[Secure-testing-team] PHP bugs: fixed or not?

Mon Apr 30 23:30:53 UTC 2007

hey guys,

to quote a little godfather... 
	"Just when I thought that I was out they pull me back in"

:)

On Mon, 2007-04-30 at 23:44 +0200, Stefan Fritsch wrote:
> On Montag, 30. April 2007, Francesco Poli wrote:
> > The following ones are claimed to be fixed for sid in php5 version
> > 5.2.0-11 by DSA 1283-1, but are still considered unfixed in sid by
> > the tracker:
> >
> > CVE-2007-1375 CVE-2007-1376 CVE-2007-1380 CVE-2007-1453
> > CVE-2007-1454 CVE-2007-1521 CVE-2007-1583 CVE-2007-1711
> > CVE-2007-1718 CVE-2007-1824 CVE-2007-1887 CVE-2007-1889
> > CVE-2007-1900
> >
> 
> CVE-2007-1711 does not seem to be fixed (but is unimportant). The rest 
> are fixed. There is a typo in the changelog though: 
> CVE-2007-1453-MOPB-18 should be ...-1454-...

i *think* CVE-2007-1711 is already fixed in the version of the patch we
have for CVE-2007-0910.  are you basing your finding on looking at the
patch/changelog, or have you confirmed it's actually vulnerable?  my
test poc doesn't seem to work anyway.

> > The following ones are claimed to be fixed for sid in php4 version
> > 4.4.6-1 by DSA 1282-1, but are still considered unfixed in sid by
> > the tracker:
> >
> > CVE-2007-1286 CVE-2007-1380 CVE-2007-1521 CVE-2007-1711
> > CVE-2007-1718 CVE-2007-1777
> 
> I could only find information that CVE-2007-1286, CVE-2007-1380, and 
> CVE-2007-1777 are fixed. I don't think the rest are fixed.
> 
> @Sean: do you have more information? Thanks.

it looks like CVE-2007-1521 CVE-2007-1711 and CVE-2007-1718 were all
fixes > 4.4.6, grumble.  i've applied the patches for each of them, and
i guess i'll be making another upload...

	sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070501/8192028b/attachment.pgp