[php-maint] Re: php and apache DSAs
sean finney
seanius at debian.org
Sat Aug 26 10:32:15 UTC 2006
apologies if you're receiving a second copy of this, i apparently hosed
the config of one of my MTA's...
On Fri, Aug 25, 2006 at 09:12:48PM +0200, Martin Schulze wrote:
> Er... If I write broken code, I must not wonder why the resulting
> program is broken as well. I'm sorry. We cannot fix stupidity.
fair enough.
> Err.. yes, except that both htmlspecialchars() and htmlentities()
> would "fix" the string already. Again, this is broken programming
> that triggers a problem. Nothing for a security advisory.
okay.
> Feel free to ask the SRM team if they are happy with a PHP update.
i don't think any of the previous issues warrant a s-p-u update,
though if there were one for unrelated reasons i'd think of
including them as well.
> Who the hell would do *this*? Honestly! Reality check!
/me r's tfm for the function and agrees.
> > > > + - CVE-2005-3353: Possible DoS via malformed jpegs in
exif_read_data()
>
> I agree that this seems to warrant a security update.
>
> Ok, so we're down to one vulnerability that may require fixing.
>
> Could you provide a patch with only this one?
sure, i'll prepare something this afternoon.
On Fri, Aug 25, 2006 at 09:34:50PM +0200, Martin Schulze wrote:
> > I think at least CVE-2006-3017, CVE-2005-3389, CVE-2006-4020, and
php bug
> > #38112 should be fixed. But I read your answer as "no" to my second
> > question.
>
> Interesting, most of them were not on the list from Sean, hence
copied.
yeah. i'd been working with a list that was forwarded to me by either
moritz or micah, and i haven't done any extra checking to see whether
there were more.
> CVE-2006-3017 - unset() fails to unset variables due to duplicate hash
val
>
> This one I accept as bug that warrants a security update.
> Upstream patch attached for reference and maybe for Sean to
> include it.
i'll add that to the list.
On Sat, Aug 26, 2006 at 11:28:01AM +0200, Martin Schulze wrote:
> > Yes, it's in the php4-gd package. PHP on sarge crashes with the
> > example gif from the bug report. Of course, I don't know whether
this
> > can be used to execute arbitrary code, but I expect that it is
easier
> > to fix it than to analyse it.
>
> Stefan/Sean, could you retrieve the patch for it? Maybe ask
> pajoye at php.net.
if noone else does by the time i get the previously mentioned stuff
done, i'll see if i can dig it up. stefan, if you want to help out
more with this, we should probably coordinate over irc/icq/im/whatever
to make sure we don't duplicate any effort. i'll be stepping out to do
some saturday shopping but will be back in a few hours.
sean
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20060826/ebf29139/attachment.pgp
More information about the pkg-php-maint
mailing list