[php-maint] Bug#751364: Bug#751364: php5: heap-based buffer overflow in DNS TXT record parsing

Ondřej Surý ondrej at sury.org
Fri Jun 13 13:57:08 UTC 2014


Hi Salvatore,

I have prepared versions for unstable (already uploaded) and for wheezy
(compiling right now) with patch from upstream.

I'll submit it to team at s.d.o after it finishes the compilation.

Whoever is doing squeeze LTS feel free to cherry-pick from git and
commit back to our git.

O.

On Thu, Jun 12, 2014, at 8:19, Salvatore Bonaccorso wrote:
> Source: php5
> Severity: grave
> Tags: security upstream
> 
> Hi
> 
> A heap-based buffer overflow was commited in [1], Red Hat Bugzilla
> reference at [2].
> 
>  [1]
>  https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
>  [2] https://bugzilla.redhat.com/show_bug.cgi?id=1108447
> 
> A CVE assignment is pending. Could you also mark affected versions for
> the BTS? From a quick(!) look it seems that all versions have the
> vulnerable code present.
> 
> Regards,
> Salvatore
> 
> _______________________________________________
> pkg-php-maint mailing list
> pkg-php-maint at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-php-maint


-- 
Ondřej Surý <ondrej at sury.org>
Knot DNS (https://www.knot-dns.cz/) – a high-performance DNS server



More information about the pkg-php-maint mailing list