Package: php5 Version: 5.2.0-8+etch10 Tags: security, upstream, fixed-upstream, etch, lenny
http://www.php.net/ChangeLog-5.php lists several security fixes which are included in upstream PHP 5.2.6: * Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin) --> CVE-2008-2050 (acc. to http://marc.info/?l=oss-security&m=120974347717937) --> not tracked by Debian yet * Properly address incomplete multibyte chars inside escapeshellcmd() (Ilia, Stefan Esser) --> CVE-2008-2051 (acc. to http://marc.info/?l=oss-security&m=120974347717937) --> not tracked yet * Fixed security issue detailed in CVE-2008-0599. (Rasmus) --> CVE-2008-0599 (acc. to http://www.php.net/ChangeLog-5.php) --> already tracked at http://security-tracker.debian.net/tracker/CVE-2008-0599 * Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. (Ilia) --> CVE-2007-4850 (acc. to http://securityreason.com/achievement_securityalert/51) --> already tracked at http://security-tracker.debian.net/tracker/CVE-2007-4850 --> missing source package reference at http://security-tracker.debian.net/tracker/source-package/php5 * Upgraded PCRE to version 7.6 (Nuno) --> CVE-2008-0674 (best match, no reference found) --> not tracked yet --> possibly missing reference at http://security-tracker.debian.net/tracker/CVE-2008-0674 (but should really be tracked seperately) --> local code execution through buffer overflow CC to [EMAIL PROTECTED]: contains info on security issues not fixed in Debian Stable CC to secure-testing-team: contains info on security issues not fixed in Debian Testing CC to debian-security-tracker: contains info on missing cross references on security-tracker.d~.n~ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
