Your message dated Sat, 14 Dec 2013 12:47:35 +0000
with message-id <e1vrod5-0002at...@franck.debian.org>
and subject line Bug#731895: fixed in php5 5.4.4-14+deb7u7
has caused the Debian Bug report #731895,
regarding php5: CVE-2013-6420: memory corruption in openssl_x509_parse()
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
731895: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731895
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: php5
Severity: grave
Tags: security upstream patch
Hi,
the following vulnerability was published for php5.
CVE-2013-6420[0]:
php: memory corruption in openssl_x509_parse()
The upstream commit is found at [1].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
http://security-tracker.debian.org/tracker/CVE-2013-6420
[1]
http://git.php.net/?p=php-src.git;a=commitdiff;h=c1224573c773b6845e83505f717fbf820fc18415
Please adjust the affected versions in the BTS as needed; could you
check if squeeze and wheezy are affected as well?
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: php5
Source-Version: 5.4.4-14+deb7u7
We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 731...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Ondřej Surý <ond...@debian.org> (supplier of updated php5 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 12 Dec 2013 09:28:14 +0100
Source: php5
Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi
php5-cli php5-fpm libphp5-embed php5-dev php5-dbg php-pear php5-curl
php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap
php5-mcrypt php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell
php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl
Architecture: source all amd64
Version: 5.4.4-14+deb7u7
Distribution: wheezy-security
Urgency: low
Maintainer: Debian PHP Maintainers <pkg-php-ma...@lists.alioth.debian.org>
Changed-By: Ondřej Surý <ond...@debian.org>
Description:
libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2
module)
libapache2-mod-php5filter - server-side, HTML-embedded scripting language
(apache 2 filter mo
libphp5-embed - HTML-embedded scripting language (Embedded SAPI library)
php-pear - PEAR - PHP Extension and Application Repository
php5 - server-side, HTML-embedded scripting language (metapackage)
php5-cgi - server-side, HTML-embedded scripting language (CGI binary)
php5-cli - command-line interpreter for the php5 scripting language
php5-common - Common files for packages built from the php5 source
php5-curl - CURL module for php5
php5-dbg - Debug symbols for PHP5
php5-dev - Files for PHP5 module development
php5-enchant - Enchant module for php5
php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary)
php5-gd - GD module for php5
php5-gmp - GMP module for php5
php5-imap - IMAP module for php5
php5-interbase - interbase/firebird module for php5
php5-intl - internationalisation module for php5
php5-ldap - LDAP module for php5
php5-mcrypt - MCrypt module for php5
php5-mysql - MySQL module for php5
php5-mysqlnd - MySQL module for php5 (Native Driver)
php5-odbc - ODBC module for php5
php5-pgsql - PostgreSQL module for php5
php5-pspell - pspell module for php5
php5-recode - recode module for php5
php5-snmp - SNMP module for php5
php5-sqlite - SQLite module for php5
php5-sybase - Sybase / MS SQL Server module for php5
php5-tidy - tidy module for php5
php5-xmlrpc - XML-RPC module for php5
php5-xsl - XSL module for php5
Closes: 731112 731895
Changes:
php5 (5.4.4-14+deb7u7) wheezy-security; urgency=low
.
