Bug#410561: marked as done (php5: multiple security issues fixed in php 5.2.1)

Sun, 04 Mar 2007 04:57:21 -0800 

Your message dated Sun, 04 Mar 2007 12:47:05 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#410995: fixed in php5 5.2.0-9
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: php5
Version: 5.2.0-8
Severity: grave
Tags: security
Justification: user security hole


PHP 5.2.1 fixes some security problems. See

http://www.php.net/releases/5_2_1.php
http://secunia.com/advisories/24089/

PHP 4.4 is affected by at least some of the issues, too.

--- End Message ---
--- Begin Message --- 
Source: php5
Source-Version: 5.2.0-9

We believe that the bug you reported is fixed in the latest version of
php5, which is due to be installed in the Debian FTP archive:

libapache-mod-php5_5.2.0-9_amd64.deb
  to pool/main/p/php5/libapache-mod-php5_5.2.0-9_amd64.deb
libapache2-mod-php5_5.2.0-9_amd64.deb
  to pool/main/p/php5/libapache2-mod-php5_5.2.0-9_amd64.deb
php-pear_5.2.0-9_all.deb
  to pool/main/p/php5/php-pear_5.2.0-9_all.deb
php5-cgi_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-cgi_5.2.0-9_amd64.deb
php5-cli_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-cli_5.2.0-9_amd64.deb
php5-common_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-common_5.2.0-9_amd64.deb
php5-curl_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-curl_5.2.0-9_amd64.deb
php5-dev_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-dev_5.2.0-9_amd64.deb
php5-gd_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-gd_5.2.0-9_amd64.deb
php5-imap_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-imap_5.2.0-9_amd64.deb
php5-interbase_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-interbase_5.2.0-9_amd64.deb
php5-ldap_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-ldap_5.2.0-9_amd64.deb
php5-mcrypt_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-mcrypt_5.2.0-9_amd64.deb
php5-mhash_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-mhash_5.2.0-9_amd64.deb
php5-mysql_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-mysql_5.2.0-9_amd64.deb
php5-odbc_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-odbc_5.2.0-9_amd64.deb
php5-pgsql_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-pgsql_5.2.0-9_amd64.deb
php5-pspell_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-pspell_5.2.0-9_amd64.deb
php5-recode_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-recode_5.2.0-9_amd64.deb
php5-snmp_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-snmp_5.2.0-9_amd64.deb
php5-sqlite_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-sqlite_5.2.0-9_amd64.deb
php5-sybase_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-sybase_5.2.0-9_amd64.deb
php5-tidy_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-tidy_5.2.0-9_amd64.deb
php5-xmlrpc_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-xmlrpc_5.2.0-9_amd64.deb
php5-xsl_5.2.0-9_amd64.deb
  to pool/main/p/php5/php5-xsl_5.2.0-9_amd64.deb
php5_5.2.0-9.diff.gz
  to pool/main/p/php5/php5_5.2.0-9.diff.gz
php5_5.2.0-9.dsc
  to pool/main/p/php5/php5_5.2.0-9.dsc
php5_5.2.0-9_all.deb
  to pool/main/p/php5/php5_5.2.0-9_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
sean finney <[EMAIL PROTECTED]> (supplier of updated php5 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Sat, 03 Mar 2007 11:13:33 +0100
Source: php5
Binary: php5-gd php5-ldap php5 php5-xmlrpc php5-pspell libapache2-mod-php5 
php5-xsl php5-cgi php-pear php5-tidy php5-pgsql php5-cli php5-recode php5-mhash 
php5-sybase php5-curl php5-odbc php5-mcrypt php5-mysql php5-common php5-imap 
php5-snmp php5-dev php5-sqlite libapache-mod-php5 php5-interbase
Architecture: source amd64 all
Version: 5.2.0-9
Distribution: unstable
Urgency: high
Maintainer: Debian PHP Maintainers <[EMAIL PROTECTED]>
Changed-By: sean finney <[EMAIL PROTECTED]>
Description: 
 libapache-mod-php5 - server-side, HTML-embedded scripting language (apache 1.3 
module)
 libapache2-mod-php5 - server-side, HTML-embedded scripting language (apache 2 
module)
 php-pear   - PEAR - PHP Extension and Application Repository
 php5       - server-side, HTML-embedded scripting language (meta-package)
 php5-cgi   - server-side, HTML-embedded scripting language (CGI binary)
 php5-cli   - command-line interpreter for the php5 scripting language
 php5-common - Common files for packages built from the php5 source
 php5-curl  - CURL module for php5
 php5-dev   - Files for PHP5 module development
