[php-maint] [PHP-DEV] CVE-2008-5658 unfixed or new problem with Zip::extractTo in 5.2.x?
Pierre Joye
pierre.php at gmail.com
Wed Jan 21 22:25:21 UTC 2009
hi,
On Wed, Jan 21, 2009 at 10:57 PM, sean finney <seanius at debian.org> wrote:
> hi everyone,
>
> i'm looking for a sanity check here, as i've already lost more time than
> i'd like chasing ghosts on my treasure hunt through {bugs,lists,cvs}.php.net :(
>
> afaict, CVE-2008-5658[1] is only half-fixed on 5.2.8, while it was supposed
> to be fixed in 5.2.7.
it is fixed in 5.2.7RC2 or RC3, see:
http://cvs.php.net/viewvc.cgi/php-src/ext/zip/php_zip.c?r1=1.1.2.43&r2=1.1.2.44
> while the zip library no longer blindly extracts files such as
> "../../../var/www/index.php", it now seems to segfault on any files
> that have a leading "..". I've put some sample code illustrating my
> problem at[2]. am i on crack?
No idea, can you open a bug and post the backtrace, a zip data to
reproduce the problem and a simple script please? Simply post the
links you gave here. I will take a look at them as soon as possible.
Thanks for the report!
Cheers,
--
Pierre
http://blog.thepimp.net | http://www.libgd.org
More information about the pkg-php-maint
mailing list