[php-maint] Bug#530914: Bug#530914: CVE-2008-5498: Array index error in the imageRotate function in PHP 5.2.8 and earlier
Raphael Geissert
atomo64 at gmail.com
Thu May 28 20:06:19 UTC 2009
severity 530914 wishlist
thanks
Hi,
On Thursday 28 May 2009 13:27:43 Aenoch Lynn wrote:
[...]
> CVE-2008-5498 describes a potential remote vulnerability in imageRoate:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5498
>
> A PCI scan found this a Medium severity and I need this fixed to pass the
> scan.
Thanks :), but the packages are not affected.
When performing such scans on packages in Debian you should take a look at our
security tracker (if you find any inconsistencies don't hesitate to contact
the security team, though), it will make your life easier.
The report of this issue is
http://security-tracker.debian.net/tracker/CVE-2008-5498
> Notes
> - php5 <not-affected> (php5 links to the shared lib)
> - libgd2 <not-affected> (code is specific to php's libgd)
> http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027
>.2.547.2.1361
Since we don't use the embedded library I don't think this will be fixed in
lenny (and squeeze/sid is already at .9), but leaving the report open for
other members of the PHP team to express their opinion.
Cheers,
--
Raphael Geissert - Debian Maintainer
www.debian.org - get.debian.net
More information about the pkg-php-maint
mailing list