 php5-gd    - GD module for php5
 php5-imap  - IMAP module for php5
 php5-interbase - interbase/firebird module for php5
 php5-ldap  - LDAP module for php5
 php5-mcrypt - MCrypt module for php5
 php5-mhash - MHASH module for php5
 php5-mysql - MySQL module for php5
 php5-odbc  - ODBC module for php5
 php5-pgsql - PostgreSQL module for php5
 php5-pspell - pspell module for php5
 php5-recode - recode module for php5
 php5-snmp  - SNMP module for php5
 php5-sqlite - SQLite module for php5
 php5-sybase - Sybase / MS SQL Server module for php5
 php5-tidy  - tidy module for php5
 php5-xmlrpc - XML-RPC module for php5
 php5-xsl   - XSL module for php5
Closes: 401712 410995
Changes: 
 php5 (5.2.0-9) unstable; urgency=high
 .
   [ sean finney ]
   * The following security issues are addressed with this update:
     - CVE-2007-0906: Multiple buffer overflows in various code:
       * session (addressed in patch for CVE-2007-0910 below)
       * imap (062-CVE-2007-0906-imap.patch)
       * str_replace: (064-CVE-2007-0906-strreplace.patch)
       * interbase: (063-CVE-2007-0906-interbase.patch)
       * the zip, sqlite, stream filters, and mail related vulnerabilities
         in this CVE do not affect the debian sarge php4 source package.
     - CVE-2007-0907: sapi_header_op buffer underflow (065-CVE-2007-0907.patch)
     - CVE-2007-0908: wddx information disclosure (066-CVE-2007-0908.patch)
     - CVE-2007-0909: More buffer overflows:
       * the odbc_result_all function (067-CVE-2007-0909-odbc.patch)
       * various formatted print functions (068-CVE-2007-0909-printf.patch)
     - CVE-2007-0910: Clobbering of super-globals (069-CVE-2007-0910.patch)
     - CVE-2007-0988: 64bit unserialize DoS (070-CVE-2007-0988.patch)
     Closes: #410995.
   * The package maintainers would like to thank Joe Orton from redhat and
     Martin Pitt from ubuntu for their help in preparation of this update.
   * backport upstream fix for AUTH PLAIN support in imap extension
     Closes: #401712.
Files: 
 8ec576c28ce6c0087711116d775fd0dd 1964 web optional php5_5.2.0-9.dsc
 626425910661565e37a0d65274ac9c23 100821 web optional php5_5.2.0-9.diff.gz
 638b2a1b2f89f0f5346c570a54fade8f 216386 web optional 
php5-common_5.2.0-9_amd64.deb
 4d64422f486e89b580fbc220b85ea144 2508012 web optional 
libapache-mod-php5_5.2.0-9_amd64.deb
 880874c8f7bc636db650b592c9a28142 2508424 web optional 
libapache2-mod-php5_5.2.0-9_amd64.deb
 14d8b195d217dab6c9b215a72f83718e 4858746 web optional 
php5-cgi_5.2.0-9_amd64.deb
 5df1e212eb97027c17bf9af3ce45a277 2450074 web optional 
php5-cli_5.2.0-9_amd64.deb
 177a1cfcea485b9944ff70c63040a403 341984 devel optional 
php5-dev_5.2.0-9_amd64.deb
 6c0198f8810533a0fdeeeafcf675978a 24958 web optional php5-curl_5.2.0-9_amd64.deb
 c58044cbc52ba4a14dc9150652dd6db2 37038 web optional php5-gd_5.2.0-9_amd64.deb
 cba5e61616c28175de5c6c0d237597cb 36682 web optional php5-imap_5.2.0-9_amd64.deb
 3676b8cd181fc55aca80a59a50b4bbfc 46704 web optional 
php5-interbase_5.2.0-9_amd64.deb
 3e17fc70ec04ad38ebe0c60579a1c0a4 18652 web optional php5-ldap_5.2.0-9_amd64.deb
 c1e0aebf57e2397a9ed6edb36ebec8bf 13476 web optional 
php5-mcrypt_5.2.0-9_amd64.deb
 9035f338eb081be2fc77dd77ee309c51 5252 web optional php5-mhash_5.2.0-9_amd64.deb
 cade69582ea7ed92dfa8bab4fea66bb6 71748 web optional 
php5-mysql_5.2.0-9_amd64.deb
 e8e36b42000240bc86107fd3baa9f58b 36396 web optional php5-odbc_5.2.0-9_amd64.deb
 2cb996933af4f6570a20f59cdddfe58a 54140 web optional 
php5-pgsql_5.2.0-9_amd64.deb
 960ae345ca18f1be2b2d73399f963ca2 9392 web optional 
php5-pspell_5.2.0-9_amd64.deb
 a537a5b3f8cfcfb8402903124e2b35af 4890 web optional 
php5-recode_5.2.0-9_amd64.deb
 a4e7823510821fce0c68c25b20bb016a 12044 web optional php5-snmp_5.2.0-9_amd64.deb
 4509a839e04f3753142f040de60a7db4 38456 web optional 
php5-sqlite_5.2.0-9_amd64.deb
 2f26efedbbce2e29809c04a9e3e83c08 19414 web optional 
php5-sybase_5.2.0-9_amd64.deb
 a90e52fa24061ff7adc03440fbfc64fe 17554 web optional php5-tidy_5.2.0-9_amd64.deb
 ca5010080aa4da1c2d546ab53cbbea92 39148 web optional 
php5-xmlrpc_5.2.0-9_amd64.deb
 756966ec0d3a4a63fda91f8bd2a7e9a8 13014 web optional php5-xsl_5.2.0-9_amd64.deb
 cf3a91a050f826936d34fe06f6580b07 1036 web optional php5_5.2.0-9_all.deb
 31ee85724cf978a49f0c416275359271 306940 web optional php-pear_5.2.0-9_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF6rnWynjLPm522B0RAphOAJ9vnh9X3hM4NYLFeaQXNZYWbVimXgCfcfEr
stXacCId2TJXSc3hAxvyzcw=
=2Jrl
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to