[php-maint] Bug#731895: Bug#731895: php5: CVE-2013-6420: memory corruption in openssl_x509_parse()

Lior Kaplan kaplan at debian.org
Wed Dec 11 22:34:05 UTC 2013


As PHP.net has released the fix also for 5.3 and 5.4 branches, I assume
it's relevant for the both squeeze and wheezy. The problematic code was
there for a long time.

Kaplan


On Wed, Dec 11, 2013 at 8:41 AM, Salvatore Bonaccorso <carnil at debian.org>wrote:

> Package: php5
> Severity: grave
> Tags: security upstream patch
>
> Hi,
>
> the following vulnerability was published for php5.
>
> CVE-2013-6420[0]:
> php: memory corruption in openssl_x509_parse()
>
> The upstream commit is found at [1].
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6420
>     http://security-tracker.debian.org/tracker/CVE-2013-6420
> [1]
> http://git.php.net/?p=php-src.git;a=commitdiff;h=c1224573c773b6845e83505f717fbf820fc18415
>
> Please adjust the affected versions in the BTS as needed; could you
> check if squeeze and wheezy are affected as well?
>
> Regards,
> Salvatore
>
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20131212/574e5a31/attachment.html>


More information about the pkg-php-maint mailing list