[php-maint] Re: research for recent PHP security vulnerabilities
Moritz Muehlenhoff
jmm at inutil.org
Thu Sep 7 20:25:48 UTC 2006
On Thu, Sep 07, 2006 at 05:05:14PM +0200, sean finney wrote:
> hey martin,
>
> On Thu, 2006-09-07 at 14:25 +0200, Martin Pitt wrote:
> > I just finished the PHP security update for Ubuntu, to fix some of the
> > recent issues. I talked to Sean yesterday and promised to share my
> > patch research, so here it is.
>
> i'll put comments inline, as i've discussed some of these with the
> security team already. i'm going to add in a few addresses in the
> cc field to make sure everyone's on the same page if you don't mind.
Martin, you fixed CVE-2006-3016 in USN-320. Details are sparse, do you
have a patch, so that we can check, whether php4 is affected and judge
the nature of this issue?
The same applies for CVE-2006-3018.
> joey/moritz: i think at this point to get a cumulative release for
> stable, we'll need an authoritive statement on the following:
> - CVE-2006-4020(scanf): fix or not?
> - CVE-2006-4433(sessions): fix or not?
> - CVE-2006-4482(new wordwrap): fix or not?
>
> additionally, we should:
> - get 2 new CVE numbers for libgd and xloadimage respectively.
> - fix the problem in xloadimage (the php patch fixes libgd2,
> but xloadimage has no common code and it was just luck that
> i stumbled across this)
What about CVE-2006-0931? This seems to come from php-pear from
the php4 source package.
Cheers,
Moritz
More information about the pkg-php-maint
mailing list