Bug#396766: marked as done (CVE-2006-5465: PHP "htmlentities()" and "htmlspecialchars()" Buffer Overflows)

Tue, 07 Nov 2006 04:57:29 -0800 

Your message dated Tue, 07 Nov 2006 04:34:56 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#396766: fixed in php5 5.2.0-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
package: php5
severity: critical
tags: security

From http://secunia.com/advisories/22653/ :
"Some vulnerabilities have been reported in PHP, which can be 
exploited by malicious people to cause a DoS (Denial of Service) or 
potentially compromise a vulnerable system.
 
The vulnerabilities are caused due to boundary errors within 
the "htmlentities()" and "htmlspecialchars()" functions. If a PHP 
application uses these functions to process user-supplied input, this 
can be exploited to cause buffer overflows by passing specially 
crafted data to the affected application.
 
Successful exploitation may allow execution of arbitrary code."


Since htmlentities() and htmlspecialchars() are frequently used on 
user input, this seems quite severe to me.

--- End Message ---
--- Begin Message --- 
Source: php5
Source-Version: 5.2.0-1

We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive:

libapache-mod-php5_5.2.0-1_i386.deb
  to pool/main/p/php5/libapache-mod-php5_5.2.0-1_i386.deb
libapache2-mod-php5_5.2.0-1_i386.deb
  to pool/main/p/php5/libapache2-mod-php5_5.2.0-1_i386.deb
php-pear_5.2.0-1_all.deb
  to pool/main/p/php5/php-pear_5.2.0-1_all.deb
php5-cgi_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-cgi_5.2.0-1_i386.deb
php5-cli_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-cli_5.2.0-1_i386.deb
php5-common_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-common_5.2.0-1_i386.deb
php5-curl_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-curl_5.2.0-1_i386.deb
php5-dev_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-dev_5.2.0-1_i386.deb
php5-gd_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-gd_5.2.0-1_i386.deb
php5-ldap_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-ldap_5.2.0-1_i386.deb
php5-mhash_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-mhash_5.2.0-1_i386.deb
php5-mysql_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-mysql_5.2.0-1_i386.deb
php5-odbc_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-odbc_5.2.0-1_i386.deb
php5-pgsql_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-pgsql_5.2.0-1_i386.deb
php5-recode_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-recode_5.2.0-1_i386.deb
php5-snmp_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-snmp_5.2.0-1_i386.deb
php5-sqlite_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-sqlite_5.2.0-1_i386.deb
php5-sybase_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-sybase_5.2.0-1_i386.deb
php5-xmlrpc_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-xmlrpc_5.2.0-1_i386.deb
php5-xsl_5.2.0-1_i386.deb
  to pool/main/p/php5/php5-xsl_5.2.0-1_i386.deb
php5_5.2.0-1.diff.gz
  to pool/main/p/php5/php5_5.2.0-1.diff.gz
php5_5.2.0-1.dsc
  to pool/main/p/php5/php5_5.2.0-1.dsc
php5_5.2.0-1_all.deb
  to pool/main/p/php5/php5_5.2.0-1_all.deb
php5_5.2.0.orig.tar.gz
  to pool/main/p/php5/php5_5.2.0.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ondřej Surý <[EMAIL PROTECTED]> (supplier of updated php5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Tue,  7 Nov 2006 09:26:51 +0100
Source: php5
Binary: php5-gd php5-ldap php5 php5-xmlrpc libapache2-mod-php5 php5-xsl 
php5-cgi php-pear php5-pgsql php5-cli php5-recode php5-mhash php5-sybase 
php5-curl php5-odbc php5-mysql php5-common php5-snmp php5-dev php5-sqlite 
libapache-mod-php5
Architecture: source i386 all
Version: 5.2.0-1
Distribution: unstable
Urgency: high
Maintainer: Ondřej Surý <[EMAIL PROTECTED]>
Changed-By: Ondřej Surý <[EMAIL PROTECTED]>
Description: 
 libapache-mod-php5 - server-side, HTML-embedded scripting language (apache 1.3 
module)
