[php-maint] Bug#603751: Bug#603751: Three more security issues

Ondřej Surý ondrej at debian.org
Wed Nov 17 09:05:35 UTC 2010 

Hi Moritz, Adam,

thanks for heads up. I have cherry-picked fixes and they are in php
git. Do you need any help with backporting those to lenny? Anyway I am
going to wait for 5.3.3-3 to squeeze into the squeeze :) and after
that I am going to upload 5.3.3-4.

Meanwhile I thought it might be a good idea to went through svn log
and I have found some more issues we might think about fixing
(basically I went through the log and have checked all crashes,
segfaults and leaks). The fixes below are small, self-contained and I
have hand checked them all for sanity. There's even one CVE in
openbasedir which we have not catched before.

Adam, what do you think. Do you want me to submit just CVE fixes or I
should go ahead and cherry-pick all those fixes below?

Ondrej.

------------------------------------------------------------------------
r305416 | felipe | 2010-11-16 22:02:14 +0100 (Út, 16 lis 2010) | 3 lines

- Fixed bug #53323 (pdo_firebird getAttribute() crash)
  patch by: preeves at ibphoenix dot com

------------------------------------------------------------------------
r304447 | felipe | 2010-10-16 19:52:01 +0200 (So, 16 říj 2010) | 2 lines

- Fixed bug #53070 (Calling enchant_broker_get_dict_path before
set_path crashes php)

------------------------------------------------------------------------
r303895 | dmitry | 2010-09-30 16:11:51 +0200 (Čt, 30 zář 2010) | 2 lines

Prevented crash in GC because of incorrect reference counting

------------------------------------------------------------------------
r303839 | felipe | 2010-09-29 03:25:35 +0200 (St, 29 zář 2010) | 2 lines

- Fixed bug #52947 (segfault when ssl stream option
capture_peer_cert_chain used)

------------------------------------------------------------------------
r303824 | pajoye | 2010-09-28 15:29:33 +0200 (Út, 28 zář 2010) | 1 line

- Fixed possible flaw in open_basedir (CVE-2010-3436)
------------------------------------------------------------------------
r303375 | felipe | 2010-09-15 04:12:46 +0200 (St, 15 zář 2010) | 2 lines

- Fixed bug #52843 (Segfault when optional parameters are not passed
in to mssql_connect)

------------------------------------------------------------------------
r303361 | aharvey | 2010-09-14 12:58:59 +0200 (Út, 14 zář 2010) | 3 lines

Fix bug #52827 (cURL leaks handle and causes assertion error (CURLOPT_STDERR)).
Patch by Gustavo.

------------------------------------------------------------------------
r302457 | kalle | 2010-08-18 22:16:05 +0200 (St, 18 srp 2010) | 3 lines

Fixed possible crash in php_mssql_get_column_content_without_type()

------------------------------------------------------------------------
r302085 | felipe | 2010-08-11 00:37:24 +0200 (St, 11 srp 2010) | 2 lines

- Fixed bug #52573 (SplFileObject::fscanf Segmentation fault)

------------------------------------------------------------------------
r302011 | felipe | 2010-08-09 01:56:29 +0200 (Po, 09 srp 2010) | 2 lines

- Fixed bug #50481 (Storing many SPLFixedArray in an array crashes)

------------------------------------------------------------------------
r301706 | felipe | 2010-07-30 01:38:55 +0200 (Pá, 30 čec 2010) | 2 lines

- Fixed bug #52487 (PDO::FETCH_INTO leaks memory)



Ondrej

On Tue, Nov 16, 2010 at 23:30, Moritz Muehlenhoff <jmm at debian.org> wrote:
> Package: php5
> Severity: important
> Tags: security
>
> Hi Ondrey,
> unfortunately there are three more security issue affecting PHP in Squeeze.
>
> Filing as important to not block the current upload, but we should get
> this fixed for Squeeze:
>
> The following CVE links contain links to patches:
>
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4156
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3870
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3709
>
> Cheers,
>        Moritz
>
> -- System Information:
> Debian Release: squeeze/sid
>  APT prefers unstable
>  APT policy: (500, 'unstable')
> Architecture: i386 (i686)
>
> Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
> Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
> Shell: /bin/sh linked to /bin/bash
>
> Versions of packages php5 depends on:
> pn  libapache2-mod-php5 | libapac <none>     (no description available)
> pn  php5-common                   <none>     (no description available)
>
> php5 recommends no packages.
>
> php5 suggests no packages.
>
>
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/mailman/listinfo/pkg-php-maint
>



-- 
Ondřej Surý <ondrej at sury.org>
http://blog.rfc1925.org/

More information about the pkg-php-maint mailing list