[php-maint] Bug#554684: Bug#554684: Bug#554684: php5-pgsql: Suhosin alerts about heap overflows

Ondřej Surý ondrej at debian.org
Tue Jan 12 07:16:20 UTC 2010


do you think you can retest this bug with php5-pgsql from unstable?


apt-get install php5-dev # from stable
dget http://ftp.debian.org/debian/pool/main/p/php5/php5_5.2.12.dfsg.1-2.dsc
cd php5-5.2.12/ext/pgsql
make install
(or something like that, I'm writing it from the top of my head)

This should allow you to not upgrade whole php5 just the module. This
could lead us if we need to look after the issue in SVN (and fix the
unstable version as well) or if we just need to fix it in stable.

On Fri, Nov 6, 2009 at 02:41, Gunnar Wolf <gwolf at gwolf.org> wrote:
> sean finney dijo [Fri, Nov 06, 2009 at 12:16:59AM +0100]:
>> On Thu, Nov 05, 2009 at 04:34:03PM -0600, Gunnar Wolf wrote:
>> > function db_escape_string($text) {
>> >   return pg_escape_string($text);
>> > }
>> > 2009-11-04 06:25:29 CST [30578]WARNING:  nonstandard use of \\ in a string literal at character 25
>> hm... maybe this is a result of pg_escape_string and magic_quotes_<foo>
>> used together?
> In such case, this should be reassigned to drupal6 as they are
> applying the escapings in the wrong order, right?

This may or may not be linked together. It could just be separate
issues. But it could also be a result of suhosin patch canary

> Now, in such case... I wonder why I don't get this warning more
> often. As I said in the report, the site in question had its comments
> open for spammers (although they were piling for administrator's
> authorization). I have closed the comments for now, but would surely
> like to know what causes this.

I have seen reports of php5 going wrong after some time. Do you have
php5-suhosin package installed by any chance?

> FWIW, I do _not_ think this is caused by magic_quotes as a global
> configuration setting, as it is explicitly turned off at the site in
> question.

Yup, I do not think that this is cause by magic_quotes.

Ondřej Surý <ondrej at sury.org>

More information about the pkg-php-maint mailing list