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 
2.0 module)
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (meta-package)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dev   - Files for PHP5 module development
 php5-gd    - GD module for php5
 php5-ldap  - LDAP module for php5
 php5-mhash - MHASH module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Closes: 348882 359686 391368 396766 396873
Changes: 
 php5 (5.2.0-1) unstable; urgency=high
 .
   [ sean finney ]
   * new upstream release.  since this means the 5.1 series is deadware
     in the eyes of its developers, we better get on this train before
     it's too late.  Note: this also fixes the htmlentities() exploit.
     Reference:         CVE-2006-5465.
     Closes: #396766.
   * s/postinst/postrm/ on one critical line in debian/rules.  whoops.
     Thanks to Bart Martens for finding this (closes: #396873).
   * as a pennance i've enabled LFS support (closes: #359686).
   * new version now includes all mbstring headers (closes: #391368).
   * enable new built-in zip support.
   * enable pdo support for currently supported db types, and place the
     extensions in the respective extension packages.  future db
     types will be added, but probably post-etch as they will probably
     introduce new packages/dependencies (closes: #348882).
   * move the mysqli module into the mysql module's package, and remove
     the no longer necessary mysqli package.
   * massaging/removal of various patches to upstream changes:
     D      patches/106-strptime_xopen.patch
     D      patches/110-CVE-2006-4812_zend_alloc.patch
     M      patches/006-debian_quirks.patch
     D      patches/111-mbstring-headers.patch
     M      patches/053-extension_api.patch
 .
   [ Ondřej Surý ]
   * Package checked, upload to unstable.
Files: 
 601d32b9c9e288ede9206ef528ebf60b 1787 web optional php5_5.2.0-1.dsc
 52d7e8b3d8d7573e75c97340f131f988 8583491 web optional php5_5.2.0.orig.tar.gz
 5aa333e64f131dc5eeebcf364e1c87f6 91381 web optional php5_5.2.0-1.diff.gz
 d2f0232ded29a861a37f70fb480148aa 210304 web optional 
php5-common_5.2.0-1_i386.deb
 26ff6becd6a46cfafdc4d744b19577b2 2411026 web optional 
libapache-mod-php5_5.2.0-1_i386.deb
 fbd1170145be3d569a5f6ebe047ccd0d 2411862 web optional 
libapache2-mod-php5_5.2.0-1_i386.deb
 8d0ba6d2bf26d0f7163fad2178d688bc 4752368 web optional php5-cgi_5.2.0-1_i386.deb
 1f301d79a44d522ef78e579b3b444e26 2395336 web optional php5-cli_5.2.0-1_i386.deb
 2f15cff1d8e86b16119aef2e2e082467 341868 devel optional 
php5-dev_5.2.0-1_i386.deb
 7e3443f2390cbae23a4745d7da2f90d9 24450 web optional php5-curl_5.2.0-1_i386.deb
 f5a781659108b6c19afae3ead79eb091 33378 web optional php5-gd_5.2.0-1_i386.deb
 070b06493cf9284563783cd07edfcbcf 17228 web optional php5-ldap_5.2.0-1_i386.deb
 497d37132fc0fb058ff2a53bc485e285 5040 web optional php5-mhash_5.2.0-1_i386.deb
 5a4aa1c26d068ee8badcbb59e5609a16 64894 web optional php5-mysql_5.2.0-1_i386.deb
 dbc502f2036204ce462f97064e924f21 34038 web optional php5-odbc_5.2.0-1_i386.deb
 057593e0d4a5a9c6c6b62e3aec56cee2 50608 web optional php5-pgsql_5.2.0-1_i386.deb
 7ab5d17ba2c8220bf7a83448bb965100 4748 web optional php5-recode_5.2.0-1_i386.deb
 6832737a8aa5cde1bae4534af3b15750 11288 web optional php5-snmp_5.2.0-1_i386.deb
 ef5fdff78c2f3f7a8b0dbee85d8ac725 34450 web optional 
php5-sqlite_5.2.0-1_i386.deb
 d26eb9c578d9bffe25c24604dfbc0cf8 18386 web optional 
php5-sybase_5.2.0-1_i386.deb
 bd7a36beee5aeacbf1075546e2fb8c20 36430 web optional 
php5-xmlrpc_5.2.0-1_i386.deb
 169336def0c0027c24c2cb62d4ef60e4 12240 web optional php5-xsl_5.2.0-1_i386.deb
 b0c8bf539e44e436cfa1b35a2997ffc8 1032 web optional php5_5.2.0-1_all.deb
 b13b7bfb920cb1a5d6e79cf2135d9719 306718 web optional php-pear_5.2.0-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFFUHjr9OZqfMIN8nMRAuFjAJ9zdDV+k+h6dTfRd4P/nzyUMNydXQCeMJ8R
/lTlNapGGpBP/4rDNiFNlSY=
=TsAr
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to