* [CVE-2013-6420]: Fix memory corruption in openssl_x509_parse (Closes:
#731895)
* [CVE-2013-6712] Fix heap buffer over-read in DateInterval (Closes: #731112)
Checksums-Sha1:
db945bf5566c133e9a5a8ad8d957477558db1217 3774 php5_5.4.4-14+deb7u7.dsc
2d5770884b9d82f96845e6f6f264207b204d781e 224674 php5_5.4.4-14+deb7u7.diff.gz
adac7fb7e845d983957cf4f68b841a6d3bb4bf81 1026 php5_5.4.4-14+deb7u7_all.deb
f8cb4713a7f6fbeac634351d648784c8b550c346 369272
php-pear_5.4.4-14+deb7u7_all.deb
7b8f7fee147a6adfc5859ec8a394d740546af1f5 588224
php5-common_5.4.4-14+deb7u7_amd64.deb
1f19a48535eb3dbdcf1054ea722db264c09825a5 2665644
libapache2-mod-php5_5.4.4-14+deb7u7_amd64.deb
90c505afee61d55c8ccb5675efd5bda9f10db6a0 2664020
libapache2-mod-php5filter_5.4.4-14+deb7u7_amd64.deb
33b57b7f454e81225e85c36368f371eae621109c 5100870
php5-cgi_5.4.4-14+deb7u7_amd64.deb
1a9a04d0a2a2922ed3bdfbbe59eb25595e7ff1cd 2557440
php5-cli_5.4.4-14+deb7u7_amd64.deb
b1f14068506342c40676e80216d9bd945564dcaa 2590524
php5-fpm_5.4.4-14+deb7u7_amd64.deb
bf2dc7d66197e8dd4299f156a4bde1a547aadd74 2662062
libphp5-embed_5.4.4-14+deb7u7_amd64.deb
2fa9c2c45c388052e86de83bc9ee7412aa80b8c9 497438
php5-dev_5.4.4-14+deb7u7_amd64.deb
1d73dea79699ce71d72dfb1e45e9b690996a897b 15959722
php5-dbg_5.4.4-14+deb7u7_amd64.deb
aaa2b5540479703de21c4dcfea147a8db43d12d4 29180
php5-curl_5.4.4-14+deb7u7_amd64.deb
81335f1d8a068ecde1fdedcca93855e95ed5a4a6 9946
php5-enchant_5.4.4-14+deb7u7_amd64.deb
0bdf85e6fddc81aaf8903b2af6644d2d16d2a75f 35720
php5-gd_5.4.4-14+deb7u7_amd64.deb
feb35e6db8ef93beebb92ec1f1125ed06cedf5d3 17176
php5-gmp_5.4.4-14+deb7u7_amd64.deb
16adc4bab5866032694d304cabf008bdafd687db 35614
php5-imap_5.4.4-14+deb7u7_amd64.deb
bfee5375d0ef1cdc0cfa4f1c71e8fc198b785bb8 49612
php5-interbase_5.4.4-14+deb7u7_amd64.deb
ec82ca53a7d5d13aace572ce61cf6504f85d608b 71974
php5-intl_5.4.4-14+deb7u7_amd64.deb
c39ca89875af3f07152fb16cac5963becdd9a330 21774
php5-ldap_5.4.4-14+deb7u7_amd64.deb
8ac4ea5ea32efd3f085bdb513a14d96708f6b695 16096
php5-mcrypt_5.4.4-14+deb7u7_amd64.deb
361119a73f99cd21a78986afff7bcd23ad8b88aa 80866
php5-mysql_5.4.4-14+deb7u7_amd64.deb
ff285289281b7826910243610de159ff3756a612 162732
php5-mysqlnd_5.4.4-14+deb7u7_amd64.deb
7ad381925371da2b3a428e0ed5cb4f65587e3219 36416
php5-odbc_5.4.4-14+deb7u7_amd64.deb
68000f4b9410f79129e6653156f9a5eba3e58ae8 61074
php5-pgsql_5.4.4-14+deb7u7_amd64.deb
94c12382f26554f7d0bbabdc285ef9d59750a8d0 8918
php5-pspell_5.4.4-14+deb7u7_amd64.deb
6d48c26b45194284a277b998461dc5f0dd539fdd 5214
