[php-maint] Bug#530914: Bug#530914: CVE-2008-5498: Array index error in the imageRotate function in PHP 5.2.8 and earlier

Raphael Geissert atomo64 at gmail.com
Thu May 28 20:06:19 UTC 2009

severity 530914 wishlist


On Thursday 28 May 2009 13:27:43 Aenoch Lynn wrote:
> CVE-2008-5498 describes a potential remote vulnerability in imageRoate:
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
> A PCI scan found this a Medium severity and I need this fixed to pass the
> scan.

Thanks :), but the packages are not affected.
When performing such scans on packages in Debian you should take a look at our 
security tracker (if you find any inconsistencies don't hesitate to contact 
the security team, though), it will make your life easier.

The report of this issue is 

> Notes
> - php5 <not-affected> (php5 links to the shared lib)
> - libgd2 <not-affected> (code is specific to php's libgd)
> http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027

Since we don't use the embedded library I don't think this will be fixed in 
lenny (and squeeze/sid is already at .9), but leaving the report open for 
other members of the PHP team to express their opinion.

Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net

More information about the pkg-php-maint mailing list