[Pkg-php-commits] r1154 - in php5/branches/etch/debian: . patches
Sean Finney
seanius at alioth.debian.org
Sun Sep 14 12:13:19 UTC 2008
Author: seanius
Date: 2008-09-14 12:13:19 +0000 (Sun, 14 Sep 2008)
New Revision: 1154
Added:
php5/branches/etch/debian/patches/139-CVE-2008-3659.patch
php5/branches/etch/debian/patches/140-CVE-2008-3658.patch
Modified:
php5/branches/etch/debian/changelog
Log:
fix for a couple CVEs
Modified: php5/branches/etch/debian/changelog
===================================================================
--- php5/branches/etch/debian/changelog 2008-09-11 14:13:42 UTC (rev 1153)
+++ php5/branches/etch/debian/changelog 2008-09-14 12:13:19 UTC (rev 1154)
@@ -1,3 +1,15 @@
+php5 (5.2.0-8+etch13) stable-security; urgency=high
+
+ * NOT YET UPLOADED
+ * Upload to etch for security issues
+ * The following security issues are addressed with this update:
+ - CVE-2008-3658: Buffer overflow in the imageloadfont function.
+ Patch: 140-CVE-2008-3658.patch
+ - CVE-2008-3659: Buffer overflow in the memnstr function.
+ Patch: 139-CVE-2008-3659.patch
+
+ -- Sean Finney <seanius at debian.org> Sun, 14 Sep 2008 14:14:02 +0200
+
php5 (5.2.0-8+etch12) stable-security; urgency=high
* Upload to etch for security issues.
Added: php5/branches/etch/debian/patches/139-CVE-2008-3659.patch
===================================================================
--- php5/branches/etch/debian/patches/139-CVE-2008-3659.patch (rev 0)
+++ php5/branches/etch/debian/patches/139-CVE-2008-3659.patch 2008-09-14 12:13:19 UTC (rev 1154)
@@ -0,0 +1,14 @@
+fix for CVE-2008-3659
+http://cvs.php.net/viewvc.cgi/ZendEngine2/zend_operators.h?r1=1.94.2.4.2.11&r2=1.94.2.4.2.12&view=patch
+--- old/Zend/zend_operators.h 2007/12/31 07:20:03 1.94.2.4.2.11
++++ new/Zend/zend_operators.h 2008/08/05 20:11:17 1.94.2.4.2.12
+@@ -220,6 +220,9 @@
+ char *p = haystack;
+ char ne = needle[needle_len-1];
+
++ if(needle_len > end-haystack) {
++ return NULL;
++ }
+ end -= needle_len;
+
+ while (p <= end) {
Added: php5/branches/etch/debian/patches/140-CVE-2008-3658.patch
===================================================================
--- php5/branches/etch/debian/patches/140-CVE-2008-3658.patch (rev 0)
+++ php5/branches/etch/debian/patches/140-CVE-2008-3658.patch 2008-09-14 12:13:19 UTC (rev 1154)
@@ -0,0 +1,27 @@
+CVE-2008-3658
+http://cvs.php.net/viewvc.cgi/php-src/ext/gd/gd.c?r1=1.312.2.20.2.35&r2=1.312.2.20.2.36&view=patch
+--- old/ext/gd/gd.c 2008/05/04 21:19:17 1.312.2.20.2.35
++++ new/ext/gd/gd.c 2008/07/17 22:58:23 1.312.2.20.2.36
+@@ -1636,6 +1636,22 @@
+ font->nchars = FLIPWORD(font->nchars);
+ body_size = font->w * font->h * font->nchars;
+ }
++
++ if (overflow2(font->nchars, font->h)) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font, invalid font header");
++ efree(font);
++ php_stream_close(stream);
++ RETURN_FALSE;
++ }
++ if (overflow2(font->nchars * font->h, font->w )) {
++ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font, invalid font header");
++ efree(font);
++ php_stream_close(stream);
++ RETURN_FALSE;
++ }
++
++
++
+
+ if (body_size != body_size_check) {
+ php_error_docref(NULL TSRMLS_CC, E_WARNING, "Error reading font");
More information about the Pkg-php-commits
mailing list