php5-recode_5.4.4-14+deb7u7_amd64.deb
ba957e743ef6c2998e67d7b3d82f4714033bda8b 21820
php5-snmp_5.4.4-14+deb7u7_amd64.deb
bc4f7f65d3913d6de4572bb00fdd323470ae8801 30352
php5-sqlite_5.4.4-14+deb7u7_amd64.deb
90d3304b845d2008207d84086c46d55c058ad283 28456
php5-sybase_5.4.4-14+deb7u7_amd64.deb
fc6244cd23ca9fcbec1ffeb06e1812dea951b426 19610
php5-tidy_5.4.4-14+deb7u7_amd64.deb
8bd5ffd03cd69dcfa1fa12015f2870789f6aec61 36306
php5-xmlrpc_5.4.4-14+deb7u7_amd64.deb
9192145a1d1278f12e73ef5eeaaa4444595d2684 15430
php5-xsl_5.4.4-14+deb7u7_amd64.deb
Checksums-Sha256:
a7dfa75913c9e9ec1bd3d4351f8f9f58372b5c23db7d4303b4875e490a4410b2 3774
php5_5.4.4-14+deb7u7.dsc
266efe3362810b8d01cc7535e6cc2bc3907dc277c4af8824eb5990b168f55c26 224674
php5_5.4.4-14+deb7u7.diff.gz
431cf54e891b5cc1fefc4aa08abfeef7c5277dd1959445e61ee3ed4ee3f01f49 1026
php5_5.4.4-14+deb7u7_all.deb
9f54403a488bce95f0e41b6496c2f88f62b67f31ab99b1526847ee83bc348e9a 369272
php-pear_5.4.4-14+deb7u7_all.deb
c7f4610ae9f48652ef450e1753e46021610a26bc4d84e2c28400ac48dcb7bc2a 588224
php5-common_5.4.4-14+deb7u7_amd64.deb
a0731b0aa2b7732931d7c479e567ffdf2cf8a70a440ad0a209b76ca0c35f5a3b 2665644
libapache2-mod-php5_5.4.4-14+deb7u7_amd64.deb
52bec75ebcd31bd137cdaaf8f705b17d25825ef8d2e8c183f4a41ea0dae516e2 2664020
libapache2-mod-php5filter_5.4.4-14+deb7u7_amd64.deb
92543ccdb66bb240dcb7c6edf6b8d1f094ecda47035965ae774dcbdc25c39ff6 5100870
php5-cgi_5.4.4-14+deb7u7_amd64.deb
c72e018bbd3baf04de6e7ef8f850cfc9a4c4a5b308da7fedf1f09b5547359271 2557440
php5-cli_5.4.4-14+deb7u7_amd64.deb
8c791c0b417715e3b81eea73866f50bddcee65f49b8e01ebd3080cb7210a6603 2590524
php5-fpm_5.4.4-14+deb7u7_amd64.deb
1ae86ad6e9b13aa2cf0c20878ef933634c25073cb52e51456284dd443c6db048 2662062
libphp5-embed_5.4.4-14+deb7u7_amd64.deb
f5e9d7d575a94e24d08dad1c78b8d18c35eb648fa73f7a53b13d28f6b15cd00e 497438
php5-dev_5.4.4-14+deb7u7_amd64.deb
87396d4e276dc3f7fd7934bf339c6ef14785e366d106e2532f5432ae18d99e28 15959722
php5-dbg_5.4.4-14+deb7u7_amd64.deb
20d5fb56a5fdeda5c86f32833ce5b29b4d983742ee52e115ffc2348df1a9f648 29180
php5-curl_5.4.4-14+deb7u7_amd64.deb
879ed3d02207f67ae846fc9dfb79d282ebd47bc86fbe5407e966f20e6b8b20b6 9946
php5-enchant_5.4.4-14+deb7u7_amd64.deb
2d62819500676a910ca11f1aa27595b5210f36b7a49a6931bf88e07445ed407d 35720
php5-gd_5.4.4-14+deb7u7_amd64.deb
cffeb5ef13c7953289c3a7dbee4dcd797ed68ea5557b4c80764ba06c4b5cff9f 17176
php5-gmp_5.4.4-14+deb7u7_amd64.deb
5cad951dc61f8b032159724d2abc82c0533592cfdc279cd1c1c3798612a49bdb 35614
