[php-maint] Re: research for recent PHP security vulnerabilities
seanius at debian.org
Tue Sep 19 20:23:55 UTC 2006
On Tue, 2006-09-19 at 08:42 +0200, sean finney wrote:
> > > > =================================================
> > > > CVE-2006-4482
> > > > str_repeat() and wordwrap() buffer overflow on 64 bit systems
> > > > 5.1: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.4184.108.40.206.10&r2=1.4220.127.116.11.11
> > > >
> > > > On 64 bit systems the str_repeat() and wordwrap() functions did not
> > > > properly check buffer boundaries. Depending on the application, this
> > > > could potentially be exploited to execute arbitrary code with the
> > > > applications' privileges. This only affects the amd64 and sparc
> > > > platforms.
> > This may indeed a real issue that should be fixed.
> i'll do so and provide an updated package.
oh, i guess i already did that. so, the diff at
should cover everything we've decided to cover. is there anything else
i can do to help things along at this point?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20060919/c7b709ae/attachment.pgp
More information about the pkg-php-maint