[php-maint] Bug#441433: CVE-2007-3806, CVE-2007-2519 and CVE-2007-3799
nion at debian.org
Sun Sep 9 19:27:28 UTC 2007
3 CVEs had been issued against php5:
The session_start function in ext/session in PHP 4.x up to
4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert
arbitrary attributes into the session cookie via special
characters in a cookie that is obtained from (1) PATH_INFO,
(2) the session_id function, and (3) the session_start
function, which are not encoded or filtered when the new
session cookie is generated.
Directory traversal vulnerability in the installer in PEAR
1.0 through 1.5.3 allows user-assisted remote attackers to
overwrite arbitrary files via a .. (dot dot) sequence in the
(1) install-as attribute in the file element in package.xml
1.0 or the (2) as attribute in the install element in
package.xml 2.0. NOTE: it could be argued that this does not
cross privilege boundaries in typical installations, since
the code being installed could perform the same actions.
The glob function in PHP 5.2.3 allows context-dependent
attackers to cause a denial of service and possibly execute
arbitrary code via an invalid value of the flags parameter,
probably related to memory corruption.
Please include the CVE ids in your changelog entries if you
fix the issues.
Nico Golde - http://ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20070909/a545b3dc/attachment-0001.pgp
More information about the pkg-php-maint