php5-imap_5.4.4-14+deb7u7_amd64.deb
f9eda4004de4eee6b6b0637aac087e99e4f8140327de9f6dbc82a6f4300b9cf1 49612
php5-interbase_5.4.4-14+deb7u7_amd64.deb
6616bb60365037165eb9c4b17a45dfcf47d25bd9e20842ae6ce4bce8a4ea5a03 71974
php5-intl_5.4.4-14+deb7u7_amd64.deb
9cc2fbe8d7f23bf5dd83b1303b22900c290dd14f92c9f2f6e00d00905e30ac67 21774
php5-ldap_5.4.4-14+deb7u7_amd64.deb
9cf8fd016a4f69443c3f45f7661067fc2d8b37ace351e4b4d9a60a9801af6b27 16096
php5-mcrypt_5.4.4-14+deb7u7_amd64.deb
dd3425a26dc14911d1babc2fa49fc42540f5f9555ebeb18c3338cff37f976764 80866
php5-mysql_5.4.4-14+deb7u7_amd64.deb
85dece646079668001a02713e91abb8e5783f9f982a2c229ec539961e579fc69 162732
php5-mysqlnd_5.4.4-14+deb7u7_amd64.deb
2f45221c74b97479d7e735e5afca8166b6f496c28f8bd64e777047ead3407e7f 36416
php5-odbc_5.4.4-14+deb7u7_amd64.deb
aba57579122f5e09c84df01f7a633e8334f441b7446a4ab2ebb75e14022d0773 61074
php5-pgsql_5.4.4-14+deb7u7_amd64.deb
3362b94c57579119b3a2aea8d5df423e72cad489d1d1ca461ab8cd9d742be100 8918
php5-pspell_5.4.4-14+deb7u7_amd64.deb
92a7cdbdf8fd6fd058c535072de43a1a37ae95ca78bc3fb825f75e0be0a5169a 5214
php5-recode_5.4.4-14+deb7u7_amd64.deb
bebf10aa3c679e2b666beca06d76b283825e01dfb732fa19750e3db8c88276ee 21820
php5-snmp_5.4.4-14+deb7u7_amd64.deb
b896960703fdd86effe6d1ea9c8f893b96d8d0144bc40f898b732be0825094a8 30352
php5-sqlite_5.4.4-14+deb7u7_amd64.deb
0c3bc4b1fe3f6f33cd32f54e467c6d400c2424062b95656b39bd0dad97c09538 28456
php5-sybase_5.4.4-14+deb7u7_amd64.deb
28e21aa5191fc3547b80d7c66d2e4e6c1b5ccf93bc554bac0883b081afb52e24 19610
php5-tidy_5.4.4-14+deb7u7_amd64.deb
da60cefeb26d84cd5a089d567603d468b0454d4e4ba4c32ea586f9ddec71a36b 36306
php5-xmlrpc_5.4.4-14+deb7u7_amd64.deb
3d0cd9124f0a7784d5d0989cf33131b73d0006bf336e282f5ea9bef90c95d9ad 15430
php5-xsl_5.4.4-14+deb7u7_amd64.deb
Files:
6bb319a9e0c78fd09df025b19e919704 3774 php optional php5_5.4.4-14+deb7u7.dsc
a5448fd9b9142dfd132274dbddb08559 224674 php optional
php5_5.4.4-14+deb7u7.diff.gz
dbecdb6ad4a5fec5371fec22a55b6bcc 1026 php optional php5_5.4.4-14+deb7u7_all.deb
431ce762368a7f3f80b55a3fd63dc0e5 369272 php optional
php-pear_5.4.4-14+deb7u7_all.deb
90a3b5aa93ca20c8bb6b10a013c3543e 588224 php optional
php5-common_5.4.4-14+deb7u7_amd64.deb
e4d39fc9d3dea4e30681a5b4ad3b5fb2 2665644 httpd optional
libapache2-mod-php5_5.4.4-14+deb7u7_amd64.deb
8762b560adb4643f78ef119914173a1a 2664020 httpd extra
libapache2-mod-php5filter_5.4.4-14+deb7u7_amd64.deb
5a31d15029c8ab82c35f029e08cdbecb 5100870 php optional
php5-cgi_5.4.4-14+deb7u7_amd64.deb
