Bug#382261: marked as done (php5: CVE-2006-4020: arbitrary code execution in php)

Fri, 01 Sep 2006 08:01:38 -0700 

Your message dated Fri, 01 Sep 2006 16:35:35 +0200
with message-id <[EMAIL PROTECTED]>
and subject line [Fwd: Fixed in NMU of php4 4:4.4.4-1]
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: php5
Severity: grave
Tags: security
Justification: user security hole


CVE-2006-4020:
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows
context-dependent attackers to execute arbitrary code via a sscanf PHP
function call that performs argument swapping, which increments an
index past the end of an array and triggers a buffer over-read.

patch is at 
http://bugs.php.net/bug.php?id=38322

Please mention the CVE-id in the changelog

--- End Message ---
--- Begin Message --- 
Just didn't realized that I am not in uploaders for php4.

Ondrej.
-- 
Ondřej Surý <[EMAIL PROTECTED]>
--- Begin Message --- 
tag 361210 + fixed
tag 382259 + fixed
tag 382261 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload.  The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 19 Aug 2006 16:00:25 +0200
Source: php4
Binary: php4-sybase php4-recode php4-cgi libapache-mod-php4 php4-cli php4-dev 
php4-snmp libapache2-mod-php4 php4-odbc php4-xslt php4-mysql php4-domxml 
php4-gd php4-ldap php4-common php4 php4-curl php4-pear php4-mcal php4-mhash 
php4-pgsql
Architecture: source i386 all
Version: 4:4.4.4-1
Distribution: unstable
Urgency: low
Maintainer: Ondřej Surý <[EMAIL PROTECTED]>
Changed-By: Ondřej Surý <[EMAIL PROTECTED]>
Description: 
 libapache-mod-php4 - server-side, HTML-embedded scripting language (apache 1.3 
module)
 libapache2-mod-php4 - server-side, HTML-embedded scripting language (apache 
2.0 module)
 php4       - server-side, HTML-embedded scripting language (meta-package)
 php4-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php4-cli   - command-line interpreter for the php4 scripting language
 php4-common - Common files for packages built from the php4 source
 php4-curl  - CURL module for php4
 php4-dev   - Files for PHP4 module development
 php4-domxml - XMLv2 module for php4
 php4-gd    - GD module for php4
 php4-ldap  - LDAP module for php4
 php4-mcal  - MCAL calendar module for php4
 php4-mhash - MHASH module for php4
 php4-mysql - MySQL module for php4
 php4-odbc  - ODBC module for php4
 php4-pear  - PHP Extension and Application Repository (transitional package)
 php4-pgsql - PostgreSQL module for php4
 php4-recode - Character recoding module for php4
 php4-snmp  - SNMP module for php4
 php4-sybase - Sybase / MS SQL Server module for php4
 php4-xslt  - XSLT module for php4
Closes: 361210 382259 382261
Changes: 
 php4 (4:4.4.4-1) unstable; urgency=low
 .
   * Acknowledge NMU.
   * New upstream release [4.4.4]
     - Added missing safe_mode/open_basedir checks inside the error_log(),
       file_exists(), imap_open() and imap_reopen() functions.
     - Fixed overflows inside str_repeat() and wordwrap() functions on 64bit
       systems.
     - Fixed possible open_basedir/safe_mode bypass in cURL extension.
       (CVE-2006-2563)
     - Fixed overflow in GD extension on invalid GIF images.
     - Fixed a buffer overflow inside sscanf() function. (CVE-2006-4020)
       (Closes: 382261)
     - Fixed memory_limit restriction on 64 bit system.
 .
   * New upstream release [4.4.3]
     - Disallow certain characters in session names. (CVE-2006-3016)
     - Fixed a bug that would allow variable to survive unset().
       (CVE-2006-3017) (Closes: #382259)
     - Fixed a buffer overflow inside the wordwrap() function.
     - Prevent jumps to parent directory via the 2nd parameter of
       the tempnam() function.
     - Improved safe_mode check for the error_log() function.
     - Fixed cross-site scripting inside the phpinfo() function.
   * Add Galician debconf translation, from Jacobo Tarrio
     (closes: #361210).
   * Bump libdb build-dep from libdb4.3 to libdb4.4, to match with apache.
Files: 
 ce888ee6fee02ce7bc07e99cedb523d1 1794 web optional php4_4.4.4-1.dsc
 e884b9b7c2e936310553c946bc2f67c2 5555168 web optional php4_4.4.4.orig.tar.gz
 a3a4c6f6a640e902a1521fd55dd14e01 101406 web optional php4_4.4.4-1.diff.gz
 27bb78bd2106f0a8a14cf51b67fdcd66 175078 web optional 
php4-common_4.4.4-1_i386.deb
 406ed2a0257d13585be3bf49e1ff7d98 1597644 web optional 
libapache-mod-php4_4.4.4-1_i386.deb
 81b598f4dffa4d185a45d2ae2f362b14 1594756 web optional 
libapache2-mod-php4_4.4.4-1_i386.deb
 a8573b08e7b3c3e6d24d6e65c85f0867 3176904 web optional php4-cgi_4.4.4-1_i386.deb
 7e0703e114e0c31cf932452a1e6466a0 1594368 web optional php4-cli_4.4.4-1_i386.deb
 4623f3db0e9b91d59d3608bdfb5e8a18 201150 devel optional 
php4-dev_4.4.4-1_i386.deb
 ad75f97bcadd56e5cfeb490de80d9c9e 19638 web optional php4-curl_4.4.4-1_i386.deb
 4439599eba9eacc0682786cccf36742a 38816 web optional 
php4-domxml_4.4.4-1_i386.deb
 8660d9b03aeff2cd4657b828c9175105 33368 web optional php4-gd_4.4.4-1_i386.deb
 649844775653123ae07fc1db44b51278 20838 web optional php4-ldap_4.4.4-1_i386.deb
 7209bbfb20cc20b23100b04727b615db 17772 web optional php4-mcal_4.4.4-1_i386.deb
 339ca41a4fb30c2d9e3ab1eacdc8a422 8836 web optional php4-mhash_4.4.4-1_i386.deb
 9e3136557d3692c283620b3d45bfb9b3 22258 web optional php4-mysql_4.4.4-1_i386.deb
 df92f27e4c4deda28cf1b1b8518dad30 28316 web optional php4-odbc_4.4.4-1_i386.deb
 d4b8bf33ff3434258d090c3e03dbf51e 37644 web optional php4-pgsql_4.4.4-1_i386.deb
 052ea34c499b563f6c746b87a921fdbf 8542 web optional php4-recode_4.4.4-1_i386.deb
 f59228e0a1f4914a74a9bc5a42dc0b6c 14052 web optional php4-snmp_4.4.4-1_i386.deb
 a926909be28482fc017b1f68e42fd881 21824 web optional 
php4-sybase_4.4.4-1_i386.deb
 9e56fa0c080a594756a9aa5955e67cc8 16970 web optional php4-xslt_4.4.4-1_i386.deb
 f26d0c764f2d7be492ff08393db4c5d7 1162 web optional php4_4.4.4-1_all.deb
 756044a055a51190c3d9d8e1544d9713 1176 web optional php4-pear_4.4.4-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFE+D3k9OZqfMIN8nMRAh5fAJ9PTtuzQmfK9c05oeGhORlPfkuCvQCfUaHB
72yfOlPwzYUYb6pCDDAaTAc=
=edu6
-----END PGP SIGNATURE-----

--- End Message ---

--- End Message ---

Reply via email to