[php-maint] [PHP-DEV] CVE-2008-5658 unfixed or new problem with Zip::extractTo in 5.2.x?

Pierre Joye pierre.php at gmail.com
Wed Jan 21 22:25:21 UTC 2009


On Wed, Jan 21, 2009 at 10:57 PM, sean finney <seanius at debian.org> wrote:
> hi everyone,
> i'm looking for a sanity check here, as i've already lost more time than
> i'd like chasing ghosts on my treasure hunt through {bugs,lists,cvs}.php.net :(
> afaict, CVE-2008-5658[1] is only half-fixed on 5.2.8, while it was supposed
> to be fixed in 5.2.7.

it is fixed in 5.2.7RC2 or RC3, see:

> while the zip library no longer blindly extracts files such as
> "../../../var/www/index.php", it now seems to segfault on any files
> that have a leading "..".  I've put some sample code illustrating my
> problem at[2].  am i on crack?

No idea, can you open a bug and post the backtrace, a zip data to
reproduce the problem and a simple script please? Simply post the
links you gave here. I will take a look at them as soon as possible.

Thanks for the report!


http://blog.thepimp.net | http://www.libgd.org

More information about the pkg-php-maint mailing list