12dfecbdb8f369e5a4a5e9d3f1fbe6c2 2557440 php optional
php5-cli_5.4.4-14+deb7u7_amd64.deb
5364dc33928c74e1671e197ec5489e83 2590524 php optional
php5-fpm_5.4.4-14+deb7u7_amd64.deb
72de23f43a23a051ed5ab90b58252159 2662062 php optional
libphp5-embed_5.4.4-14+deb7u7_amd64.deb
8bbd0f91a963664e276ea01a204dc0a9 497438 php optional
php5-dev_5.4.4-14+deb7u7_amd64.deb
c50c99ae343779ed6c5fd85c38b5b3ab 15959722 debug extra
php5-dbg_5.4.4-14+deb7u7_amd64.deb
c88a37daa354eb53781cda83d2487cec 29180 php optional
php5-curl_5.4.4-14+deb7u7_amd64.deb
fbf88c769dcd85a376a9e361c7d235dc 9946 php optional
php5-enchant_5.4.4-14+deb7u7_amd64.deb
36462177a83483a15fe663f8275fbcc0 35720 php optional
php5-gd_5.4.4-14+deb7u7_amd64.deb
bc6aee606af394fde0352e6d59f8e2ea 17176 php optional
php5-gmp_5.4.4-14+deb7u7_amd64.deb
810d0a3a0faa01d7a994b35b203e9a07 35614 php optional
php5-imap_5.4.4-14+deb7u7_amd64.deb
77728d4cbccca6d9467b5eb79c6fd530 49612 php optional
php5-interbase_5.4.4-14+deb7u7_amd64.deb
7dab9e9e189f106352c31a9c49474881 71974 php optional
php5-intl_5.4.4-14+deb7u7_amd64.deb
e2cdab293fe921f38d01fcf9a29556d5 21774 php optional
php5-ldap_5.4.4-14+deb7u7_amd64.deb
0547f91fb82ead781e457fcfa78236d9 16096 php optional
php5-mcrypt_5.4.4-14+deb7u7_amd64.deb
cc1119a171ff912f941a7b0d24cc4f23 80866 php optional
php5-mysql_5.4.4-14+deb7u7_amd64.deb
44bcb46bee4189c0bc655481c5388174 162732 php extra
php5-mysqlnd_5.4.4-14+deb7u7_amd64.deb
b6a935f3bd2e91204fac0c80b7456f30 36416 php optional
php5-odbc_5.4.4-14+deb7u7_amd64.deb
c09de25160e50283978215df17a0e9a5 61074 php optional
php5-pgsql_5.4.4-14+deb7u7_amd64.deb
4592acf8d5fc245b6e67d64589e4638f 8918 php optional
php5-pspell_5.4.4-14+deb7u7_amd64.deb
acb2a611c1ae821772b26f4f3b9db891 5214 php optional
php5-recode_5.4.4-14+deb7u7_amd64.deb
3b4b2d1098fac93a6433bfe5e3887268 21820 php optional
php5-snmp_5.4.4-14+deb7u7_amd64.deb
be7dac2ad18d5c63f09d4b4331ed3500 30352 php optional
php5-sqlite_5.4.4-14+deb7u7_amd64.deb
5240b7b1793ea2b85861e5e8cc3b0c88 28456 php optional
php5-sybase_5.4.4-14+deb7u7_amd64.deb
b58a51560ec05ea81d216606f7e789af 19610 php optional
php5-tidy_5.4.4-14+deb7u7_amd64.deb
c2e46f8730c54d72bff03e50079aa405 36306 php optional
php5-xmlrpc_5.4.4-14+deb7u7_amd64.deb
318006868a749ce6105722e6daefd63b 15430 php optional
php5-xsl_5.4.4-14+deb7u7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEARECAAYFAlKpkXQACgkQ9OZqfMIN8nMqbgCgkPWbtQZJtF7DpCQz8kjD9BkR
Cz0An27zCfuxGluFb876xz5DEy6x7JGk
=OX+G
-----END PGP SIGNATURE-----
--- End Message ---
