for php5 in this list[2].

yeah, as i've lately been moaning on the pkg-php list, merging is a major
PITA in subversion so I'd rather get everything sorted out in sid and lenny
before working on etch.

> Would you or some other php5 maintainer have time to work on it? :)
> I might be able to assist, but would like to have someone who knows php5 
> better than me :)

i'm really busy/unavaible during the day, but over the evenings and
weekends i'm putting some time into this.  if you'd like to help, i
think the first thing we need to do is go on a cvs commit treasure hunt.

if you have time in the day to put towards this please feel encouraged,
just let us know what you're working on so we don't duplicate any effort :)


	sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20090114/95ded652/attachment.pgp

More information about the pkg-php-maint mailing list