[Secure-testing-team] new php4 packages to fix some old vulns in stable and oldstable
sean finney
seanius at debian.org
Sat Jun 30 15:57:57 UTC 2007
hey folks, just fyi i'm uploading a couple php4 builds for stable/oldstable
to the public security upload queue on klecker. check the changelogs below
for more information on the details.
since php4 is no longer (or will soon no longer, depending on ftp-master) part
of unstable, there's no need for a fix in testing.
wrt php5, CVE-2007-1864 applies to it as well, so i'll need to prepare an
update, but there's also a second issue (CVE-2007-1399) which i need to
investigate first.
sean
php4 (4:4.3.10-22) oldstable-security; urgency=low
* NMU prepared for the security team by the package maintainer.
* The following security issue is addressed with this update:
- CVE-2007-1864: Buffer overflow in the bundled libxmlrpc library.
(Thanks to Joe Orton from redhat for sharing the patch.)
- CVE-2006-0207: HTTP response splitting vulnerabilities.
This was reported to not affect this version of PHP, but it has
been independantly verified that it does (closes: #354683).
- CVE-2006-4486: Int. overflows in memory mgmt code for 64bit
architectures.
-- sean finney <seanius at debian.org> Sat, 30 Jun 2007 15:42:26 +0200
php4 (6:4.4.4-8+etch4) stable-security; urgency=low
* NMU prepared for the security team by the package maintainer.
* The following security issue is addressed with this update:
- CVE-2007-1864: Buffer overflow in the bundled libxmlrpc library.
* Thanks to Joe Orton from redhat for sharing the patch.
-- sean finney <seanius at debian.org> Sat, 30 Jun 2007 14:42:42 +0200
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20070630/558298f6/attachment.pgp
More information about the Secure-testing-team
mailing list